diff --git a/Streetwriters.Identity/Controllers/MFAController.cs b/Streetwriters.Identity/Controllers/MFAController.cs index 73d7da4..3a58828 100644 --- a/Streetwriters.Identity/Controllers/MFAController.cs +++ b/Streetwriters.Identity/Controllers/MFAController.cs @@ -79,9 +79,12 @@ namespace Streetwriters.Identity.Controllers } [HttpDelete] - public IActionResult Disable2FA() + public async Task Disable2FA() { - return BadRequest("2FA is mandatory and cannot be disabled."); + var user = await UserManager.GetUserAsync(User) ?? throw new Exception("User not found."); + if (!await UserManager.GetTwoFactorEnabledAsync(user)) return Ok(); + await MFAService.DisableMFAAsync(user); + return Ok(); } [HttpGet("codes")] diff --git a/Streetwriters.Identity/Services/UserAccountService.cs b/Streetwriters.Identity/Services/UserAccountService.cs index 42e452d..a31b815 100644 --- a/Streetwriters.Identity/Services/UserAccountService.cs +++ b/Streetwriters.Identity/Services/UserAccountService.cs @@ -34,12 +34,6 @@ namespace Streetwriters.Identity.Services var claims = await userManager.GetClaimsAsync(user); var marketingConsentClaim = claims.FirstOrDefault((claim) => claim.Type == $"{clientId}:marketing_consent"); - if (await userManager.IsEmailConfirmedAsync(user) && !await userManager.GetTwoFactorEnabledAsync(user)) - { - await mfaService.EnableMFAAsync(user, MFAMethods.Email); - user = await userManager.FindByIdAsync(userId); - ArgumentNullException.ThrowIfNull(user); - } ArgumentNullException.ThrowIfNull(user.Email); return new UserModel diff --git a/Streetwriters.Identity/Validation/EmailGrantValidator.cs b/Streetwriters.Identity/Validation/EmailGrantValidator.cs index ef14e3f..2702560 100644 --- a/Streetwriters.Identity/Validation/EmailGrantValidator.cs +++ b/Streetwriters.Identity/Validation/EmailGrantValidator.cs @@ -59,7 +59,6 @@ namespace Streetwriters.Identity.Validation public string GrantType => Config.EMAIL_GRANT_TYPE; - public async Task ValidateAsync(ExtensionGrantValidationContext context) { var email = context.Request.Raw["email"]; @@ -76,8 +75,14 @@ namespace Streetwriters.Identity.Validation }; var isMultiFactor = await UserManager.GetTwoFactorEnabledAsync(user); + if (!isMultiFactor) + { + context.Result.IsError = false; + context.Result.Subject = await TokenGenerationService.TransformTokenRequestAsync(context.Request, user, GrantType, [Config.MFA_PASSWORD_GRANT_TYPE_SCOPE]); + return; + } - var primaryMethod = isMultiFactor ? MFAService.GetPrimaryMethod(user) : MFAMethods.Email; + var primaryMethod = MFAService.GetPrimaryMethod(user); var secondaryMethod = MFAService.GetSecondaryMethod(user); var sendPhoneNumber = primaryMethod == MFAMethods.SMS || secondaryMethod == MFAMethods.SMS;