feat(core): Add MFA (#4767)

https://linear.app/n8n/issue/ADO-947/sync-branch-with-master-and-fix-fe-e2e-tets --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
2025-12-17 01:56:46 +00:00 · 2023-08-23 22:59:16 -04:00
parent a01c3fbc19
commit 2b7ba6fdf1
61 changed files with 2301 additions and 105 deletions
--- a/packages/cli/src/controllers/e2e.controller.ts
+++ b/packages/cli/src/controllers/e2e.controller.ts
@@ -12,6 +12,9 @@ import { LICENSE_FEATURES, inE2ETests } from '@/constants';
 import { NoAuthRequired, Patch, Post, RestController } from '@/decorators';
 import type { UserSetupPayload } from '@/requests';
 import type { BooleanLicenseFeature } from '@/Interfaces';
+import { UserSettings } from 'n8n-core';
+import { MfaService } from '@/Mfa/mfa.service';
+import { TOTPService } from '@/Mfa/totp.service';

 if (!inE2ETests) {
 	console.error('E2E endpoints only allowed during E2E tests');
@@ -136,13 +139,30 @@ export class E2EController {
 			roles.map(([name, scope], index) => ({ name, scope, id: (index + 1).toString() })),
 		);

-		const users = [];
-		users.push({
+		const encryptionKey = await UserSettings.getEncryptionKey();
+
+		const mfaService = new MfaService(this.userRepo, new TOTPService(), encryptionKey);
+
+		const instanceOwner = {
 			id: uuid(),
 			...owner,
 			password: await hashPassword(owner.password),
 			globalRoleId: globalOwnerRoleId,
-		});
+		};
+
+		if (owner?.mfaSecret && owner.mfaRecoveryCodes?.length) {
+			const { encryptedRecoveryCodes, encryptedSecret } = mfaService.encryptSecretAndRecoveryCodes(
+				owner.mfaSecret,
+				owner.mfaRecoveryCodes,
+			);
+			instanceOwner.mfaSecret = encryptedSecret;
+			instanceOwner.mfaRecoveryCodes = encryptedRecoveryCodes;
+		}
+
+		const users = [];
+
+		users.push(instanceOwner);
+
 		for (const { password, ...payload } of members) {
 			users.push(
 				this.userRepo.create({