refactor: Standardize MFA code and recovery code naming across code base (#12011)

2025-12-16 17:46:45 +00:00 · 2024-12-03 07:15:29 -05:00
parent f16de4db01
commit 70706d81e1
22 changed files with 150 additions and 137 deletions
--- a/packages/cli/src/controllers/password-reset.controller.ts
+++ b/packages/cli/src/controllers/password-reset.controller.ts
@@ -171,7 +171,7 @@ export class PasswordResetController {
 	 */
 	@Post('/change-password', { skipAuth: true })
 	async changePassword(req: PasswordResetRequest.NewPassword, res: Response) {
-		const { token, password, mfaToken } = req.body;
+		const { token, password, mfaCode } = req.body;

 		if (!token || !password) {
 			this.logger.debug(
@@ -189,11 +189,11 @@ export class PasswordResetController {
 		if (!user) throw new NotFoundError('');

 		if (user.mfaEnabled) {
-			if (!mfaToken) throw new BadRequestError('If MFA enabled, mfaToken is required.');
+			if (!mfaCode) throw new BadRequestError('If MFA enabled, mfaCode is required.');

 			const { decryptedSecret: secret } = await this.mfaService.getSecretAndRecoveryCodes(user.id);

-			const validToken = this.mfaService.totp.verifySecret({ secret, token: mfaToken });
+			const validToken = this.mfaService.totp.verifySecret({ secret, mfaCode });

 			if (!validToken) throw new BadRequestError('Invalid MFA token.');
 		}