Mirrors/Rocket.Chat
1
0
Fork 0
mirror of https://github.com/RocketChat/Rocket.Chat.git synced 2025-12-28 06:47:25 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

fix: Unable to change password when 2FA is enabled (#37745)

Browse Source
This commit is contained in:
Douglas Fabris 2025-12-11 18:42:44 -03:00 committed by GitHub
parent 94b87d9ef4
commit 17f587ba12
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.changeset/cold-chairs-taste.md Normal file
View File

@ -0,0 +1,5 @@
---
'@rocket.chat/meteor': patch
---
Fixes an issue where its not being possible to change the password in account security page

9
apps/meteor/app/2fa/server/code/index.ts
View File

@ -9,6 +9,7 @@ import { EmailCheck } from './EmailCheck';
import type { ICodeCheck } from './ICodeCheck';
import { PasswordCheckFallback } from './PasswordCheckFallback';
import { TOTPCheck } from './TOTPCheck';
import { normalizeHeaders } from '../../../lib/server/functions/getModifiedHttpHeaders';
import { settings } from '../../../settings/server';
export interface ITwoFactorOptions {
@ -184,9 +185,11 @@ export async function checkCodeForUser({ user, code, method, options = {}, conne
throw new Meteor.Error('totp-user-not-found', 'TOTP User not found');
}
if (!code && !method && connection?.httpHeaders?.['x-2fa-code'] && connection.httpHeaders['x-2fa-method']) {
code = connection.httpHeaders['x-2fa-code'];
method = connection.httpHeaders['x-2fa-method'];
const headers = normalizeHeaders(connection?.httpHeaders);
if (!code && !method && headers?.['x-2fa-code'] && headers['x-2fa-method']) {
code = headers['x-2fa-code'];
method = headers['x-2fa-method'];
}
if (connection && isAuthorizedForToken(connection, existingUser, options)) {

14
apps/meteor/app/lib/server/functions/getModifiedHttpHeaders.ts
View File

@ -1,12 +1,14 @@
export const getModifiedHttpHeaders = (httpHeaders: Headers | Record<string, string>) => {
let modifiedHttpHeaders: { [k: string]: string };
export const normalizeHeaders = (httpHeaders?: Headers | Record<string, string>) => {
if (httpHeaders instanceof Headers) {
modifiedHttpHeaders = { ...Object.fromEntries(httpHeaders.entries()) };
} else {
modifiedHttpHeaders = { ...httpHeaders };
return { ...Object.fromEntries(httpHeaders.entries()) };
}
return { ...httpHeaders };
};
export const getModifiedHttpHeaders = (httpHeaders: Headers | Record<string, string>) => {
const modifiedHttpHeaders = normalizeHeaders(httpHeaders);
if ('x-auth-token' in modifiedHttpHeaders) {
modifiedHttpHeaders['x-auth-token'] = '[redacted]';
}

3
apps/meteor/tests/e2e/account-security.spec.ts
View File

@ -38,8 +38,7 @@ test.describe.serial('account-security', () => {
await poAccountSecurity.toastMessage.waitForDisplay();
});
// FIXME: This test should pass as soon as we provide the fix
test.skip('should be able to change password', async ({ api }) => {
test('should be able to change password', async ({ api }) => {
await test.step('change password', async () => {
await poAccountSecurity.changePassword(RANDOM_PASSWORD, RANDOM_PASSWORD, ADMIN_CREDENTIALS.password);
await expect(poAccountSecurity.inputNewPassword).toHaveValue('');