pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-25 03:11:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Implement MFA enforcement and critical bug fix

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-17 19:43:43 +00:00
parent ba11773eb6
commit 8a36c71edb
7 changed files with 547 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/components/settings/AccountDeletionDialog.tsx
View File

@@ -29,6 +29,31 @@ export function AccountDeletionDialog({ open, onOpenChange, userEmail, onDeletio
const handleRequestDeletion = async () => {
if (!canRequestDeletion(state)) return;
// Phase 4: AAL2 check for security-critical operations
const { data: { session } } = await supabase.auth.getSession();
if (session) {
// Check if user has MFA enrolled
const { data: factorsData } = await supabase.auth.mfa.listFactors();
const hasMFA = factorsData?.totp?.some(f => f.status === 'verified') || false;
if (hasMFA) {
const jwt = session.access_token;
const payload = JSON.parse(atob(jwt.split('.')[1]));
const currentAal = payload.aal || 'aal1';
if (currentAal !== 'aal2') {
handleError(
new Error('Please verify your identity with MFA first'),
{ action: 'Request account deletion' }
);
sessionStorage.setItem('mfa_step_up_required', 'true');
sessionStorage.setItem('mfa_intended_path', '/settings?tab=privacy');
window.location.href = '/auth';
return;
}
}
}
dispatch({ type: 'SET_LOADING', payload: true });
try {