Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Highrisk mutations 2fa (totp) #1687

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Highrisk mutations 2fa (totp) #1687

wants to merge 9 commits into from

Conversation

riccardobl
Copy link
Member

Description

Depends on #1680
Together with #1680 closes #1439 .

This PR adds 2fa for high risk mutations.
Whenever the user triggers a mutation that we deem high risk (eg. big zap, territory transfer...) a 2fa prompt shows.
The mutation gets rejected if the user doesn't complete the 2fa.

Screenshots

2024-12-05.16-15-06.mp4

Additional Context

I've implemented this as an Apollo Server plugin and Apollo Client link.

  • On one side the apollo server plugin intercept the mutation and checks if it is marked as high risk, if it is, it checks if the request has a valid 2fa header (eg. a totp token).
  • On the other side, the Apollo Client link intercepts the mutation before it triggers and if it is marked as high risk it shows a prompt requesting the 2fa to the user, then it insert the 2fa token in the request headers and continues the flow.

To mark a mutation as high risk (both for server and client) it needs to be included in the HighRiskMutationFields array in lib/auth2fa. The HighRiskMutationFields array can contain also functions that are used to do some more advanced filtering
eg.

 ({ name, variables }) => { // high cost actions
    if (!['donateToRewards', 'act'].includes(name)) return false
    if (variables.sats && BigInt(variables.sats) >= 100_000n) {
      return true
    }
    return false
  }

Once the mutation is marked as high risk, everything is handled automatically by the plugin, there is no need to make the resolver aware it is running an high risk mutation.

However as debug and hardening resource, resolvers triggered by a request that contains an highrisk mutation, will receive an highRisk field in their context, this field is an object defined as:

{
    confirmed: boolean  // true if the user provided a valid 2fa
    confirmedWithMethod: string // the method used by the 2fa (eg. totp)
}

that can be used to do additional checks or assertions

Checklist

Are your changes backwards compatible? Please answer below:

yes

On a scale of 1-10 how well and how have you QA'd this change and any features it might affect? Please answer below:

8

For frontend changes: Tested on mobile, light and dark mode? Please answer below:
yes

Did you introduce any new environment variables? If so, call them out explicitly here:
no

@socket-security Socket Security
Copy link

socket-security bot commented Dec 5, 2024
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] None 0 694 kB hectormolinero

View full report↗︎

@riccardobl riccardobl added feature new product features that weren't there before auth labels Dec 6, 2024
@riccardobl riccardobl marked this pull request as ready for review January 7, 2025 23:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auth feature new product features that weren't there before
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Multi-Factor Authentication
1 participant
@riccardobl