From e582826fff1b8fc8a94d042e28a597ce924fd074 Mon Sep 17 00:00:00 2001 From: Berserk Agent Date: Sat, 20 Jun 2026 13:00:40 +0000 Subject: [PATCH] fix(backend): return client error for invalid TOTP in passkey setup --- .../backend/src/server/api/endpoints/i/2fa/key-done.ts | 10 ++++++++-- .../src/server/api/endpoints/i/2fa/register-key.ts | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts b/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts index 8dc5cafb560..d0801c0c3ee 100644 --- a/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts +++ b/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts @@ -26,6 +26,12 @@ export const meta = { id: '0d7ec6d2-e652-443e-a7bf-9ee9a0cd77b0', }, + incorrectTotp: { + message: 'The one-time password is incorrect or has expired.', + code: 'INCORRECT_TOTP', + id: '57e56c36-e07e-49ab-97fb-7dc8a5b4cd50', + }, + twoFactorNotEnabled: { message: '2fa not enabled.', code: 'TWO_FACTOR_NOT_ENABLED', @@ -76,13 +82,13 @@ export default class extends Endpoint { if (profile.twoFactorEnabled) { if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.incorrectTotp); } try { await this.userAuthService.twoFactorAuthenticate(profile, token); } catch (_) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.incorrectTotp); } } diff --git a/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts b/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts index 9d1d595c900..3a62ae2cd62 100644 --- a/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts +++ b/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts @@ -30,6 +30,12 @@ export const meta = { id: '38769596-efe2-4faf-9bec-abbb3f2cd9ba', }, + incorrectTotp: { + message: 'The one-time password is incorrect or has expired.', + code: 'INCORRECT_TOTP', + id: '0606da0a-a3c3-4215-8b87-30ecb63475c1', + }, + twoFactorNotEnabled: { message: '2fa not enabled.', code: 'TWO_FACTOR_NOT_ENABLED', @@ -76,13 +82,13 @@ export default class extends Endpoint { if (profile.twoFactorEnabled) { if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.incorrectTotp); } try { await this.userAuthService.twoFactorAuthenticate(profile, token); } catch (_) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.incorrectTotp); } }