ability to disable 2fa

lib/coinpunk/server.js

@@ -82,6 +82,27 @@ server.post('/api/setAuthKey', function(req, res) {
   });
 });
 
+server.post('/api/disableAuthKey', function(req, res) {
+  db.getWalletRecord(req.body.serverKey, function(err, payload) {
+    if(err)
+      console.log('Wallet Get Error: '+err);
+
+    if(!payload || !payload.authKey)
+      return res.send({result: 'error', message: 'no auth key found for this wallet'});
+
+    var code = speakeasy.time({key: payload.authKey, encoding: 'base32'});
+
+    if(code != req.body.authCode)
+      return res.send({result: 'error', message: 'invalid auth code'});
+
+    db.disableAuthKey(req.body.serverKey, function(err, result) {
+      if(err)
+        return res.send({result: 'error', message: 'could not update database, please try again later'});
+      res.send({result: 'success'});
+    });
+  });
+});
+
 server.get('/api/wallet', function(req,res) {
   db.getWalletRecord(req.query.serverKey, function(err, payload) {
     if(err) {

lib/coinpunk/server/db/redis.js

@@ -34,6 +34,14 @@ DB.prototype = {
     });
   },
 
+  disableAuthKey: function(serverKey, callback) {
+    this.redis.hdel(serverKey, 'authKey', function(err, res) {
+      if(err)
+        return callback(err);
+      callback(undefined, true);
+    });
+  },
+
   getWallet: function(serverKey, callback) {
     this.getWalletRecord(serverKey, function(err, payload) {
       if(err)

public/js/coinpunk/controllers/accounts.js

@@ -55,6 +55,7 @@ coinpunk.controllers.Accounts.prototype.signin = function() {
         </div>
       ');
       $('#authCode').focus();
+      coinpunk.usingAuthKey = true;
 
     } else {
       errorDiv.addClass('hidden');
@@ -309,7 +310,6 @@ $('body').on('click', '#generateAuthQR', function() {
     });
     authURI.setSearch({issuer: 'Coinpunk', secret: resp.key});
 
-    console.log(authURI.toString());
     new QRCode(document.getElementById('authQR'), authURI.toString());
     $('#authQR').after('
       <form role="form" id="submitAuth">
@@ -329,10 +329,30 @@ $('body').on('click', '#generateAuthQR', function() {
 $('body').on('submit', '#submitAuth', function() {
   var e = $('#submitAuth #confirmAuthCode');
   $.post('api/setAuthKey', {serverKey: coinpunk.wallet.serverKey, key: $('#authKeyValue').val(), code: e.val()}, function(res) {
-    if(res.set != true)
+    if(res.set != true) {
       $('#authKey').html('Code save failed. Please reload and try again.');
-    else
+    } else {
+      coinpunk.usingAuthKey = true;
       $('#authKey').html('Successfully saved! You will now need your device to login.');
+    }
+  });
+});
+
+$('body').on('submit', '#disableAuth', function() {
+  var dialog = $('#disableAuthDialog');
+  dialog.addClass('hidden');
+  var authCode = $('#disableAuth #disableAuthCode').val();
+
+  $.post('api/disableAuthKey', {serverKey: coinpunk.wallet.serverKey, authCode: authCode}, function(resp) {
+    if(resp.result == 'error') {
+      dialog.text(resp.message);
+      dialog.removeClass('hidden');
+      return;
+    }
+
+    coinpunk.usingAuthKey = false;
+    coinpunk.database.setSuccessMessage('Two factor authentication has been disabled.');
+    coinpunk.router.route('dashboard', 'settings');
   });
 });
 

public/views/accounts/settings.html

@@ -44,12 +44,12 @@ <h3>Change Password</h3>
         <label for="currentPassword">Current password</label>
         <input type="password" class="form-control" id="currentPassword" placeholder="Current password" autocomplete="off">
       </div>
-      
+
       <div class="form-group">
         <label for="newPassword">New password</label>
         <input type="password" class="form-control" id="newPassword" placeholder="New password" autocomplete="off">
       </div>
-      
+
       <div class="form-group">
         <label for="confirmNewPassword">Confirm new password</label>
         <input type="password" class="form-control" id="confirmNewPassword" placeholder="Re-enter new password" autocomplete="off">
@@ -62,10 +62,24 @@ <h3>Change Password</h3>
 <div class="row">
   <div class="col-lg-4 col-lg-offset-2" id="authKey">
     <h3 class="text-center">Two Factor Auth</h3>
-
-    <p>Two factor authentication allows you to require a code from your phone from Login. Coinpunk uses Google Authenticator, which you will need to download to use this.</p>
+    <% if(coinpunk.usingAuthKey == true) { %>
+      <p>You are currently using Two Factor Authentication. If you would like to disable it, enter your auth code below and we will remove it:</p>
+
+      <div id="disableAuthDialog" class="alert hidden">
+      </div>
+
+      <form id="disableAuth" role="form">
+        <div class="form-group">
+          <label for="authCode">Enter code to disable</label>
+          <input class="form-control" type="password" id="disableAuthCode" autocomplete="off">
+        </div>
+        <button type="submit" class="btn btn-danger">Disable</button>
+      </form>
+    <% } else { %>
+      <p>Two factor authentication allows you to require a code from your phone from Login. Coinpunk uses Google Authenticator, which you will need to download to use this.</p>
 
-    <a class="btn btn-primary" id="generateAuthQR">Generate QR Code to Scan</a>
+      <a class="btn btn-primary" id="generateAuthQR">Generate QR Code to Scan</a>
+    <% } %>
   </div>
 </div>
 

public/views/signin.html

@@ -23,7 +23,7 @@ <h1>Sign In</h1>
       <div class="form-group" id="signinPassword">
         <label for="password" class="col-lg-2 control-label">Password</label>
         <div class="col-lg-4">
-          <input type="password" class="form-control" id="password" placeholder="Password">
+          <input type="password" class="form-control" id="password" placeholder="Password" autocomplete="off">
         </div>
       </div>
       <!--