From 0df0126af4110fefee1d13b71c40982ed145d605 Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Sat, 21 Dec 2024 17:15:50 +0530
Subject: [PATCH] [server] Disable 2fa on legacy account recovery

---
 server/cmd/museum/main.go                     |  7 ++++---
 server/pkg/controller/emergency/controller.go | 10 ++++++----
 server/pkg/controller/emergency/recovery.go   |  7 +++++++
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/server/cmd/museum/main.go b/server/cmd/museum/main.go
index cb2a8e2d48..49bb57819d 100644
--- a/server/cmd/museum/main.go
+++ b/server/cmd/museum/main.go
@@ -463,9 +463,10 @@ func main() {
 	privateAPI.POST("/trash/empty", trashHandler.Empty)
 
 	emergencyCtrl := &emergency.Controller{
-		Repo:     &emergencyRepo.Repository{DB: db},
-		UserRepo: userRepo,
-		UserCtrl: userController,
+		Repo:              &emergencyRepo.Repository{DB: db},
+		UserRepo:          userRepo,
+		UserCtrl:          userController,
+		PasskeyController: passkeyCtrl,
 	}
 	userHandler := &api.UserHandler{
 		UserController:      userController,
diff --git a/server/pkg/controller/emergency/controller.go b/server/pkg/controller/emergency/controller.go
index 975e8377c4..df4a0b399d 100644
--- a/server/pkg/controller/emergency/controller.go
+++ b/server/pkg/controller/emergency/controller.go
@@ -2,6 +2,7 @@ package emergency
 
 import (
 	"fmt"
+	"github.com/ente-io/museum/pkg/controller"
 
 	"github.com/ente-io/museum/ente"
 	"github.com/ente-io/museum/pkg/controller/user"
@@ -13,9 +14,10 @@ import (
 )
 
 type Controller struct {
-	Repo     *emergency.Repository
-	UserRepo *repo.UserRepository
-	UserCtrl *user.UserController
+	Repo              *emergency.Repository
+	UserRepo          *repo.UserRepository
+	UserCtrl          *user.UserController
+	PasskeyController *controller.PasskeyController
 }
 
 func (c *Controller) UpdateContact(ctx *gin.Context,
@@ -122,4 +124,4 @@ func validateUpdateReq(userID int64, req ente.UpdateContact) error {
 		}
 		return stacktrace.Propagate(ente.NewBadRequestWithMessage(fmt.Sprintf("Can not update state to %s", req.State)), "")
 	}
-	}
+}
diff --git a/server/pkg/controller/emergency/recovery.go b/server/pkg/controller/emergency/recovery.go
index 4b726911d7..be31254e6c 100644
--- a/server/pkg/controller/emergency/recovery.go
+++ b/server/pkg/controller/emergency/recovery.go
@@ -47,6 +47,13 @@ func (c *Controller) ChangePassword(ctx *gin.Context, userID int64, request ente
 	if err != nil {
 		return nil, err
 	}
+	// disable 2fa
+	if disableErr := c.UserCtrl.DisableTwoFactor(contact.UserID); disableErr != nil {
+		return nil, stacktrace.Propagate(disableErr, "failed to disable 2fa")
+	}
+	if disableErr := c.PasskeyController.RemovePasskey2FA(contact.UserID); disableErr != nil {
+		return nil, stacktrace.Propagate(disableErr, "failed to disable passkey")
+	}
 	resp, err := c.UserCtrl.UpdateSrpAndKeyAttributes(ctx, contact.UserID, request.UpdateSrp, false)
 	if err != nil {
 		return nil, stacktrace.Propagate(err, "")