Remove dependency of RC namespace in rc-2fa

packages/rocketchat-2fa/client/TOTPPassword.js

@@ -1,6 +1,6 @@
 import { Meteor } from 'meteor/meteor';
 import { Accounts } from 'meteor/accounts-base';
-import { modal } from 'meteor/rocketchat:ui';
+import { modal } from 'meteor/rocketchat:ui-utils';
 import { t } from 'meteor/rocketchat:utils';
 import toastr from 'toastr';
 

packages/rocketchat-2fa/client/accountSecurity.js

@@ -1,8 +1,8 @@
 import { Meteor } from 'meteor/meteor';
 import { ReactiveVar } from 'meteor/reactive-var';
 import { Template } from 'meteor/templating';
-import { modal } from 'meteor/rocketchat:ui';
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { modal } from 'meteor/rocketchat:ui-utils';
+import { settings } from 'meteor/rocketchat:settings';
 import { t } from 'meteor/rocketchat:utils';
 import toastr from 'toastr';
 import qrcode from 'yaqrcode';
@@ -27,7 +27,7 @@ Template.accountSecurity.helpers({
 		return Template.instance().state.get() === 'registering';
 	},
 	isAllowed() {
-		return RocketChat.settings.get('Accounts_TwoFactorAuthentication_Enabled');
+		return settings.get('Accounts_TwoFactorAuthentication_Enabled');
 	},
 	codesRemaining() {
 		if (Template.instance().codesRemaining.get()) {

packages/rocketchat-2fa/package.js

@@ -11,11 +11,13 @@ Package.onUse(function(api) {
 		'accounts-base',
 		'ecmascript',
 		'templating',
-		'rocketchat:lib',
+		'rocketchat:settings',
 		'sha',
 		'random',
-		'rocketchat:ui',
+		'rocketchat:ui-utils',
 		'rocketchat:utils',
+		'rocketchat:models',
+		'rocketchat:callbacks',
 	]);
 
 	api.mainModule('client/index.js', 'client');

packages/rocketchat-2fa/server/index.js

@@ -1,6 +1,4 @@
 import './startup/settings';
-import './lib/totp';
-import './models/users';
 import './methods/checkCodesRemaining';
 import './methods/disable';
 import './methods/enable';

packages/rocketchat-2fa/server/lib/totp.js

@@ -1,9 +1,10 @@
 import { SHA256 } from 'meteor/sha';
 import { Random } from 'meteor/random';
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { Users } from 'meteor/rocketchat:models';
+import { settings } from 'meteor/rocketchat:settings';
 import speakeasy from 'speakeasy';
 
-RocketChat.TOTP = {
+export const TOTP = {
 	generateSecret() {
 		return speakeasy.generateSecret();
 	},
@@ -25,14 +26,14 @@ RocketChat.TOTP = {
 				backupTokens.splice(usedCode, 1);
 
 				// mark the code as used (remove it from the list)
-				RocketChat.models.Users.update2FABackupCodesByUserId(userId, backupTokens);
+				Users.update2FABackupCodesByUserId(userId, backupTokens);
 				return true;
 			}
 
 			return false;
 		}
 
-		const maxDelta = RocketChat.settings.get('Accounts_TwoFactorAuthentication_MaxDelta');
+		const maxDelta = settings.get('Accounts_TwoFactorAuthentication_MaxDelta');
 		if (maxDelta) {
 			const verifiedDelta = speakeasy.totp.verifyDelta({
 				secret,

packages/rocketchat-2fa/server/loginHandler.js

@@ -1,6 +1,8 @@
 import { Meteor } from 'meteor/meteor';
 import { Accounts } from 'meteor/accounts-base';
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { settings } from 'meteor/rocketchat:settings';
+import { callbacks } from 'meteor/rocketchat:callbacks';
+import { TOTP } from './lib/totp';
 
 Accounts.registerLoginHandler('totp', function(options) {
 	if (!options.totp || !options.totp.code) {
@@ -10,8 +12,8 @@ Accounts.registerLoginHandler('totp', function(options) {
 	return Accounts._runLoginHandlers(this, options.totp.login);
 });
 
-RocketChat.callbacks.add('onValidateLogin', (login) => {
-	if (!RocketChat.settings.get('Accounts_TwoFactorAuthentication_Enabled')) {
+callbacks.add('onValidateLogin', (login) => {
+	if (!settings.get('Accounts_TwoFactorAuthentication_Enabled')) {
 		return;
 	}
 
@@ -22,7 +24,7 @@ RocketChat.callbacks.add('onValidateLogin', (login) => {
 			throw new Meteor.Error('totp-required', 'TOTP Required');
 		}
 
-		const verified = RocketChat.TOTP.verify({
+		const verified = TOTP.verify({
 			secret: login.user.services.totp.secret,
 			token: totp.code,
 			userId: login.user._id,

packages/rocketchat-2fa/server/methods/disable.js

@@ -1,5 +1,6 @@
 import { Meteor } from 'meteor/meteor';
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { Users } from 'meteor/rocketchat:models';
+import { TOTP } from '../lib/totp';
 
 Meteor.methods({
 	'2fa:disable'(code) {
@@ -9,7 +10,7 @@ Meteor.methods({
 
 		const user = Meteor.user();
 
-		const verified = RocketChat.TOTP.verify({
+		const verified = TOTP.verify({
 			secret: user.services.totp.secret,
 			token: code,
 			userId: Meteor.userId(),
@@ -20,6 +21,6 @@ Meteor.methods({
 			return false;
 		}
 
-		return RocketChat.models.Users.disable2FAByUserId(Meteor.userId());
+		return Users.disable2FAByUserId(Meteor.userId());
 	},
 });

packages/rocketchat-2fa/server/methods/enable.js

@@ -1,5 +1,6 @@
 import { Meteor } from 'meteor/meteor';
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { Users } from 'meteor/rocketchat:models';
+import { TOTP } from '../lib/totp';
 
 Meteor.methods({
 	'2fa:enable'() {
@@ -9,13 +10,13 @@ Meteor.methods({
 
 		const user = Meteor.user();
 
-		const secret = RocketChat.TOTP.generateSecret();
+		const secret = TOTP.generateSecret();
 
-		RocketChat.models.Users.disable2FAAndSetTempSecretByUserId(Meteor.userId(), secret.base32);
+		Users.disable2FAAndSetTempSecretByUserId(Meteor.userId(), secret.base32);
 
 		return {
 			secret: secret.base32,
-			url: RocketChat.TOTP.generateOtpauthURL(secret, user.username),
+			url: TOTP.generateOtpauthURL(secret, user.username),
 		};
 	},
 });

packages/rocketchat-2fa/server/methods/regenerateCodes.js

@@ -1,5 +1,6 @@
 import { Meteor } from 'meteor/meteor';
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { Users } from 'meteor/rocketchat:models';
+import { TOTP } from '../lib/totp';
 
 Meteor.methods({
 	'2fa:regenerateCodes'(userToken) {
@@ -13,17 +14,17 @@ Meteor.methods({
 			throw new Meteor.Error('invalid-totp');
 		}
 
-		const verified = RocketChat.TOTP.verify({
+		const verified = TOTP.verify({
 			secret: user.services.totp.secret,
 			token: userToken,
 			userId: Meteor.userId(),
 			backupTokens: user.services.totp.hashedBackup,
 		});
 
 		if (verified) {
-			const { codes, hashedCodes } = RocketChat.TOTP.generateCodes();
+			const { codes, hashedCodes } = TOTP.generateCodes();
 
-			RocketChat.models.Users.update2FABackupCodesByUserId(Meteor.userId(), hashedCodes);
+			Users.update2FABackupCodesByUserId(Meteor.userId(), hashedCodes);
 			return { codes };
 		}
 	},

packages/rocketchat-2fa/server/methods/validateTempToken.js

@@ -1,5 +1,6 @@
 import { Meteor } from 'meteor/meteor';
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { Users } from 'meteor/rocketchat:models';
+import { TOTP } from '../lib/totp';
 
 Meteor.methods({
 	'2fa:validateTempToken'(userToken) {
@@ -13,15 +14,15 @@ Meteor.methods({
 			throw new Meteor.Error('invalid-totp');
 		}
 
-		const verified = RocketChat.TOTP.verify({
+		const verified = TOTP.verify({
 			secret: user.services.totp.tempSecret,
 			token: userToken,
 		});
 
 		if (verified) {
-			const { codes, hashedCodes } = RocketChat.TOTP.generateCodes();
+			const { codes, hashedCodes } = TOTP.generateCodes();
 
-			RocketChat.models.Users.enable2FAAndSetSecretAndCodesByUserId(Meteor.userId(), user.services.totp.tempSecret, hashedCodes);
+			Users.enable2FAAndSetSecretAndCodesByUserId(Meteor.userId(), user.services.totp.tempSecret, hashedCodes);
 			return { codes };
 		}
 	},

packages/rocketchat-2fa/server/startup/settings.js

@@ -1,6 +1,6 @@
-import { RocketChat } from 'meteor/rocketchat:lib';
+import { settings } from 'meteor/rocketchat:settings';
 
-RocketChat.settings.addGroup('Accounts', function() {
+settings.addGroup('Accounts', function() {
 	this.section('Two Factor Authentication', function() {
 		this.add('Accounts_TwoFactorAuthentication_Enabled', true, {
 			type: 'boolean',

packages/rocketchat-models/server/models/Users.js

@@ -52,6 +52,56 @@ export class Users extends Base {
 		};
 	}
 
+	disable2FAAndSetTempSecretByUserId(userId, tempToken) {
+		return this.update({
+			_id: userId,
+		}, {
+			$set: {
+				'services.totp': {
+					enabled: false,
+					tempSecret: tempToken,
+				},
+			},
+		});
+	}
+
+	enable2FAAndSetSecretAndCodesByUserId(userId, secret, backupCodes) {
+		return this.update({
+			_id: userId,
+		}, {
+			$set: {
+				'services.totp.enabled': true,
+				'services.totp.secret': secret,
+				'services.totp.hashedBackup': backupCodes,
+			},
+			$unset: {
+				'services.totp.tempSecret': 1,
+			},
+		});
+	}
+
+	disable2FAByUserId(userId) {
+		return this.update({
+			_id: userId,
+		}, {
+			$set: {
+				'services.totp': {
+					enabled: false,
+				},
+			},
+		});
+	}
+
+	update2FABackupCodesByUserId(userId, backupCodes) {
+		return this.update({
+			_id: userId,
+		}, {
+			$set: {
+				'services.totp.hashedBackup': backupCodes,
+			},
+		});
+	}
+
 	findByIdsWithPublicE2EKey(ids, options) {
 		const query = {
 			_id: {