zitadel/internal/command/session_model.go

package command

import (
	"time"

	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/session"
)

type WebAuthNChallengeModel struct {
	Challenge          string
	AllowedCrentialIDs [][]byte
	UserVerification   domain.UserVerificationRequirement
	RPID               string
}

func (p *WebAuthNChallengeModel) WebAuthNLogin(human *domain.Human, credentialAssertionData []byte) *domain.WebAuthNLogin {
	return &domain.WebAuthNLogin{
		ObjectRoot:              human.ObjectRoot,
		CredentialAssertionData: credentialAssertionData,
		Challenge:               p.Challenge,
		AllowedCredentialIDs:    p.AllowedCrentialIDs,
		UserVerification:        p.UserVerification,
		RPID:                    p.RPID,
	}
}

type SessionWriteModel struct {
	eventstore.WriteModel

	TokenID              string
	UserID               string
	UserCheckedAt        time.Time
	PasswordCheckedAt    time.Time
	IntentCheckedAt      time.Time
	WebAuthNCheckedAt    time.Time
	TOTPCheckedAt        time.Time
	WebAuthNUserVerified bool
	Metadata             map[string][]byte
	State                domain.SessionState

	WebAuthNChallenge *WebAuthNChallengeModel

	aggregate *eventstore.Aggregate
}

func NewSessionWriteModel(sessionID string, resourceOwner string) *SessionWriteModel {
	return &SessionWriteModel{
		WriteModel: eventstore.WriteModel{
			AggregateID:   sessionID,
			ResourceOwner: resourceOwner,
		},
		Metadata:  make(map[string][]byte),
		aggregate: &session.NewAggregate(sessionID, resourceOwner).Aggregate,
	}
}

func (wm *SessionWriteModel) Reduce() error {
	for _, event := range wm.Events {
		switch e := event.(type) {
		case *session.AddedEvent:
			wm.reduceAdded(e)
		case *session.UserCheckedEvent:
			wm.reduceUserChecked(e)
		case *session.PasswordCheckedEvent:
			wm.reducePasswordChecked(e)
		case *session.IntentCheckedEvent:
			wm.reduceIntentChecked(e)
		case *session.WebAuthNChallengedEvent:
			wm.reduceWebAuthNChallenged(e)
		case *session.WebAuthNCheckedEvent:
			wm.reduceWebAuthNChecked(e)
		case *session.TOTPCheckedEvent:
			wm.reduceTOTPChecked(e)
		case *session.TokenSetEvent:
			wm.reduceTokenSet(e)
		case *session.TerminateEvent:
			wm.reduceTerminate()
		}
	}
	return wm.WriteModel.Reduce()
}

func (wm *SessionWriteModel) Query() *eventstore.SearchQueryBuilder {
	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
		AddQuery().
		AggregateTypes(session.AggregateType).
		AggregateIDs(wm.AggregateID).
		EventTypes(
			session.AddedType,
			session.UserCheckedType,
			session.PasswordCheckedType,
			session.IntentCheckedType,
			session.WebAuthNChallengedType,
			session.WebAuthNCheckedType,
			session.TOTPCheckedType,
			session.TokenSetType,
			session.MetadataSetType,
			session.TerminateType,
		).
		Builder()

	if wm.ResourceOwner != "" {
		query.ResourceOwner(wm.ResourceOwner)
	}
	return query
}

func (wm *SessionWriteModel) reduceAdded(e *session.AddedEvent) {
	wm.State = domain.SessionStateActive
}

func (wm *SessionWriteModel) reduceUserChecked(e *session.UserCheckedEvent) {
	wm.UserID = e.UserID
	wm.UserCheckedAt = e.CheckedAt
}

func (wm *SessionWriteModel) reducePasswordChecked(e *session.PasswordCheckedEvent) {
	wm.PasswordCheckedAt = e.CheckedAt
}

func (wm *SessionWriteModel) reduceIntentChecked(e *session.IntentCheckedEvent) {
	wm.IntentCheckedAt = e.CheckedAt
}

func (wm *SessionWriteModel) reduceWebAuthNChallenged(e *session.WebAuthNChallengedEvent) {
	wm.WebAuthNChallenge = &WebAuthNChallengeModel{
		Challenge:          e.Challenge,
		AllowedCrentialIDs: e.AllowedCrentialIDs,
		UserVerification:   e.UserVerification,
		RPID:               e.RPID,
	}
}

func (wm *SessionWriteModel) reduceWebAuthNChecked(e *session.WebAuthNCheckedEvent) {
	wm.WebAuthNChallenge = nil
	wm.WebAuthNCheckedAt = e.CheckedAt
	wm.WebAuthNUserVerified = e.UserVerified
}

func (wm *SessionWriteModel) reduceTOTPChecked(e *session.TOTPCheckedEvent) {
	wm.TOTPCheckedAt = e.CheckedAt
}

func (wm *SessionWriteModel) reduceTokenSet(e *session.TokenSetEvent) {
	wm.TokenID = e.TokenID
}

func (wm *SessionWriteModel) reduceTerminate() {
	wm.State = domain.SessionStateTerminated
}

// AuthenticationTime returns the time the user authenticated using the latest time of all checks
func (wm *SessionWriteModel) AuthenticationTime() time.Time {
	var authTime time.Time
	for _, check := range []time.Time{
		wm.PasswordCheckedAt,
		wm.WebAuthNCheckedAt,
		wm.TOTPCheckedAt,
		wm.IntentCheckedAt,
		// TODO: add OTP (sms and email) check https://github.com/zitadel/zitadel/issues/6224
	} {
		if check.After(authTime) {
			authTime = check
		}
	}
	return authTime
}

// AuthMethodTypes returns a list of UserAuthMethodTypes based on succeeded checks
func (wm *SessionWriteModel) AuthMethodTypes() []domain.UserAuthMethodType {
	types := make([]domain.UserAuthMethodType, 0, domain.UserAuthMethodTypeIDP)
	if !wm.PasswordCheckedAt.IsZero() {
		types = append(types, domain.UserAuthMethodTypePassword)
	}
	if !wm.WebAuthNCheckedAt.IsZero() {
		if wm.WebAuthNUserVerified {
			types = append(types, domain.UserAuthMethodTypePasswordless)
		} else {
			types = append(types, domain.UserAuthMethodTypeU2F)
		}
	}
	if !wm.IntentCheckedAt.IsZero() {
		types = append(types, domain.UserAuthMethodTypeIDP)
	}
	if !wm.TOTPCheckedAt.IsZero() {
		types = append(types, domain.UserAuthMethodTypeTOTP)
	}
	// TODO: add checks with https://github.com/zitadel/zitadel/issues/6224
	/*
		if !wm.TOTPFactor.OTPSMSCheckedAt.IsZero() {
			types = append(types, domain.UserAuthMethodTypeOTPSMS)
		}
		if !wm.TOTPFactor.OTPEmailCheckedAt.IsZero() {
			types = append(types, domain.UserAuthMethodTypeOTPEmail)
		}
	*/
	return types
}
feat(api): new session service (#5801) * backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-05 15:34:53 +00:00			`package command`

			`import (`
			`"time"`

			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/repository/session"`
			`)`

feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`type WebAuthNChallengeModel struct {`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00			`Challenge string`
			`AllowedCrentialIDs [][]byte`
			`UserVerification domain.UserVerificationRequirement`
fix: provide domain in session, passkey and u2f (#6097) This fix provides a possibility to pass a domain on the session, which will be used (as rpID) to create a passkey / u2f assertion and attestation. This is useful in cases where the login UI is served under a different domain / origin than the ZITADEL API. 2023-06-27 12:36:07 +00:00			`RPID string`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00			`}`

feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`func (p WebAuthNChallengeModel) WebAuthNLogin(human domain.Human, credentialAssertionData []byte) *domain.WebAuthNLogin {`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00			`return &domain.WebAuthNLogin{`
			`ObjectRoot: human.ObjectRoot,`
			`CredentialAssertionData: credentialAssertionData,`
			`Challenge: p.Challenge,`
			`AllowedCredentialIDs: p.AllowedCrentialIDs,`
			`UserVerification: p.UserVerification,`
fix: provide domain in session, passkey and u2f (#6097) This fix provides a possibility to pass a domain on the session, which will be used (as rpID) to create a passkey / u2f assertion and attestation. This is useful in cases where the login UI is served under a different domain / origin than the ZITADEL API. 2023-06-27 12:36:07 +00:00			`RPID: p.RPID,`
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`}`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00			`}`

feat(api): new session service (#5801) * backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-05 15:34:53 +00:00			`type SessionWriteModel struct {`
			`eventstore.WriteModel`

feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`TokenID string`
			`UserID string`
			`UserCheckedAt time.Time`
			`PasswordCheckedAt time.Time`
			`IntentCheckedAt time.Time`
			`WebAuthNCheckedAt time.Time`
feat(api/v2): implement TOTP session check (#6362) * feat(api/v2): implement TOTP session check * add integration test * correct typo in projection test * fix event type typos --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-08-15 09:50:42 +00:00			`TOTPCheckedAt time.Time`
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`WebAuthNUserVerified bool`
			`Metadata map[string][]byte`
			`State domain.SessionState`
feat(api): new session service (#5801) * backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-05 15:34:53 +00:00
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`WebAuthNChallenge *WebAuthNChallengeModel`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00
feat(api): new session service (#5801) * backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-05 15:34:53 +00:00			`aggregate *eventstore.Aggregate`
			`}`

			`func NewSessionWriteModel(sessionID string, resourceOwner string) *SessionWriteModel {`
			`return &SessionWriteModel{`
			`WriteModel: eventstore.WriteModel{`
			`AggregateID: sessionID,`
			`ResourceOwner: resourceOwner,`
			`},`
			`Metadata: make(map[string][]byte),`
			`aggregate: &session.NewAggregate(sessionID, resourceOwner).Aggregate,`
			`}`
			`}`

			`func (wm *SessionWriteModel) Reduce() error {`
			`for _, event := range wm.Events {`
			`switch e := event.(type) {`
			`case *session.AddedEvent:`
			`wm.reduceAdded(e)`
			`case *session.UserCheckedEvent:`
			`wm.reduceUserChecked(e)`
			`case *session.PasswordCheckedEvent:`
			`wm.reducePasswordChecked(e)`
feat: session checks with intent (#6031) * feat: session checks with intent * feat: session checks with intent * fix: integration tests for intent session * fix: integration tests for intent session * fix merge * fix: integration tests for intent session --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-06-21 14:06:18 +00:00			`case *session.IntentCheckedEvent:`
			`wm.reduceIntentChecked(e)`
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`case *session.WebAuthNChallengedEvent:`
			`wm.reduceWebAuthNChallenged(e)`
			`case *session.WebAuthNCheckedEvent:`
			`wm.reduceWebAuthNChecked(e)`
feat(api/v2): implement TOTP session check (#6362) * feat(api/v2): implement TOTP session check * add integration test * correct typo in projection test * fix event type typos --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-08-15 09:50:42 +00:00			`case *session.TOTPCheckedEvent:`
			`wm.reduceTOTPChecked(e)`
feat(api): new session service (#5801) * backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-05 15:34:53 +00:00			`case *session.TokenSetEvent:`
			`wm.reduceTokenSet(e)`
			`case *session.TerminateEvent:`
			`wm.reduceTerminate()`
			`}`
			`}`
			`return wm.WriteModel.Reduce()`
			`}`

			`func (wm SessionWriteModel) Query() eventstore.SearchQueryBuilder {`
			`query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).`
			`AddQuery().`
			`AggregateTypes(session.AggregateType).`
			`AggregateIDs(wm.AggregateID).`
			`EventTypes(`
			`session.AddedType,`
			`session.UserCheckedType,`
			`session.PasswordCheckedType,`
feat: session checks with intent (#6031) * feat: session checks with intent * feat: session checks with intent * fix: integration tests for intent session * fix: integration tests for intent session * fix merge * fix: integration tests for intent session --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-06-21 14:06:18 +00:00			`session.IntentCheckedType,`
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`session.WebAuthNChallengedType,`
			`session.WebAuthNCheckedType,`
feat(api/v2): implement TOTP session check (#6362) * feat(api/v2): implement TOTP session check * add integration test * correct typo in projection test * fix event type typos --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-08-15 09:50:42 +00:00			`session.TOTPCheckedType,`
feat(api): new session service (#5801) * backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-05 15:34:53 +00:00			`session.TokenSetType,`
			`session.MetadataSetType,`
			`session.TerminateType,`
			`).`
			`Builder()`

			`if wm.ResourceOwner != "" {`
			`query.ResourceOwner(wm.ResourceOwner)`
			`}`
			`return query`
			`}`

			`func (wm SessionWriteModel) reduceAdded(e session.AddedEvent) {`
			`wm.State = domain.SessionStateActive`
			`}`

			`func (wm SessionWriteModel) reduceUserChecked(e session.UserCheckedEvent) {`
			`wm.UserID = e.UserID`
			`wm.UserCheckedAt = e.CheckedAt`
			`}`

			`func (wm SessionWriteModel) reducePasswordChecked(e session.PasswordCheckedEvent) {`
			`wm.PasswordCheckedAt = e.CheckedAt`
			`}`

feat: session checks with intent (#6031) * feat: session checks with intent * feat: session checks with intent * fix: integration tests for intent session * fix: integration tests for intent session * fix merge * fix: integration tests for intent session --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-06-21 14:06:18 +00:00			`func (wm SessionWriteModel) reduceIntentChecked(e session.IntentCheckedEvent) {`
			`wm.IntentCheckedAt = e.CheckedAt`
			`}`

feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`func (wm SessionWriteModel) reduceWebAuthNChallenged(e session.WebAuthNChallengedEvent) {`
			`wm.WebAuthNChallenge = &WebAuthNChallengeModel{`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00			`Challenge: e.Challenge,`
			`AllowedCrentialIDs: e.AllowedCrentialIDs,`
			`UserVerification: e.UserVerification,`
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`RPID: e.RPID,`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00			`}`
			`}`

feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`func (wm SessionWriteModel) reduceWebAuthNChecked(e session.WebAuthNCheckedEvent) {`
			`wm.WebAuthNChallenge = nil`
			`wm.WebAuthNCheckedAt = e.CheckedAt`
			`wm.WebAuthNUserVerified = e.UserVerified`
feat: session v2 passkey authentication (#5952) 2023-06-07 15:28:42 +00:00			`}`

feat(api/v2): implement TOTP session check (#6362) * feat(api/v2): implement TOTP session check * add integration test * correct typo in projection test * fix event type typos --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-08-15 09:50:42 +00:00			`func (wm SessionWriteModel) reduceTOTPChecked(e session.TOTPCheckedEvent) {`
			`wm.TOTPCheckedAt = e.CheckedAt`
			`}`

feat(api): new session service (#5801) * backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-05 15:34:53 +00:00			`func (wm SessionWriteModel) reduceTokenSet(e session.TokenSetEvent) {`
			`wm.TokenID = e.TokenID`
			`}`

			`func (wm *SessionWriteModel) reduceTerminate() {`
			`wm.State = domain.SessionStateTerminated`
			`}`

feat(api): add OIDC session service (#6157) This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2023-07-10 13:27:00 +00:00			`// AuthenticationTime returns the time the user authenticated using the latest time of all checks`
			`func (wm *SessionWriteModel) AuthenticationTime() time.Time {`
			`var authTime time.Time`
			`for _, check := range []time.Time{`
			`wm.PasswordCheckedAt,`
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`wm.WebAuthNCheckedAt,`
feat(api/v2): implement TOTP session check (#6362) * feat(api/v2): implement TOTP session check * add integration test * correct typo in projection test * fix event type typos --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-08-15 09:50:42 +00:00			`wm.TOTPCheckedAt,`
feat(api): add OIDC session service (#6157) This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2023-07-10 13:27:00 +00:00			`wm.IntentCheckedAt,`
feat(api): add and remove OTP (SMS and email) (#6295) * refactor: rename otp to totp * feat: add otp sms and email * implement tests 2023-08-02 16:57:53 +00:00			`// TODO: add OTP (sms and email) check https://github.com/zitadel/zitadel/issues/6224`
feat(api): add OIDC session service (#6157) This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2023-07-10 13:27:00 +00:00			`} {`
			`if check.After(authTime) {`
			`authTime = check`
			`}`
			`}`
			`return authTime`
			`}`
fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192) This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP) 2023-07-12 12:24:01 +00:00
			`// AuthMethodTypes returns a list of UserAuthMethodTypes based on succeeded checks`
			`func (wm *SessionWriteModel) AuthMethodTypes() []domain.UserAuthMethodType {`
			`types := make([]domain.UserAuthMethodType, 0, domain.UserAuthMethodTypeIDP)`
			`if !wm.PasswordCheckedAt.IsZero() {`
			`types = append(types, domain.UserAuthMethodTypePassword)`
			`}`
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00			`if !wm.WebAuthNCheckedAt.IsZero() {`
			`if wm.WebAuthNUserVerified {`
			`types = append(types, domain.UserAuthMethodTypePasswordless)`
			`} else {`
			`types = append(types, domain.UserAuthMethodTypeU2F)`
			`}`
fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192) This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP) 2023-07-12 12:24:01 +00:00			`}`
			`if !wm.IntentCheckedAt.IsZero() {`
			`types = append(types, domain.UserAuthMethodTypeIDP)`
			`}`
feat(api/v2): implement TOTP session check (#6362) * feat(api/v2): implement TOTP session check * add integration test * correct typo in projection test * fix event type typos --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-08-15 09:50:42 +00:00			`if !wm.TOTPCheckedAt.IsZero() {`
			`types = append(types, domain.UserAuthMethodTypeTOTP)`
			`}`
feat(api): add and remove OTP (SMS and email) (#6295) * refactor: rename otp to totp * feat: add otp sms and email * implement tests 2023-08-02 16:57:53 +00:00			`// TODO: add checks with https://github.com/zitadel/zitadel/issues/6224`
			`/*`
			`if !wm.TOTPFactor.OTPSMSCheckedAt.IsZero() {`
			`types = append(types, domain.UserAuthMethodTypeOTPSMS)`
			`}`
			`if !wm.TOTPFactor.OTPEmailCheckedAt.IsZero() {`
			`types = append(types, domain.UserAuthMethodTypeOTPEmail)`
			`}`
			`*/`
fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192) This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP) 2023-07-12 12:24:01 +00:00			`return types`
			`}`