feat: provide option to limit (T)OTP checks (#7693)

* feat: provide option to limit (T)OTP checks

* fix requests in console

* update errors pkg

* cleanup

* cleanup

* improve naming of existing config

internal/api/grpc/admin/export.go

@@ -491,13 +491,14 @@ func (s *Server) getLockoutPolicy(ctx context.Context, orgID string) (_ *managem
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	queriedLockout, err := s.query.LockoutPolicyByOrg(ctx, false, orgID, false)
+	queriedLockout, err := s.query.LockoutPolicyByOrg(ctx, false, orgID)
 	if err != nil {
 		return nil, err
 	}
 	if !queriedLockout.IsDefault {
 		return &management_pb.AddCustomLockoutPolicyRequest{
 			MaxPasswordAttempts: uint32(queriedLockout.MaxPasswordAttempts),
+			MaxOtpAttempts:      uint32(queriedLockout.MaxOTPAttempts),
 		}, nil
 	}
 	return nil, nil

internal/api/grpc/admin/lockout_converter.go

@@ -8,5 +8,6 @@ import (
 func UpdateLockoutPolicyToDomain(p *admin.UpdateLockoutPolicyRequest) *domain.LockoutPolicy {
 	return &domain.LockoutPolicy{
 		MaxPasswordAttempts: uint64(p.MaxPasswordAttempts),
+		MaxOTPAttempts:      uint64(p.MaxOtpAttempts),
 	}
 }

internal/api/grpc/management/policy_lockout.go

@@ -10,7 +10,7 @@ import (
 )
 
 func (s *Server) GetLockoutPolicy(ctx context.Context, req *mgmt_pb.GetLockoutPolicyRequest) (*mgmt_pb.GetLockoutPolicyResponse, error) {
-	policy, err := s.query.LockoutPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
+	policy, err := s.query.LockoutPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/management/policy_lockout_converter.go

@@ -8,11 +8,13 @@ import (
 func AddLockoutPolicyToDomain(p *mgmt.AddCustomLockoutPolicyRequest) *domain.LockoutPolicy {
 	return &domain.LockoutPolicy{
 		MaxPasswordAttempts: uint64(p.MaxPasswordAttempts),
+		MaxOTPAttempts:      uint64(p.MaxOtpAttempts),
 	}
 }
 
 func UpdateLockoutPolicyToDomain(p *mgmt.UpdateCustomLockoutPolicyRequest) *domain.LockoutPolicy {
 	return &domain.LockoutPolicy{
 		MaxPasswordAttempts: uint64(p.MaxPasswordAttempts),
+		MaxOTPAttempts:      uint64(p.MaxOtpAttempts),
 	}
 }

internal/api/grpc/policy/password_lockout_policy.go

@@ -10,6 +10,7 @@ func ModelLockoutPolicyToPb(policy *query.LockoutPolicy) *policy_pb.LockoutPolic
 	return &policy_pb.LockoutPolicy{
 		IsDefault:           policy.IsDefault,
 		MaxPasswordAttempts: policy.MaxPasswordAttempts,
+		MaxOtpAttempts:      policy.MaxOTPAttempts,
 		Details: object.ToViewDetailsPb(
 			policy.Sequence,
 			policy.CreationDate,

internal/api/grpc/settings/v2/settings.go

@@ -90,7 +90,7 @@ func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.G
 }
 
 func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
-	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()))
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/settings/v2/settings_converter.go

@@ -160,6 +160,7 @@ func legalAndSupportSettingsToPb(current *query.PrivacyPolicy) *settings.LegalAn
 func lockoutSettingsToPb(current *query.LockoutPolicy) *settings.LockoutSettings {
 	return &settings.LockoutSettings{
 		MaxPasswordAttempts: current.MaxPasswordAttempts,
+		MaxOtpAttempts:      current.MaxOTPAttempts,
 		ResourceOwnerType:   isDefaultToResourceOwnerTypePb(current.IsDefault),
 	}
 }

internal/api/grpc/settings/v2/settings_converter_test.go

@@ -339,10 +339,12 @@ func Test_legalSettingsToPb(t *testing.T) {
 func Test_lockoutSettingsToPb(t *testing.T) {
 	arg := &query.LockoutPolicy{
 		MaxPasswordAttempts: 22,
+		MaxOTPAttempts:      22,
 		IsDefault:           true,
 	}
 	want := &settings.LockoutSettings{
 		MaxPasswordAttempts: 22,
+		MaxOtpAttempts:      22,
 		ResourceOwnerType:   settings.ResourceOwnerType_RESOURCE_OWNER_TYPE_INSTANCE,
 	}
 	got := lockoutSettingsToPb(arg)