feat: provide option to limit (T)OTP checks (#7693)

* feat: provide option to limit (T)OTP checks * fix requests in console * update errors pkg * cleanup * cleanup * improve naming of existing config
2025-08-12 00:27:31 +00:00 · 2024-04-10 11:14:55 +02:00
parent e3f10f7e23
commit 153df2e12f
58 changed files with 752 additions and 755 deletions
--- a/internal/query/lockout_policy.go
+++ b/internal/query/lockout_policy.go
@@ -27,6 +27,7 @@ type LockoutPolicy struct {
 	State         domain.PolicyState

 	MaxPasswordAttempts uint64
+	MaxOTPAttempts      uint64
 	ShowFailures        bool

 	IsDefault bool
@@ -69,6 +70,10 @@ var (
 		name:  projection.LockoutPolicyMaxPasswordAttemptsCol,
 		table: lockoutTable,
 	}
+	LockoutColMaxOTPAttempts = Column{
+		name:  projection.LockoutPolicyMaxOTPAttemptsCol,
+		table: lockoutTable,
+	}
 	LockoutColIsDefault = Column{
 		name:  projection.LockoutPolicyIsDefaultCol,
 		table: lockoutTable,
@@ -77,13 +82,9 @@ var (
 		name:  projection.LockoutPolicyStateCol,
 		table: lockoutTable,
 	}
-	LockoutPolicyOwnerRemoved = Column{
-		name:  projection.LockoutPolicyOwnerRemovedCol,
-		table: lockoutTable,
-	}
 )

-func (q *Queries) LockoutPolicyByOrg(ctx context.Context, shouldTriggerBulk bool, orgID string, withOwnerRemoved bool) (policy *LockoutPolicy, err error) {
+func (q *Queries) LockoutPolicyByOrg(ctx context.Context, shouldTriggerBulk bool, orgID string) (policy *LockoutPolicy, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()

@@ -96,9 +97,6 @@ func (q *Queries) LockoutPolicyByOrg(ctx context.Context, shouldTriggerBulk bool
 	eq := sq.Eq{
 		LockoutColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}
-	if !withOwnerRemoved {
-		eq[LockoutPolicyOwnerRemoved.identifier()] = false
-	}

 	stmt, scan := prepareLockoutPolicyQuery(ctx, q.client)
 	query, args, err := stmt.Where(
@@ -153,6 +151,7 @@ func prepareLockoutPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Sele
 			LockoutColResourceOwner.identifier(),
 			LockoutColShowFailures.identifier(),
 			LockoutColMaxPasswordAttempts.identifier(),
+			LockoutColMaxOTPAttempts.identifier(),
 			LockoutColIsDefault.identifier(),
 			LockoutColState.identifier(),
 		).
@@ -168,6 +167,7 @@ func prepareLockoutPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Sele
 				&policy.ResourceOwner,
 				&policy.ShowFailures,
 				&policy.MaxPasswordAttempts,
+				&policy.MaxOTPAttempts,
 				&policy.IsDefault,
 				&policy.State,
 			)