From 19f2f83b6111698a907ec8959622e31fbb9a76a7 Mon Sep 17 00:00:00 2001 From: bitfactory-sem-denbroeder <92806503+bitfactory-sem-denbroeder@users.noreply.github.com> Date: Wed, 26 Apr 2023 07:17:23 +0200 Subject: [PATCH] feat: add otp name and make it configurable (#5631) * feat: add otp name and make it configurable * feat: use pre-existing otp env var * feat: use requested domain if otp issuer is empty * cleanup --------- Co-authored-by: Sem den Broeder Co-authored-by: Elio Bischof Co-authored-by: Livio Spring --- cmd/defaults.yaml | 2 ++ internal/command/user_human_otp.go | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml index 1afc617c5a..85d6c0ab15 100644 --- a/cmd/defaults.yaml +++ b/cmd/defaults.yaml @@ -321,6 +321,8 @@ SystemDefaults: ApplicationKeySize: 2048 Multifactors: OTP: + # If this is empty, the issuer is the requested domain + # This is helpful in scenarios with multiple ZITADEL environments or virtual instances Issuer: "ZITADEL" DomainVerification: VerificationGenerator: diff --git a/internal/command/user_human_otp.go b/internal/command/user_human_otp.go index 02dbdae552..96db142f75 100644 --- a/internal/command/user_human_otp.go +++ b/internal/command/user_human_otp.go @@ -5,6 +5,7 @@ import ( "github.com/zitadel/logging" + "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" caos_errs "github.com/zitadel/zitadel/internal/errors" @@ -71,11 +72,14 @@ func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string if accountName == "" { accountName = string(human.EmailAddress) } - key, secret, err := domain.NewOTPKey(c.multifactors.OTP.Issuer, accountName, c.multifactors.OTP.CryptoMFA) + issuer := c.multifactors.OTP.Issuer + if issuer == "" { + issuer = authz.GetInstance(ctx).RequestedDomain() + } + key, secret, err := domain.NewOTPKey(issuer, accountName, c.multifactors.OTP.CryptoMFA) if err != nil { return nil, err } - _, err = c.eventstore.Push(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret)) if err != nil { return nil, err