TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-01 00:33:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add otp name and make it configurable (#5631)

Browse Source 
* feat: add otp name and make it configurable

* feat: use pre-existing otp env var

* feat: use requested domain if otp issuer is empty

* cleanup

---------

Co-authored-by: Sem den Broeder <semnelldenbroeder@gmail.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
bitfactory-sem-denbroeder 2023-04-26 07:17:23 +02:00 committed by GitHub
parent 923f691d77
commit 19f2f83b61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/defaults.yaml
View File

@ -321,6 +321,8 @@ SystemDefaults:
ApplicationKeySize: 2048 ApplicationKeySize: 2048
Multifactors: Multifactors:
OTP: OTP:
# If this is empty, the issuer is the requested domain
# This is helpful in scenarios with multiple ZITADEL environments or virtual instances
Issuer: "ZITADEL" Issuer: "ZITADEL"
DomainVerification: DomainVerification:
VerificationGenerator: VerificationGenerator:

8
internal/command/user_human_otp.go
View File

@ -5,6 +5,7 @@ import (
"github.com/zitadel/logging" "github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/domain"
caos_errs "github.com/zitadel/zitadel/internal/errors" caos_errs "github.com/zitadel/zitadel/internal/errors"
@ -71,11 +72,14 @@ func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string
if accountName == "" { if accountName == "" {
accountName = string(human.EmailAddress) accountName = string(human.EmailAddress)
} }
key, secret, err := domain.NewOTPKey(c.multifactors.OTP.Issuer, accountName, c.multifactors.OTP.CryptoMFA) issuer := c.multifactors.OTP.Issuer
if issuer == "" {
issuer = authz.GetInstance(ctx).RequestedDomain()
}
key, secret, err := domain.NewOTPKey(issuer, accountName, c.multifactors.OTP.CryptoMFA)
if err != nil { if err != nil {
return nil, err return nil, err
} }
_, err = c.eventstore.Push(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret)) _, err = c.eventstore.Push(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret))
if err != nil { if err != nil {
return nil, err return nil, err