feat: auth method query side (#3068)

* feat: queries for searching mfas and passwordless * feat: tests for user auth method queries * Update internal/api/grpc/auth/multi_factor.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/api/grpc/auth/passwordless.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/api/grpc/management/user.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/api/grpc/management/user.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 04:57:33 +00:00 · 2022-01-20 13:21:59 +01:00
parent c3d4db10ac
commit 5c6df06a7c
9 changed files with 672 additions and 67 deletions
--- a/internal/api/grpc/auth/multi_factor.go
+++ b/internal/api/grpc/auth/multi_factor.go
@@ -6,17 +6,28 @@ import (
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/query"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
 	user_pb "github.com/caos/zitadel/pkg/grpc/user"
 )

 func (s *Server) ListMyAuthFactors(ctx context.Context, _ *auth_pb.ListMyAuthFactorsRequest) (*auth_pb.ListMyAuthFactorsResponse, error) {
-	mfas, err := s.repo.MyUserMFAs(ctx)
+	query := new(query.UserAuthMethodSearchQueries)
+	err := query.AppendUserIDQuery(authz.GetCtxData(ctx).UserID)
+	if err != nil {
+		return nil, err
+	}
+	err = query.AppendAuthMethodsQuery(domain.UserAuthMethodTypeU2F, domain.UserAuthMethodTypeOTP)
+	if err != nil {
+		return nil, err
+	}
+	authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.ListMyAuthFactorsResponse{
-		Result: user_grpc.AuthFactorsToPb(mfas),
+		Result: user_grpc.AuthMethodsToPb(authMethods),
 	}, nil
 }

--- a/internal/api/grpc/auth/passwordless.go
+++ b/internal/api/grpc/auth/passwordless.go
@@ -3,6 +3,7 @@ package auth
 import (
 	"context"

+	"github.com/caos/zitadel/internal/query"
 	"google.golang.org/protobuf/types/known/durationpb"

 	"github.com/caos/zitadel/internal/api/authz"
@@ -14,12 +15,21 @@ import (
 )

 func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswordlessRequest) (*auth_pb.ListMyPasswordlessResponse, error) {
-	tokens, err := s.repo.GetMyPasswordless(ctx)
+	query := new(query.UserAuthMethodSearchQueries)
+	err := query.AppendUserIDQuery(authz.GetCtxData(ctx).UserID)
+	if err != nil {
+		return nil, err
+	}
+	err = query.AppendAuthMethodQuery(domain.UserAuthMethodTypePasswordless)
+	if err != nil {
+		return nil, err
+	}
+	authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.ListMyPasswordlessResponse{
-		Result: user_grpc.WebAuthNTokensViewToPb(tokens),
+		Result: user_grpc.UserAuthMethodsToWebAuthNTokenPb(authMethods),
 	}, nil
 }

--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -473,12 +473,21 @@ func (s *Server) SendHumanResetPasswordNotification(ctx context.Context, req *mg
 }

 func (s *Server) ListHumanAuthFactors(ctx context.Context, req *mgmt_pb.ListHumanAuthFactorsRequest) (*mgmt_pb.ListHumanAuthFactorsResponse, error) {
-	mfas, err := s.user.UserMFAs(ctx, req.UserId)
+	query := new(query.UserAuthMethodSearchQueries)
+	err := query.AppendUserIDQuery(req.UserId)
+	if err != nil {
+		return nil, err
+	}
+	err = query.AppendAuthMethodsQuery(domain.UserAuthMethodTypeU2F, domain.UserAuthMethodTypeOTP)
+	if err != nil {
+		return nil, err
+	}
+	authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListHumanAuthFactorsResponse{
-		Result: user_grpc.AuthFactorsToPb(mfas),
+		Result: user_grpc.AuthMethodsToPb(authMethods),
 	}, nil
 }

@@ -503,12 +512,21 @@ func (s *Server) RemoveHumanAuthFactorU2F(ctx context.Context, req *mgmt_pb.Remo
 }

 func (s *Server) ListHumanPasswordless(ctx context.Context, req *mgmt_pb.ListHumanPasswordlessRequest) (*mgmt_pb.ListHumanPasswordlessResponse, error) {
-	tokens, err := s.user.GetPasswordless(ctx, req.UserId)
+	query := new(query.UserAuthMethodSearchQueries)
+	err := query.AppendUserIDQuery(req.UserId)
+if err != nil {
+		return nil, err
+	}
+	err = query.AppendAuthMethodQuery(domain.UserAuthMethodTypePasswordless)
+	if err != nil {
+		return nil, err
+	}
+	authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListHumanPasswordlessResponse{
-		Result: user_grpc.WebAuthNTokensViewToPb(tokens),
+		Result: user_grpc.UserAuthMethodsToWebAuthNTokenPb(authMethods),
 	}, nil
 }

--- a/internal/api/grpc/user/converter.go
+++ b/internal/api/grpc/user/converter.go
@@ -173,54 +173,54 @@ func GenderToPb(gender model.Gender) user_pb.Gender {
 	}
 }

-func AuthFactorsToPb(mfas []*model.MultiFactor) []*user_pb.AuthFactor {
-	factors := make([]*user_pb.AuthFactor, len(mfas))
-	for i, mfa := range mfas {
-		factors[i] = AuthFactorToPb(mfa)
+func AuthMethodsToPb(mfas *query.AuthMethods) []*user_pb.AuthFactor {
+	factors := make([]*user_pb.AuthFactor, len(mfas.AuthMethods))
+	for i, mfa := range mfas.AuthMethods {
+		factors[i] = AuthMethodToPb(mfa)
 	}
 	return factors
 }

-func AuthFactorToPb(mfa *model.MultiFactor) *user_pb.AuthFactor {
+func AuthMethodToPb(mfa *query.AuthMethod) *user_pb.AuthFactor {
 	factor := &user_pb.AuthFactor{
 		State: MFAStateToPb(mfa.State),
 	}
 	switch mfa.Type {
-	case model.MFATypeOTP:
+	case domain.UserAuthMethodTypeOTP:
 		factor.Type = &user_pb.AuthFactor_Otp{
 			Otp: &user_pb.AuthFactorOTP{},
 		}
-	case model.MFATypeU2F:
+	case domain.UserAuthMethodTypeU2F:
 		factor.Type = &user_pb.AuthFactor_U2F{
 			U2F: &user_pb.AuthFactorU2F{
-				Id:   mfa.ID,
-				Name: mfa.Attribute,
+				Id:   mfa.TokenID,
+				Name: mfa.Name,
 			},
 		}
 	}
 	return factor
 }

-func MFAStateToPb(state model.MFAState) user_pb.AuthFactorState {
+func MFAStateToPb(state domain.MFAState) user_pb.AuthFactorState {
 	switch state {
-	case model.MFAStateNotReady:
+	case domain.MFAStateNotReady:
 		return user_pb.AuthFactorState_AUTH_FACTOR_STATE_NOT_READY
-	case model.MFAStateReady:
+	case domain.MFAStateReady:
 		return user_pb.AuthFactorState_AUTH_FACTOR_STATE_READY
 	default:
 		return user_pb.AuthFactorState_AUTH_FACTOR_STATE_UNSPECIFIED
 	}
 }

-func WebAuthNTokensViewToPb(tokens []*model.WebAuthNView) []*user_pb.WebAuthNToken {
-	t := make([]*user_pb.WebAuthNToken, len(tokens))
-	for i, token := range tokens {
-		t[i] = WebAuthNTokenViewToPb(token)
+func UserAuthMethodsToWebAuthNTokenPb(methods *query.AuthMethods) []*user_pb.WebAuthNToken {
+	t := make([]*user_pb.WebAuthNToken, len(methods.AuthMethods))
+	for i, token := range methods.AuthMethods {
+		t[i] = UserAuthMethodToWebAuthNTokenPb(token)
 	}
 	return t
 }

-func WebAuthNTokenViewToPb(token *model.WebAuthNView) *user_pb.WebAuthNToken {
+func UserAuthMethodToWebAuthNTokenPb(token *query.AuthMethod) *user_pb.WebAuthNToken {
 	return &user_pb.WebAuthNToken{
 		Id:    token.TokenID,
 		State: MFAStateToPb(token.State),
@@ -228,12 +228,6 @@ func WebAuthNTokenViewToPb(token *model.WebAuthNView) *user_pb.WebAuthNToken {
 	}
 }

-func WebAuthNTokenToWebAuthNKeyPb(token *domain.WebAuthNToken) *user_pb.WebAuthNKey {
-	return &user_pb.WebAuthNKey{
-		PublicKey: token.PublicKey,
-	}
-}
-
 func ExternalIDPViewsToExternalIDPs(externalIDPs []*query.IDPUserLink) []*domain.UserIDPLink {
 	idps := make([]*domain.UserIDPLink, len(externalIDPs))
 	for i, idp := range externalIDPs {