feat(api): list authentication method types in user api v2 (#6058)

2025-08-12 07:47:32 +00:00 · 2023-06-20 18:23:28 +02:00
parent 82e7333169
commit 7046194530
11 changed files with 523 additions and 1 deletions
--- a/internal/api/grpc/user/v2/user.go
+++ b/internal/api/grpc/user/v2/user.go
@@ -221,3 +221,41 @@ func (s *Server) checkIntentToken(token string, intentID string) error {
 	}
 	return nil
 }
+
+func (s *Server) ListAuthenticationMethodTypes(ctx context.Context, req *user.ListAuthenticationMethodTypesRequest) (*user.ListAuthenticationMethodTypesResponse, error) {
+	authMethods, err := s.query.ListActiveUserAuthMethodTypes(ctx, req.GetUserId(), false)
+	if err != nil {
+		return nil, err
+	}
+	return &user.ListAuthenticationMethodTypesResponse{
+		Details:         object.ToListDetails(authMethods.SearchResponse),
+		AuthMethodTypes: authMethodTypesToPb(authMethods.AuthMethodTypes),
+	}, nil
+}
+
+func authMethodTypesToPb(methodTypes []domain.UserAuthMethodType) []user.AuthenticationMethodType {
+	methods := make([]user.AuthenticationMethodType, len(methodTypes))
+	for i, method := range methodTypes {
+		methods[i] = authMethodTypeToPb(method)
+	}
+	return methods
+}
+
+func authMethodTypeToPb(methodType domain.UserAuthMethodType) user.AuthenticationMethodType {
+	switch methodType {
+	case domain.UserAuthMethodTypeOTP:
+		return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_TOTP
+	case domain.UserAuthMethodTypeU2F:
+		return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_U2F
+	case domain.UserAuthMethodTypePasswordless:
+		return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSKEY
+	case domain.UserAuthMethodTypePassword:
+		return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSWORD
+	case domain.UserAuthMethodTypeIDP:
+		return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_IDP
+	case domain.UserAuthMethodTypeUnspecified:
+		return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_UNSPECIFIED
+	default:
+		return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_UNSPECIFIED
+	}
+}
--- a/internal/api/grpc/user/v2/user_integration_test.go
+++ b/internal/api/grpc/user/v2/user_integration_test.go
@@ -24,6 +24,7 @@ import (
 	openid "github.com/zitadel/zitadel/internal/idp/providers/oidc"
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/internal/repository/idp"
+	mgmt "github.com/zitadel/zitadel/pkg/grpc/management"
 	object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha"
 )
@@ -712,3 +713,109 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
 		})
 	}
 }
+
+func TestServer_ListAuthenticationMethodTypes(t *testing.T) {
+	userIDWithoutAuth := Tester.CreateHumanUser(CTX).GetUserId()
+
+	userIDWithPasskey := Tester.CreateHumanUser(CTX).GetUserId()
+	Tester.RegisterUserPasskey(CTX, userIDWithPasskey)
+
+	userMultipleAuth := Tester.CreateHumanUser(CTX).GetUserId()
+	Tester.RegisterUserPasskey(CTX, userMultipleAuth)
+	provider, err := Tester.Client.Mgmt.AddGenericOIDCProvider(CTX, &mgmt.AddGenericOIDCProviderRequest{
+		Name:         "ListAuthenticationMethodTypes",
+		Issuer:       "https://example.com",
+		ClientId:     "client_id",
+		ClientSecret: "client_secret",
+	})
+	require.NoError(t, err)
+	idpLink, err := Tester.Client.UserV2.AddIDPLink(CTX, &user.AddIDPLinkRequest{UserId: userMultipleAuth, IdpLink: &user.IDPLink{
+		IdpId:    provider.GetId(),
+		UserId:   "external-id",
+		UserName: "displayName",
+	}})
+	require.NoError(t, err)
+
+	type args struct {
+		ctx context.Context
+		req *user.ListAuthenticationMethodTypesRequest
+	}
+	tests := []struct {
+		name string
+		args args
+		want *user.ListAuthenticationMethodTypesResponse
+	}{
+		{
+			name: "no auth",
+			args: args{
+				CTX,
+				&user.ListAuthenticationMethodTypesRequest{
+					UserId: userIDWithoutAuth,
+				},
+			},
+			want: &user.ListAuthenticationMethodTypesResponse{
+				Details: &object.ListDetails{
+					TotalResult: 0,
+				},
+			},
+		},
+		{
+			name: "with auth (passkey)",
+			args: args{
+				CTX,
+				&user.ListAuthenticationMethodTypesRequest{
+					UserId: userIDWithPasskey,
+				},
+			},
+			want: &user.ListAuthenticationMethodTypesResponse{
+				Details: &object.ListDetails{
+					TotalResult: 1,
+				},
+				AuthMethodTypes: []user.AuthenticationMethodType{
+					user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSKEY,
+				},
+			},
+		},
+		{
+			name: "multiple auth",
+			args: args{
+				CTX,
+				&user.ListAuthenticationMethodTypesRequest{
+					UserId: userMultipleAuth,
+				},
+			},
+			want: &user.ListAuthenticationMethodTypesResponse{
+				Details: &object.ListDetails{
+					TotalResult: 2,
+				},
+				AuthMethodTypes: []user.AuthenticationMethodType{
+					user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSKEY,
+					user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_IDP,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var got *user.ListAuthenticationMethodTypesResponse
+			var err error
+
+			for {
+				got, err = Client.ListAuthenticationMethodTypes(tt.args.ctx, tt.args.req)
+				if err == nil && got.GetDetails().GetProcessedSequence() >= idpLink.GetDetails().GetSequence() {
+					break
+				}
+				select {
+				case <-CTX.Done():
+					t.Fatal(CTX.Err(), err)
+				case <-time.After(time.Second):
+					t.Log("retrying ListAuthenticationMethodTypes")
+					continue
+				}
+			}
+			require.NoError(t, err)
+			assert.Equal(t, tt.want.GetDetails().GetTotalResult(), got.GetDetails().GetTotalResult())
+			require.Equal(t, tt.want.GetAuthMethodTypes(), got.GetAuthMethodTypes())
+		})
+	}
+}
--- a/internal/api/grpc/user/v2/user_test.go
+++ b/internal/api/grpc/user/v2/user_test.go
@@ -222,3 +222,75 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 		})
 	}
 }
+
+func Test_authMethodTypesToPb(t *testing.T) {
+	tests := []struct {
+		name        string
+		methodTypes []domain.UserAuthMethodType
+		want        []user.AuthenticationMethodType
+	}{
+		{
+			"empty list",
+			nil,
+			[]user.AuthenticationMethodType{},
+		},
+		{
+			"list",
+			[]domain.UserAuthMethodType{
+				domain.UserAuthMethodTypePasswordless,
+			},
+			[]user.AuthenticationMethodType{
+				user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSKEY,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equalf(t, tt.want, authMethodTypesToPb(tt.methodTypes), "authMethodTypesToPb(%v)", tt.methodTypes)
+		})
+	}
+}
+
+func Test_authMethodTypeToPb(t *testing.T) {
+	tests := []struct {
+		name       string
+		methodType domain.UserAuthMethodType
+		want       user.AuthenticationMethodType
+	}{
+		{
+			"uspecified",
+			domain.UserAuthMethodTypeUnspecified,
+			user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_UNSPECIFIED,
+		},
+		{
+			"(t)otp",
+			domain.UserAuthMethodTypeOTP,
+			user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_TOTP,
+		},
+		{
+			"u2f",
+			domain.UserAuthMethodTypeU2F,
+			user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_U2F,
+		},
+		{
+			"passkey",
+			domain.UserAuthMethodTypePasswordless,
+			user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSKEY,
+		},
+		{
+			"password",
+			domain.UserAuthMethodTypePassword,
+			user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSWORD,
+		},
+		{
+			"idp",
+			domain.UserAuthMethodTypeIDP,
+			user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_IDP,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equalf(t, tt.want, authMethodTypeToPb(tt.methodType), "authMethodTypeToPb(%v)", tt.methodType)
+		})
+	}
+}