TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-28 20:57:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: reread user mfas, preferred loginname as otp account name (#636)

Browse Source 
* fix: reread user mfas

* fix: use preferred login name as otp account name

* fix: tests
This commit is contained in:
Fabi 2020-08-26 10:17:43 +02:00 committed by GitHub
parent db1d8f4efe
commit 87aa97b9c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 47 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
internal/auth/repository/eventsourcing/eventstore/user.go
View File

@ -176,15 +176,36 @@ func (repo *UserRepo) ChangePassword(ctx context.Context, userID, old, new strin
}
func (repo *UserRepo) MyUserMfas(ctx context.Context) ([]*model.MultiFactor, error) {
return repo.View.UserMfas(authz.GetCtxData(ctx).UserID)
user, err := repo.UserByID(ctx, authz.GetCtxData(ctx).UserID)
if err != nil {
return nil, err
}
if user.OTPState == model.MfaStateUnspecified {
return []*model.MultiFactor{}, nil
}
return []*model.MultiFactor{{Type: model.MfaTypeOTP, State: user.OTPState}}, nil
}
func (repo *UserRepo) AddMfaOTP(ctx context.Context, userID string) (*model.OTP, error) {
return repo.UserEvents.AddOTP(ctx, userID)
accountName := ""
user, err := repo.UserByID(ctx, userID)
if err != nil {
logging.Log("EVENT-Fk93s").OnError(err).Debug("unable to get user for loginname")
} else {
accountName = user.PreferredLoginName
}
return repo.UserEvents.AddOTP(ctx, userID, accountName)
}
func (repo *UserRepo) AddMyMfaOTP(ctx context.Context) (*model.OTP, error) {
return repo.UserEvents.AddOTP(ctx, authz.GetCtxData(ctx).UserID)
accountName := ""
user, err := repo.UserByID(ctx, authz.GetCtxData(ctx).UserID)
if err != nil {
logging.Log("EVENT-Ml0sd").OnError(err).Debug("unable to get user for loginname")
} else {
accountName = user.PreferredLoginName
}
return repo.UserEvents.AddOTP(ctx, authz.GetCtxData(ctx).UserID, accountName)
}
func (repo *UserRepo) VerifyMfaOTPSetup(ctx context.Context, userID, code string) error {

9
internal/management/repository/eventsourcing/eventstore/user.go
View File

@ -145,7 +145,14 @@ func (repo *UserRepo) IsUserUnique(ctx context.Context, userName, email string)
}
func (repo *UserRepo) UserMfas(ctx context.Context, userID string) ([]*usr_model.MultiFactor, error) {
return repo.View.UserMfas(userID)
user, err := repo.UserByID(ctx, userID)
if err != nil {
return nil, err
}
if user.OTPState == usr_model.MfaStateUnspecified {
return []*usr_model.MultiFactor{}, nil
}
return []*usr_model.MultiFactor{{Type: usr_model.MfaTypeOTP, State: user.OTPState}}, nil
}
func (repo *UserRepo) SetOneTimePassword(ctx context.Context, password *usr_model.Password) (*usr_model.Password, error) {

10
internal/user/repository/eventsourcing/eventstore.go
View File

@ -946,7 +946,7 @@ func (es *UserEventstore) ChangeAddress(ctx context.Context, address *usr_model.
return model.AddressToModel(repoExisting.Address), nil
}
func (es *UserEventstore) AddOTP(ctx context.Context, userID string) (*usr_model.OTP, error) {
func (es *UserEventstore) AddOTP(ctx context.Context, userID, accountName string) (*usr_model.OTP, error) {
existing, err := es.UserByID(ctx, userID)
if err != nil {
return nil, err
@ -954,9 +954,11 @@ func (es *UserEventstore) AddOTP(ctx context.Context, userID string) (*usr_model
if existing.IsOTPReady() {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-do9se", "Errors.User.Mfa.Otp.AlreadyReady")
}
accountName := existing.UserName
if existing.Email != nil {
accountName = existing.EmailAddress
if accountName == "" {
accountName = existing.UserName
if existing.Email != nil {
accountName = existing.EmailAddress
}
}
key, err := totp.Generate(totp.GenerateOpts{Issuer: es.Multifactors.OTP.Issuer, AccountName: accountName})
if err != nil {

16
internal/user/repository/eventsourcing/eventstore_test.go
View File

@ -2947,9 +2947,10 @@ func TestChangeAddress(t *testing.T) {
func TestAddOTP(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserEventstore
ctx context.Context
userID string
es *UserEventstore
ctx context.Context
userID string
accountName string
}
type res struct {
errFunc func(err error) bool
@ -2962,9 +2963,10 @@ func TestAddOTP(t *testing.T) {
{
name: "add ok",
args: args{
es: GetMockManipulateUserWithOTPGen(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
userID: "AggregateID",
es: GetMockManipulateUserWithOTPGen(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
userID: "AggregateID",
accountName: "AccountName",
},
},
{
@ -2992,7 +2994,7 @@ func TestAddOTP(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddOTP(tt.args.ctx, tt.args.userID)
result, err := tt.args.es.AddOTP(tt.args.ctx, tt.args.userID, tt.args.accountName)
if tt.res.errFunc == nil && result.AggregateID == "" {
t.Errorf("result has no id")