fix: reread user mfas, preferred loginname as otp account name (#636)

* fix: reread user mfas * fix: use preferred login name as otp account name * fix: tests
2025-08-11 21:37:32 +00:00 · 2020-08-26 10:17:43 +02:00
parent db1d8f4efe
commit 87aa97b9c7
4 changed files with 47 additions and 15 deletions
--- a/internal/user/repository/eventsourcing/eventstore.go
+++ b/internal/user/repository/eventsourcing/eventstore.go
@@ -946,7 +946,7 @@ func (es *UserEventstore) ChangeAddress(ctx context.Context, address *usr_model.
 	return model.AddressToModel(repoExisting.Address), nil
 }

-func (es *UserEventstore) AddOTP(ctx context.Context, userID string) (*usr_model.OTP, error) {
+func (es *UserEventstore) AddOTP(ctx context.Context, userID, accountName string) (*usr_model.OTP, error) {
 	existing, err := es.UserByID(ctx, userID)
 	if err != nil {
 		return nil, err
@@ -954,9 +954,11 @@ func (es *UserEventstore) AddOTP(ctx context.Context, userID string) (*usr_model
 	if existing.IsOTPReady() {
 		return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-do9se", "Errors.User.Mfa.Otp.AlreadyReady")
 	}
-	accountName := existing.UserName
-	if existing.Email != nil {
-		accountName = existing.EmailAddress
+	if accountName == "" {
+		accountName = existing.UserName
+		if existing.Email != nil {
+			accountName = existing.EmailAddress
+		}
 	}
 	key, err := totp.Generate(totp.GenerateOpts{Issuer: es.Multifactors.OTP.Issuer, AccountName: accountName})
 	if err != nil {
--- a/internal/user/repository/eventsourcing/eventstore_test.go
+++ b/internal/user/repository/eventsourcing/eventstore_test.go
@@ -2947,9 +2947,10 @@ func TestChangeAddress(t *testing.T) {
 func TestAddOTP(t *testing.T) {
 	ctrl := gomock.NewController(t)
 	type args struct {
-		es     *UserEventstore
-		ctx    context.Context
-		userID string
+		es          *UserEventstore
+		ctx         context.Context
+		userID      string
+		accountName string
 	}
 	type res struct {
 		errFunc func(err error) bool
@@ -2962,9 +2963,10 @@ func TestAddOTP(t *testing.T) {
 		{
 			name: "add ok",
 			args: args{
-				es:     GetMockManipulateUserWithOTPGen(ctrl),
-				ctx:    authz.NewMockContext("orgID", "userID"),
-				userID: "AggregateID",
+				es:          GetMockManipulateUserWithOTPGen(ctrl),
+				ctx:         authz.NewMockContext("orgID", "userID"),
+				userID:      "AggregateID",
+				accountName: "AccountName",
 			},
 		},
 		{
@@ -2992,7 +2994,7 @@ func TestAddOTP(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			result, err := tt.args.es.AddOTP(tt.args.ctx, tt.args.userID)
+			result, err := tt.args.es.AddOTP(tt.args.ctx, tt.args.userID, tt.args.accountName)

 			if tt.res.errFunc == nil && result.AggregateID == "" {
 				t.Errorf("result has no id")