feat(api): add and remove OTP (SMS and email) (#6295)

* refactor: rename otp to totp * feat: add otp sms and email * implement tests
2025-10-17 09:12:18 +00:00 · 2023-08-02 18:57:53 +02:00
parent ca13e70c92
commit a1942ecdaa
44 changed files with 2253 additions and 215 deletions
--- a/internal/command/user_human_otp_model.go
+++ b/internal/command/user_human_otp_model.go
@@ -7,15 +7,15 @@ import (
 	"github.com/zitadel/zitadel/internal/repository/user"
 )

-type HumanOTPWriteModel struct {
+type HumanTOTPWriteModel struct {
 	eventstore.WriteModel

 	State  domain.MFAState
 	Secret *crypto.CryptoValue
 }

-func NewHumanOTPWriteModel(userID, resourceOwner string) *HumanOTPWriteModel {
-	return &HumanOTPWriteModel{
+func NewHumanTOTPWriteModel(userID, resourceOwner string) *HumanTOTPWriteModel {
+	return &HumanTOTPWriteModel{
 		WriteModel: eventstore.WriteModel{
 			AggregateID:   userID,
 			ResourceOwner: resourceOwner,
@@ -23,7 +23,7 @@ func NewHumanOTPWriteModel(userID, resourceOwner string) *HumanOTPWriteModel {
 	}
 }

-func (wm *HumanOTPWriteModel) Reduce() error {
+func (wm *HumanTOTPWriteModel) Reduce() error {
 	for _, event := range wm.Events {
 		switch e := event.(type) {
 		case *user.HumanOTPAddedEvent:
@@ -40,7 +40,7 @@ func (wm *HumanOTPWriteModel) Reduce() error {
 	return wm.WriteModel.Reduce()
 }

-func (wm *HumanOTPWriteModel) Query() *eventstore.SearchQueryBuilder {
+func (wm *HumanTOTPWriteModel) Query() *eventstore.SearchQueryBuilder {
 	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
 		AddQuery().
 		AggregateTypes(user.AggregateType).
@@ -59,3 +59,107 @@ func (wm *HumanOTPWriteModel) Query() *eventstore.SearchQueryBuilder {
 	}
 	return query
 }
+
+type HumanOTPSMSWriteModel struct {
+	eventstore.WriteModel
+
+	phoneVerified bool
+	otpAdded      bool
+}
+
+func NewHumanOTPSMSWriteModel(userID, resourceOwner string) *HumanOTPSMSWriteModel {
+	return &HumanOTPSMSWriteModel{
+		WriteModel: eventstore.WriteModel{
+			AggregateID:   userID,
+			ResourceOwner: resourceOwner,
+		},
+	}
+}
+
+func (wm *HumanOTPSMSWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch event.(type) {
+		case *user.HumanPhoneVerifiedEvent:
+			wm.phoneVerified = true
+		case *user.HumanOTPSMSAddedEvent:
+			wm.otpAdded = true
+		case *user.HumanOTPSMSRemovedEvent:
+			wm.otpAdded = false
+		case *user.HumanPhoneRemovedEvent,
+			*user.UserRemovedEvent:
+			wm.phoneVerified = false
+			wm.otpAdded = false
+		}
+	}
+	return wm.WriteModel.Reduce()
+}
+
+func (wm *HumanOTPSMSWriteModel) Query() *eventstore.SearchQueryBuilder {
+	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		AddQuery().
+		AggregateTypes(user.AggregateType).
+		AggregateIDs(wm.AggregateID).
+		EventTypes(user.HumanPhoneVerifiedType,
+			user.HumanOTPSMSAddedType,
+			user.HumanOTPSMSRemovedType,
+			user.HumanPhoneRemovedType,
+			user.UserRemovedType,
+		).
+		Builder()
+
+	if wm.ResourceOwner != "" {
+		query.ResourceOwner(wm.ResourceOwner)
+	}
+	return query
+}
+
+type HumanOTPEmailWriteModel struct {
+	eventstore.WriteModel
+
+	emailVerified bool
+	otpAdded      bool
+}
+
+func NewHumanOTPEmailWriteModel(userID, resourceOwner string) *HumanOTPEmailWriteModel {
+	return &HumanOTPEmailWriteModel{
+		WriteModel: eventstore.WriteModel{
+			AggregateID:   userID,
+			ResourceOwner: resourceOwner,
+		},
+	}
+}
+
+func (wm *HumanOTPEmailWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch event.(type) {
+		case *user.HumanEmailVerifiedEvent:
+			wm.emailVerified = true
+		case *user.HumanOTPEmailAddedEvent:
+			wm.otpAdded = true
+		case *user.HumanOTPEmailRemovedEvent:
+			wm.otpAdded = false
+		case *user.UserRemovedEvent:
+			wm.emailVerified = false
+			wm.otpAdded = false
+		}
+	}
+	return wm.WriteModel.Reduce()
+}
+
+func (wm *HumanOTPEmailWriteModel) Query() *eventstore.SearchQueryBuilder {
+	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		AddQuery().
+		AggregateTypes(user.AggregateType).
+		AggregateIDs(wm.AggregateID).
+		EventTypes(user.HumanEmailVerifiedType,
+			user.HumanOTPEmailAddedType,
+			user.HumanOTPEmailRemovedType,
+			user.UserRemovedType,
+		).
+		Builder()
+
+	if wm.ResourceOwner != "" {
+		query.ResourceOwner(wm.ResourceOwner)
+	}
+	return query
+}