feat(api): add and remove OTP (SMS and email) (#6295)

* refactor: rename otp to totp * feat: add otp sms and email * implement tests
2025-08-11 21:17:32 +00:00 · 2023-08-02 18:57:53 +02:00
parent ca13e70c92
commit a1942ecdaa
44 changed files with 2253 additions and 215 deletions
--- a/internal/query/projection/user_auth_method.go
+++ b/internal/query/projection/user_auth_method.go
@@ -89,6 +89,14 @@ func (p *userAuthMethodProjection) reducers() []handler.AggregateReducer {
 					Event:  user.HumanMFAOTPVerifiedType,
 					Reduce: p.reduceActivateEvent,
 				},
+				{
+					Event:  user.HumanOTPSMSAddedType,
+					Reduce: p.reduceAddAuthMethod,
+				},
+				{
+					Event:  user.HumanOTPEmailAddedType,
+					Reduce: p.reduceAddAuthMethod,
+				},
 				{
 					Event:  user.HumanPasswordlessTokenRemovedType,
 					Reduce: p.reduceRemoveAuthMethod,
@@ -101,6 +109,14 @@ func (p *userAuthMethodProjection) reducers() []handler.AggregateReducer {
 					Event:  user.HumanMFAOTPRemovedType,
 					Reduce: p.reduceRemoveAuthMethod,
 				},
+				{
+					Event:  user.HumanOTPSMSRemovedType,
+					Reduce: p.reduceRemoveAuthMethod,
+				},
+				{
+					Event:  user.HumanOTPEmailRemovedType,
+					Reduce: p.reduceRemoveAuthMethod,
+				},
 			},
 		},
 		{
@@ -135,7 +151,7 @@ func (p *userAuthMethodProjection) reduceInitAuthMethod(event eventstore.Event)
 		methodType = domain.UserAuthMethodTypeU2F
 		tokenID = e.WebAuthNTokenID
 	case *user.HumanOTPAddedEvent:
-		methodType = domain.UserAuthMethodTypeOTP
+		methodType = domain.UserAuthMethodTypeTOTP
 	default:
 		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType})
 	}
@@ -178,7 +194,7 @@ func (p *userAuthMethodProjection) reduceActivateEvent(event eventstore.Event) (
 		tokenID = e.WebAuthNTokenID
 		name = e.WebAuthNTokenName
 	case *user.HumanOTPVerifiedEvent:
-		methodType = domain.UserAuthMethodTypeOTP
+		methodType = domain.UserAuthMethodTypeTOTP

 	default:
 		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType})
@@ -202,6 +218,34 @@ func (p *userAuthMethodProjection) reduceActivateEvent(event eventstore.Event) (
 	), nil
 }

+func (p *userAuthMethodProjection) reduceAddAuthMethod(event eventstore.Event) (*handler.Statement, error) {
+	var methodType domain.UserAuthMethodType
+	switch event.(type) {
+	case *user.HumanOTPSMSAddedEvent:
+		methodType = domain.UserAuthMethodTypeOTPSMS
+	case *user.HumanOTPEmailAddedEvent:
+		methodType = domain.UserAuthMethodTypeOTPEmail
+	default:
+		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-DS4g3", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanOTPSMSAddedType, user.HumanOTPEmailAddedType})
+	}
+
+	return crdb.NewCreateStatement(
+		event,
+		[]handler.Column{
+			handler.NewCol(UserAuthMethodTokenIDCol, ""),
+			handler.NewCol(UserAuthMethodCreationDateCol, event.CreationDate()),
+			handler.NewCol(UserAuthMethodChangeDateCol, event.CreationDate()),
+			handler.NewCol(UserAuthMethodResourceOwnerCol, event.Aggregate().ResourceOwner),
+			handler.NewCol(UserAuthMethodInstanceIDCol, event.Aggregate().InstanceID),
+			handler.NewCol(UserAuthMethodUserIDCol, event.Aggregate().ID),
+			handler.NewCol(UserAuthMethodSequenceCol, event.Sequence()),
+			handler.NewCol(UserAuthMethodStateCol, domain.MFAStateReady),
+			handler.NewCol(UserAuthMethodTypeCol, methodType),
+			handler.NewCol(UserAuthMethodNameCol, ""),
+		},
+	), nil
+}
+
 func (p *userAuthMethodProjection) reduceRemoveAuthMethod(event eventstore.Event) (*handler.Statement, error) {
 	var tokenID string
 	var methodType domain.UserAuthMethodType
@@ -213,10 +257,17 @@ func (p *userAuthMethodProjection) reduceRemoveAuthMethod(event eventstore.Event
 		methodType = domain.UserAuthMethodTypeU2F
 		tokenID = e.WebAuthNTokenID
 	case *user.HumanOTPRemovedEvent:
-		methodType = domain.UserAuthMethodTypeOTP
+		methodType = domain.UserAuthMethodTypeTOTP
+	case *user.HumanOTPSMSRemovedEvent,
+		*user.HumanPhoneRemovedEvent:
+		methodType = domain.UserAuthMethodTypeOTPSMS
+	case *user.HumanOTPEmailRemovedEvent:
+		methodType = domain.UserAuthMethodTypeOTPEmail

 	default:
-		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType})
+		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v",
+			[]eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType, user.HumanMFAOTPRemovedType,
+				user.HumanOTPSMSRemovedType, user.HumanPhoneRemovedType, user.HumanOTPEmailRemovedType})
 	}
 	conditions := []handler.Condition{
 		handler.NewCond(UserAuthMethodUserIDCol, event.Aggregate().ID),