TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:17:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(api): add and remove OTP (SMS and email) (#6295)

Browse Source 
* refactor: rename otp to totp

* feat: add otp sms and email

* implement tests
This commit is contained in:
Livio Spring
2023-08-02 18:57:53 +02:00
committed by GitHub
parent ca13e70c92
commit a1942ecdaa
44 changed files with 2253 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
proto/zitadel/auth.proto
View File

@@ -647,6 +647,70 @@ service AuthService {
};
}
rpc AddMyAuthFactorOTPSMS(AddMyAuthFactorOTPSMSRequest) returns (AddMyAuthFactorOTPSMSResponse) {
option (google.api.http) = {
post: "/users/me/auth_factors/otp_sms"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "authenticated"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Authentication Factor"
summary: "Add One-Time-Password (OTP) SMS";
description: "Add a new One-Time-Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor."
};
}
rpc RemoveMyAuthFactorOTPSMS(RemoveMyAuthFactorOTPSMSRequest) returns (RemoveMyAuthFactorOTPSMSResponse) {
option (google.api.http) = {
delete: "/users/me/auth_factors/otp_sms"
};
option (zitadel.v1.auth_option) = {
permission: "authenticated"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Authentication Factor"
summary: "Remove One-Time-Password (OTP) SMS";
description: "Remove the configured One-Time-Password (OTP) SMS factor of the authenticated user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward."
};
}
rpc AddMyAuthFactorOTPEmail(AddMyAuthFactorOTPEmailRequest) returns (AddMyAuthFactorOTPEmailResponse) {
option (google.api.http) = {
post: "/users/me/auth_factors/otp_email"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "authenticated"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Authentication Factor"
summary: "Add One-Time-Password (OTP) Email";
description: "Add a new One-Time-Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor."
};
}
rpc RemoveMyAuthFactorOTPEmail(RemoveMyAuthFactorOTPEmailRequest) returns (RemoveMyAuthFactorOTPEmailResponse) {
option (google.api.http) = {
delete: "/users/me/auth_factors/otp_email"
};
option (zitadel.v1.auth_option) = {
permission: "authenticated"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Authentication Factor"
summary: "Remove One-Time-Password (OTP) Email";
description: "Remove the configured One-Time-Password (OTP) Email factor of the authenticated user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward."
};
}
rpc AddMyAuthFactorU2F(AddMyAuthFactorU2FRequest) returns (AddMyAuthFactorU2FResponse) {
option (google.api.http) = {
post: "/users/me/auth_factors/u2f"
@@ -1340,6 +1404,34 @@ message RemoveMyAuthFactorOTPResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message AddMyAuthFactorOTPSMSRequest {}
message AddMyAuthFactorOTPSMSResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveMyAuthFactorOTPSMSRequest {}
message RemoveMyAuthFactorOTPSMSResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message AddMyAuthFactorOTPEmailRequest {}
message AddMyAuthFactorOTPEmailResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveMyAuthFactorOTPEmailRequest {}
message RemoveMyAuthFactorOTPEmailResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveMyAuthFactorU2FRequest {
string token_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}

16
proto/zitadel/user.proto
View File

@@ -342,12 +342,22 @@ message AuthFactor {
oneof type {
AuthFactorOTP otp = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "one type use OTP or U2F"
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
}
];
AuthFactorU2F u2f = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "one type use OTP or U2F"
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
}
];
AuthFactorOTPSMS otp_sms = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
}
];
AuthFactorOTPEmail otp_email = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
}
];
}
@@ -361,6 +371,8 @@ enum AuthFactorState {
}
message AuthFactorOTP {}
message AuthFactorOTPSMS {}
message AuthFactorOTPEmail {}
message AuthFactorU2F {
string id = 1 [

156
proto/zitadel/user/v2alpha/user_service.proto
View File

@@ -317,6 +317,96 @@ service UserService {
};
}
rpc AddOTPSMS (AddOTPSMSRequest) returns (AddOTPSMSResponse) {
option (google.api.http) = {
post: "/v2alpha/users/{user_id}/otp_sms"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Add OTP SMS for a user";
description: "Add a new One-Time-Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor."
responses: {
key: "200"
value: {
description: "OK";
}
};
};
}
rpc RemoveOTPSMS (RemoveOTPSMSRequest) returns (RemoveOTPSMSResponse) {
option (google.api.http) = {
delete: "/v2alpha/users/{user_id}/otp_sms"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Remove One-Time-Password (OTP) SMS from a user";
description: "Remove the configured One-Time-Password (OTP) SMS factor of the authenticated user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward."
responses: {
key: "200"
value: {
description: "OK";
}
};
};
}
rpc AddOTPEmail (AddOTPEmailRequest) returns (AddOTPEmailResponse) {
option (google.api.http) = {
post: "/v2alpha/users/{user_id}/otp_email"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Add OTP Email for a user";
description: "Add a new One-Time-Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor."
responses: {
key: "200"
value: {
description: "OK";
}
};
};
}
rpc RemoveOTPEmail (RemoveOTPEmailRequest) returns (RemoveOTPEmailResponse) {
option (google.api.http) = {
delete: "/v2alpha/users/{user_id}/otp_email"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Remove One-Time-Password (OTP) Email from a user";
description: "Remove the configured One-Time-Password (OTP) Email factor of the authenticated user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward."
responses: {
key: "200"
value: {
description: "OK";
}
};
};
}
// Start an IDP authentication (for external login, registration or linking)
rpc StartIdentityProviderFlow (StartIdentityProviderFlowRequest) returns (StartIdentityProviderFlowResponse) {
option (google.api.http) = {
@@ -779,6 +869,70 @@ message VerifyTOTPRegistrationResponse {
zitadel.object.v2alpha.Details details = 1;
}
message AddOTPSMSRequest {
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"163840776835432705\"";
}
];
}
message AddOTPSMSResponse {
zitadel.object.v2alpha.Details details = 1;
}
message RemoveOTPSMSRequest {
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"163840776835432705\"";
}
];
}
message RemoveOTPSMSResponse {
zitadel.object.v2alpha.Details details = 1;
}
message AddOTPEmailRequest {
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"163840776835432705\"";
}
];
}
message AddOTPEmailResponse {
zitadel.object.v2alpha.Details details = 1;
}
message RemoveOTPEmailRequest {
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"163840776835432705\"";
}
];
}
message RemoveOTPEmailResponse {
zitadel.object.v2alpha.Details details = 1;
}
message CreatePasskeyRegistrationLinkRequest{
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
@@ -979,4 +1133,6 @@ enum AuthenticationMethodType {
AUTHENTICATION_METHOD_TYPE_IDP = 3;
AUTHENTICATION_METHOD_TYPE_TOTP = 4;
AUTHENTICATION_METHOD_TYPE_U2F = 5;
AUTHENTICATION_METHOD_TYPE_OTP_SMS = 6;
AUTHENTICATION_METHOD_TYPE_OTP_EMAIL = 7;
}