feat(login): additionally use email/phone for authentication (#4563)

* feat: add ability to disable login by email and phone * feat: check login by email and phone * fix: set verified email / phone correctly on notify users * update projection version * fix merge * fix email/phone verified reduce tests * fix user tests * loginname check * cleanup * fix: update user projection version to handle fixed statement
2025-08-11 19:17:32 +00:00 · 2022-10-17 21:19:15 +02:00
parent 9ae58b62fd
commit b0b1e94090
54 changed files with 1245 additions and 768 deletions
--- a/internal/repository/policy/login.go
+++ b/internal/repository/policy/login.go
@@ -27,6 +27,8 @@ type LoginPolicyAddedEvent struct {
 	HidePasswordReset          bool                    `json:"hidePasswordReset,omitempty"`
 	IgnoreUnknownUsernames     bool                    `json:"ignoreUnknownUsernames,omitempty"`
 	AllowDomainDiscovery       bool                    `json:"allowDomainDiscovery,omitempty"`
+	DisableLoginWithEmail      bool                    `json:"disableLoginWithEmail,omitempty"`
+	DisableLoginWithPhone      bool                    `json:"disableLoginWithPhone,omitempty"`
 	PasswordlessType           domain.PasswordlessType `json:"passwordlessType,omitempty"`
 	DefaultRedirectURI         string                  `json:"defaultRedirectURI,omitempty"`
 	PasswordCheckLifetime      time.Duration           `json:"passwordCheckLifetime,omitempty"`
@@ -52,7 +54,9 @@ func NewLoginPolicyAddedEvent(
 	forceMFA,
 	hidePasswordReset,
 	ignoreUnknownUsernames,
-	allowDomainDiscovery bool,
+	allowDomainDiscovery,
+	disableLoginWithEmail,
+	disableLoginWithPhone bool,
 	passwordlessType domain.PasswordlessType,
 	defaultRedirectURI string,
 	passwordCheckLifetime,
@@ -77,6 +81,8 @@ func NewLoginPolicyAddedEvent(
 		MFAInitSkipLifetime:        mfaInitSkipLifetime,
 		SecondFactorCheckLifetime:  secondFactorCheckLifetime,
 		MultiFactorCheckLifetime:   multiFactorCheckLifetime,
+		DisableLoginWithEmail:      disableLoginWithEmail,
+		DisableLoginWithPhone:      disableLoginWithPhone,
 	}
 }

@@ -103,6 +109,8 @@ type LoginPolicyChangedEvent struct {
 	HidePasswordReset          *bool                    `json:"hidePasswordReset,omitempty"`
 	IgnoreUnknownUsernames     *bool                    `json:"ignoreUnknownUsernames,omitempty"`
 	AllowDomainDiscovery       *bool                    `json:"allowDomainDiscovery,omitempty"`
+	DisableLoginWithEmail      *bool                    `json:"disableLoginWithEmail,omitempty"`
+	DisableLoginWithPhone      *bool                    `json:"disableLoginWithPhone,omitempty"`
 	PasswordlessType           *domain.PasswordlessType `json:"passwordlessType,omitempty"`
 	DefaultRedirectURI         *string                  `json:"defaultRedirectURI,omitempty"`
 	PasswordCheckLifetime      *time.Duration           `json:"passwordCheckLifetime,omitempty"`
@@ -222,6 +230,18 @@ func ChangeDefaultRedirectURI(defaultRedirectURI string) func(*LoginPolicyChange
 	}
 }

+func ChangeDisableLoginWithEmail(disableLoginWithEmail bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.DisableLoginWithEmail = &disableLoginWithEmail
+	}
+}
+
+func ChangeDisableLoginWithPhone(DisableLoginWithPhone bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.DisableLoginWithPhone = &DisableLoginWithPhone
+	}
+}
+
 func LoginPolicyChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
 	e := &LoginPolicyChangedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),