feat(users/v2): return prompt information (#9255)

# Which Problems Are Solved Add the ability to update the timestamp when MFA initialization was last skipped. Get User By ID now also returns the timestamps when MFA setup was last skipped. # How the Problems Are Solved - Add a `HumanMFAInitSkipped` method to the `users/v2` API. - MFA skipped was already projected in the `auth.users3` table. In this PR the same column is added to the users projection. Event handling is kept the same as in the `UserView`: <details> 62804ca45f/internal/user/repository/view/model/user.go (L243-L377) </details> # Additional Changes - none # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9197
2025-08-11 21:07:31 +00:00 · 2025-01-29 17:12:31 +02:00
parent df8bac8a28
commit b6841251b1
28 changed files with 673 additions and 364 deletions
--- a/internal/query/projection/user.go
+++ b/internal/query/projection/user.go
@@ -16,7 +16,7 @@ import (
 )

 const (
-	UserTable        = "projections.users13"
+	UserTable        = "projections.users14"
 	UserHumanTable   = UserTable + "_" + UserHumanSuffix
 	UserMachineTable = UserTable + "_" + UserMachineSuffix
 	UserNotifyTable  = UserTable + "_" + UserNotifySuffix
@@ -36,6 +36,7 @@ const (
 	HumanUserInstanceIDCol      = "instance_id"
 	HumanPasswordChangeRequired = "password_change_required"
 	HumanPasswordChanged        = "password_changed"
+	HumanMFAInitSkipped         = "mfa_init_skipped"

 	// profile
 	HumanFirstNameCol         = "first_name"
@@ -118,6 +119,7 @@ func (*userProjection) Init() *old_handler.Check {
 			handler.NewColumn(HumanIsPhoneVerifiedCol, handler.ColumnTypeBool, handler.Nullable()),
 			handler.NewColumn(HumanPasswordChangeRequired, handler.ColumnTypeBool),
 			handler.NewColumn(HumanPasswordChanged, handler.ColumnTypeTimestamp, handler.Nullable()),
+			handler.NewColumn(HumanMFAInitSkipped, handler.ColumnTypeTimestamp, handler.Nullable()),
 		},
 			handler.NewPrimaryKey(HumanUserInstanceIDCol, HumanUserIDCol),
 			UserHumanSuffix,
@@ -296,6 +298,38 @@ func (p *userProjection) Reducers() []handler.AggregateReducer {
 					Event:  user.MachineSecretRemovedType,
 					Reduce: p.reduceMachineSecretRemoved,
 				},
+				{
+					Event:  user.UserV1MFAOTPVerifiedType,
+					Reduce: p.reduceUnsetMFAInitSkipped,
+				},
+				{
+					Event:  user.HumanMFAOTPVerifiedType,
+					Reduce: p.reduceUnsetMFAInitSkipped,
+				},
+				{
+					Event:  user.HumanOTPSMSAddedType,
+					Reduce: p.reduceUnsetMFAInitSkipped,
+				},
+				{
+					Event:  user.HumanOTPEmailAddedType,
+					Reduce: p.reduceUnsetMFAInitSkipped,
+				},
+				{
+					Event:  user.HumanU2FTokenVerifiedType,
+					Reduce: p.reduceUnsetMFAInitSkipped,
+				},
+				{
+					Event:  user.HumanPasswordlessTokenVerifiedType,
+					Reduce: p.reduceUnsetMFAInitSkipped,
+				},
+				{
+					Event:  user.UserV1MFAInitSkippedType,
+					Reduce: p.reduceMFAInitSkipped,
+				},
+				{
+					Event:  user.HumanMFAInitSkippedType,
+					Reduce: p.reduceMFAInitSkipped,
+				},
 			},
 		},
 		{
@@ -1114,6 +1148,51 @@ func (p *userProjection) reduceMachineChanged(event eventstore.Event) (*handler.

 }

+func (p *userProjection) reduceUnsetMFAInitSkipped(e eventstore.Event) (*handler.Statement, error) {
+	switch e.(type) {
+	default:
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ojrf6", "reduce.wrong.event.type %s", e.Type())
+	case *user.HumanOTPVerifiedEvent,
+		*user.HumanOTPSMSAddedEvent,
+		*user.HumanOTPEmailAddedEvent,
+		*user.HumanU2FVerifiedEvent,
+		*user.HumanPasswordlessVerifiedEvent:
+	}
+
+	return handler.NewUpdateStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(HumanMFAInitSkipped, sql.NullTime{}),
+		},
+		[]handler.Condition{
+			handler.NewCond(HumanUserIDCol, e.Aggregate().ID),
+			handler.NewCond(HumanUserInstanceIDCol, e.Aggregate().InstanceID),
+		},
+		handler.WithTableSuffix(UserHumanSuffix),
+	), nil
+}
+
+func (p *userProjection) reduceMFAInitSkipped(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*user.HumanMFAInitSkippedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-qYHvj", "reduce.wrong.event.type %s", user.MachineChangedEventType)
+	}
+	return handler.NewUpdateStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(HumanMFAInitSkipped, sql.NullTime{
+				Time:  e.CreatedAt(),
+				Valid: true,
+			}),
+		},
+		[]handler.Condition{
+			handler.NewCond(HumanUserIDCol, e.Aggregate().ID),
+			handler.NewCond(HumanUserInstanceIDCol, e.Aggregate().InstanceID),
+		},
+		handler.WithTableSuffix(UserHumanSuffix),
+	), nil
+}
+
 func (p *userProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) {
 	e, ok := event.(*org.OrgRemovedEvent)
 	if !ok {