fix: handle disabled mfa types correctly during login (#979)

* fix: handle disabled mfa types during login correctly * fix: add 2fa to default login policy * fix: setup * Update internal/setup/step7.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-22 03:02:14 +00:00 · 2020-11-18 12:56:24 +01:00
parent 955dec8694
commit b9be5f4e11
8 changed files with 128 additions and 38 deletions
--- a/internal/setup/config.go
+++ b/internal/setup/config.go
@@ -12,6 +12,7 @@ type IAMSetUp struct {
 	Step4 *Step4
 	Step5 *Step5
 	Step6 *Step6
+	Step7 *Step7
 }

 func (setup *IAMSetUp) steps(currentDone iam_model.Step) ([]step, error) {
@@ -25,6 +26,7 @@ func (setup *IAMSetUp) steps(currentDone iam_model.Step) ([]step, error) {
 		setup.Step4,
 		setup.Step5,
 		setup.Step6,
+		setup.Step7,
 	} {
 		if step.step() <= currentDone {
 			continue
--- a/internal/setup/step7.go
+++ b/internal/setup/step7.go
@@ -0,0 +1,54 @@
+package setup
+
+import (
+	"context"
+
+	"github.com/caos/logging"
+
+	"github.com/caos/zitadel/internal/eventstore/models"
+	es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
+)
+
+type Step7 struct {
+	DefaultSecondFactor iam_model.SecondFactorType
+
+	setup *Setup
+}
+
+func (step *Step7) isNil() bool {
+	return step == nil
+}
+
+func (step *Step7) step() iam_model.Step {
+	return iam_model.Step7
+}
+
+func (step *Step7) init(setup *Setup) {
+	step.setup = setup
+}
+
+func (step *Step7) execute(ctx context.Context) (*iam_model.IAM, error) {
+	iam, agg, err := step.add2FAToPolicy(ctx, step.DefaultSecondFactor)
+	if err != nil {
+		logging.Log("SETUP-ZTuS1").WithField("step", step.step()).WithError(err).Error("unable to finish setup (add default mfa to login policy)")
+		return nil, err
+	}
+	iam, agg, push, err := step.setup.IamEvents.PrepareSetupDone(ctx, iam, agg, step.step())
+	if err != nil {
+		logging.Log("SETUP-OkF8o").WithField("step", step.step()).WithError(err).Error("unable to finish setup (prepare setup done)")
+		return nil, err
+	}
+	err = es_sdk.PushAggregates(ctx, push, iam.AppendEvents, agg)
+	if err != nil {
+		logging.Log("SETUP-YbQ6T").WithField("step", step.step()).WithError(err).Error("unable to finish setup")
+		return nil, err
+	}
+	return iam_es_model.IAMToModel(iam), nil
+}
+
+func (step *Step7) add2FAToPolicy(ctx context.Context, secondFactor iam_model.SecondFactorType) (*iam_es_model.IAM, *models.Aggregate, error) {
+	logging.Log("SETUP-geMGDuZ").Info("adding 2FA to loginPolicy")
+	return step.setup.IamEvents.PrepareAddSecondFactorToLoginPolicy(ctx, step.setup.iamID, secondFactor)
+}