fix(api): add remove otp sms and email to management api (#6721)

* fix(api): add remove otp sms and email to management api * fix(console): remove otpsms and otpemail from user --------- Co-authored-by: peintnermax <max@caos.ch>
2025-02-28 20:17:23 +00:00 · 2023-10-16 10:49:02 +03:00 · 2023-10-16 10:49:02 +03:00 · cb0a0f996e
commit cb0a0f996e
parent ce719a3fa4
5 changed files with 147 additions and 3 deletions
--- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.ts
+++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.ts
@ -157,7 +157,7 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
          this.service
            .removeMyAuthFactorOTPEmail()
            .then(() => {
-              this.toast.showInfo('USER.TOAST.U2FREMOVED', true);
+              this.toast.showInfo('USER.TOAST.OTPREMOVED', true);

              this.cleanupList();
              this.getMFAs();
@ -169,7 +169,7 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
          this.service
            .removeMyAuthFactorOTPSMS()
            .then(() => {
-              this.toast.showInfo('USER.TOAST.U2FREMOVED', true);
+              this.toast.showInfo('USER.TOAST.OTPREMOVED', true);

              this.cleanupList();
              this.getMFAs();
--- a/console/src/app/pages/users/user-detail/user-detail/user-mfa/user-mfa.component.ts
+++ b/console/src/app/pages/users/user-detail/user-detail/user-mfa/user-mfa.component.ts
@ -102,6 +102,36 @@ export class UserMfaComponent implements OnInit, OnDestroy {
            .catch((error) => {
              this.toast.showError(error);
            });
+        } else if (factor.otpEmail) {
+          this.mgmtUserService
+            .removeHumanAuthFactorOTPEmail(this.user.id)
+            .then(() => {
+              this.toast.showInfo('USER.TOAST.OTPREMOVED', true);
+
+              const index = this.dataSource.data.findIndex((mfa) => !!mfa.otpEmail);
+              if (index > -1) {
+                this.dataSource.data.splice(index, 1);
+              }
+              this.getMFAs();
+            })
+            .catch((error) => {
+              this.toast.showError(error);
+            });
+        } else if (factor.otpSms) {
+          this.mgmtUserService
+            .removeHumanAuthFactorOTPSMS(this.user.id)
+            .then(() => {
+              this.toast.showInfo('USER.TOAST.OTPREMOVED', true);
+
+              const index = this.dataSource.data.findIndex((mfa) => !!mfa.otpSms);
+              if (index > -1) {
+                this.dataSource.data.splice(index, 1);
+              }
+              this.getMFAs();
+            })
+            .catch((error) => {
+              this.toast.showError(error);
+            });
        }
      }
    });
--- a/console/src/app/services/mgmt.service.ts
+++ b/console/src/app/services/mgmt.service.ts
@ -322,8 +322,12 @@ import {
  RemoveCustomLabelPolicyLogoDarkResponse,
  RemoveCustomLabelPolicyLogoRequest,
  RemoveCustomLabelPolicyLogoResponse,
+  RemoveHumanAuthFactorOTPEmailRequest,
+  RemoveHumanAuthFactorOTPEmailResponse,
  RemoveHumanAuthFactorOTPRequest,
  RemoveHumanAuthFactorOTPResponse,
+  RemoveHumanAuthFactorOTPSMSRequest,
+  RemoveHumanAuthFactorOTPSMSResponse,
  RemoveHumanAuthFactorU2FRequest,
  RemoveHumanAuthFactorU2FResponse,
  RemoveHumanLinkedIDPRequest,
@ -1805,6 +1809,18 @@ export class ManagementService {
    return this.grpcService.mgmt.removeHumanAuthFactorU2F(req, null).then((resp) => resp.toObject());
  }

+  public removeHumanAuthFactorOTPSMS(userId: string): Promise<RemoveHumanAuthFactorOTPSMSResponse.AsObject> {
+    const req = new RemoveHumanAuthFactorOTPSMSRequest();
+    req.setUserId(userId);
+    return this.grpcService.mgmt.removeHumanAuthFactorOTPSMS(req, null).then((resp) => resp.toObject());
+  }
+
+  public removeHumanAuthFactorOTPEmail(userId: string): Promise<RemoveHumanAuthFactorOTPEmailResponse.AsObject> {
+    const req = new RemoveHumanAuthFactorOTPEmailRequest();
+    req.setUserId(userId);
+    return this.grpcService.mgmt.removeHumanAuthFactorOTPEmail(req, null).then((resp) => resp.toObject());
+  }
+
  public updateHumanProfile(
    userId: string,
    firstName?: string,
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@ -646,6 +646,26 @@ func (s *Server) RemoveHumanAuthFactorU2F(ctx context.Context, req *mgmt_pb.Remo
 	}, nil
 }

+func (s *Server) RemoveHumanAuthFactorOTPSMS(ctx context.Context, req *mgmt_pb.RemoveHumanAuthFactorOTPSMSRequest) (*mgmt_pb.RemoveHumanAuthFactorOTPSMSResponse, error) {
+	objectDetails, err := s.command.RemoveHumanOTPSMS(ctx, req.UserId, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.RemoveHumanAuthFactorOTPSMSResponse{
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
+	}, nil
+}
+
+func (s *Server) RemoveHumanAuthFactorOTPEmail(ctx context.Context, req *mgmt_pb.RemoveHumanAuthFactorOTPEmailRequest) (*mgmt_pb.RemoveHumanAuthFactorOTPEmailResponse, error) {
+	objectDetails, err := s.command.RemoveHumanOTPEmail(ctx, req.UserId, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.RemoveHumanAuthFactorOTPEmailResponse{
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
+	}, nil
+}
+
 func (s *Server) ListHumanPasswordless(ctx context.Context, req *mgmt_pb.ListHumanPasswordlessRequest) (*mgmt_pb.ListHumanPasswordlessResponse, error) {
 	query := new(query.UserAuthMethodSearchQueries)
 	err := query.AppendUserIDQuery(req.UserId)
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@ -1255,7 +1255,7 @@ service ManagementService {

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
            summary: "Remove Multi-Factor OTP";
-            description: "Remove the configured One-Time-Password (OTP) as a factor from the user. OTP is an authentication app, like Authy or Google/Microsoft Authenticator.."
+            description: "Remove the configured One-Time-Password (OTP) as a factor from the user. OTP is an authentication app, like Authy or Google/Microsoft Authenticator."
            tags: "Users";
            tags: "User Human";
            responses: {
@ -1306,6 +1306,68 @@ service ManagementService {
        };
    }

+    rpc RemoveHumanAuthFactorOTPSMS(RemoveHumanAuthFactorOTPSMSRequest) returns (RemoveHumanAuthFactorOTPSMSResponse) {
+        option (google.api.http) = {
+            delete: "/users/{user_id}/auth_factors/otp_sms"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "user.write"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            summary: "Remove Multi-Factor OTP SMS";
+            description: "Remove the configured One-Time-Password (OTP) SMS as a factor from the user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward."
+            tags: "Users";
+            tags: "User Human";
+            responses: {
+                key: "200"
+                value: {
+                    description: "OK";
+                }
+            };
+            parameters: {
+                headers: {
+                    name: "x-zitadel-orgid";
+                    description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
+                    type: STRING,
+                    required: false;
+                };
+            };
+        };
+    }
+
+    rpc RemoveHumanAuthFactorOTPEmail(RemoveHumanAuthFactorOTPEmailRequest) returns (RemoveHumanAuthFactorOTPEmailResponse) {
+        option (google.api.http) = {
+            delete: "/users/{user_id}/auth_factors/otp_email"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "user.write"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            summary: "Remove Multi-Factor OTP SMS";
+            description: "Remove the configured One-Time-Password (OTP) Email as a factor from the user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward."
+            tags: "Users";
+            tags: "User Human";
+            responses: {
+                key: "200"
+                value: {
+                    description: "OK";
+                }
+            };
+            parameters: {
+                headers: {
+                    name: "x-zitadel-orgid";
+                    description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
+                    type: STRING,
+                    required: false;
+                };
+            };
+        };
+    }
+
    rpc ListHumanPasswordless(ListHumanPasswordlessRequest) returns (ListHumanPasswordlessResponse) {
        option (google.api.http) = {
            post: "/users/{user_id}/passwordless/_search"
@ -8246,6 +8308,22 @@ message RemoveHumanAuthFactorU2FResponse {
    zitadel.v1.ObjectDetails details = 1;
 }

+message RemoveHumanAuthFactorOTPSMSRequest {
+    string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message RemoveHumanAuthFactorOTPSMSResponse {
+    zitadel.v1.ObjectDetails details = 1;
+}
+
+message RemoveHumanAuthFactorOTPEmailRequest {
+    string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message RemoveHumanAuthFactorOTPEmailResponse {
+    zitadel.v1.ObjectDetails details = 1;
+}
+
 message ListHumanPasswordlessRequest {
    string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
 }