Skip to content

Commit

Permalink
Merge pull request #569 from curveball/verify-response-form
Browse files Browse the repository at this point in the history
Expose the 'verify-response' action as a form on the identity resource.
  • Loading branch information
evert authored Jan 9, 2025
2 parents a3573b8 + d261a3b commit 8fe0f1b
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 1 deletion.
3 changes: 3 additions & 0 deletions changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ Changelog

* Add a new privilege for managing user identities. Before this change it was
required to have the 'admin' privilege to do this.
* Verify response endpoint is now exposed as a form on the identity resource.
* It's now possible to mark an identity as an MFA identity when verifying using
the 'enableMfa' property.


0.28.1 (2025-01-08)
Expand Down
4 changes: 4 additions & 0 deletions schemas/principal-identity-verify-response.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@
"type": "string",
"description": "The verification code",
"pattern": "^[0-9]{6}$"
},
"enableMfa": {
"type": "boolean",
"description": "If verification was successful, turn on MFA for this identity."
}
}
}
4 changes: 4 additions & 0 deletions src/api-types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,10 @@ export interface PrincipalIdentityVerifyForm {
* The verification code
*/
code: string;
/**
* If verification was successful, turn on MFA for this identity.
*/
enableMfa?: boolean;
}
/* eslint-disable */
/**
Expand Down
2 changes: 1 addition & 1 deletion src/login/service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ export async function challenge(client: AppClient, session: LoginSession, parame

const completedChallenges = new Set(session.challengesCompleted);

if (completedChallenges.size < 2 && challenges.length > 1) {
if ((completedChallenges.size < 2 && challenges.length > 1) || completedChallenges.size < 1) {
// If there are 2 or more auth factors set up, we want at least 2 successful
// passes. If this is not the case we're going to emit a challenge error.
for(const challenge of challenges) {
Expand Down
4 changes: 4 additions & 0 deletions src/principal-identity/controller/verify-response.ts
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ class PrincipalIdentityVerify extends Controller {

try {
await services.principalIdentity.verifyIdentity(identity, ctx.request.body.code);
if (ctx.request.body.enableMfa && !identity.isMfa) {
identity.isMfa = true;
await services.principalIdentity.update(identity);
}
ctx.response.body = hal.verifySuccess(identity);
} catch (err) {
if (isHttpError(err)) {
Expand Down
13 changes: 13 additions & 0 deletions src/principal-identity/formats/hal.ts
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,19 @@ export function item(principal: Principal, identity: PrincipalIdentity): HalReso
method: 'POST',
title: identity.verifiedAt ? 'Re-verify' : 'Verify',
target: `${identity.href}/verify`,
},
'verify-response': {
method: 'POST',
title: 'Submit verification code',
target: `${identity.href}/verify-response`,
properties: [
{
name: 'code',
type: 'text',
prompt: 'Code',
regex: '^[0-9]{6}$'
}
],
}
};
if (identity.verifiedAt) {
Expand Down

0 comments on commit 8fe0f1b

Please sign in to comment.