Skip to content

Commit

Permalink
feat(users): Add force_two_factor_auth environment variable (#6466)
Browse files Browse the repository at this point in the history
  • Loading branch information
ThisIsMani authored and Sayak Bhattacharya committed Nov 26, 2024
1 parent f64b4aa commit 38232e4
Show file tree
Hide file tree
Showing 10 changed files with 17 additions and 4 deletions.
1 change: 1 addition & 0 deletions config/config.example.toml
Original file line number Diff line number Diff line change
Expand Up @@ -398,6 +398,7 @@ password_validity_in_days = 90 # Number of days after which password shoul
two_factor_auth_expiry_in_secs = 300 # Number of seconds after which 2FA should be done again if doing update/change from inside
totp_issuer_name = "Hyperswitch" # Name of the issuer for TOTP
base_url = "" # Base url used for user specific redirects and emails
force_two_factor_auth = false # Whether to force two factor authentication for all users

#tokenization configuration which describe token lifetime and payment method for specific connector
[tokenization]
Expand Down
3 changes: 2 additions & 1 deletion config/deployments/integration_test.toml
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Integ"
base_url = "https://integ.hyperswitch.io"
force_two_factor_auth = false

[frm]
enabled = true
Expand Down Expand Up @@ -397,4 +398,4 @@ connector_list = ""
card_networks = "Visa, AmericanExpress, Mastercard"

[network_tokenization_supported_connectors]
connector_list = "cybersource"
connector_list = "cybersource"
3 changes: 2 additions & 1 deletion config/deployments/production.toml
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Production"
base_url = "https://live.hyperswitch.io"
force_two_factor_auth = false

[frm]
enabled = false
Expand Down Expand Up @@ -411,4 +412,4 @@ connector_list = ""
card_networks = "Visa, AmericanExpress, Mastercard"

[network_tokenization_supported_connectors]
connector_list = "cybersource"
connector_list = "cybersource"
1 change: 1 addition & 0 deletions config/deployments/sandbox.toml
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Sandbox"
base_url = "https://app.hyperswitch.io"
force_two_factor_auth = false

[frm]
enabled = true
Expand Down
1 change: 1 addition & 0 deletions config/development.toml
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Dev"
base_url = "http://localhost:8080"
force_two_factor_auth = false

[bank_config.eps]
stripe = { banks = "arzte_und_apotheker_bank,austrian_anadi_bank_ag,bank_austria,bankhaus_carl_spangler,bankhaus_schelhammer_und_schattera_ag,bawag_psk_ag,bks_bank_ag,brull_kallmus_bank_ag,btv_vier_lander_bank,capital_bank_grawe_gruppe_ag,dolomitenbank,easybank_ag,erste_bank_und_sparkassen,hypo_alpeadriabank_international_ag,hypo_noe_lb_fur_niederosterreich_u_wien,hypo_oberosterreich_salzburg_steiermark,hypo_tirol_bank_ag,hypo_vorarlberg_bank_ag,hypo_bank_burgenland_aktiengesellschaft,marchfelder_bank,oberbank_ag,raiffeisen_bankengruppe_osterreich,schoellerbank_ag,sparda_bank_wien,volksbank_gruppe,volkskreditbank_ag,vr_bank_braunau" }
Expand Down
1 change: 1 addition & 0 deletions config/docker_compose.toml
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch"
base_url = "http://localhost:8080"
force_two_factor_auth = false

[locker]
host = ""
Expand Down
1 change: 1 addition & 0 deletions crates/api_models/src/user.rs
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,7 @@ pub struct TwoFactorAuthStatusResponseWithAttempts {
#[derive(Debug, serde::Deserialize, serde::Serialize)]
pub struct TwoFactorStatus {
pub status: Option<TwoFactorAuthStatusResponseWithAttempts>,
pub is_skippable: bool,
}

#[derive(Debug, serde::Deserialize, serde::Serialize)]
Expand Down
1 change: 1 addition & 0 deletions crates/router/src/configs/settings.rs
Original file line number Diff line number Diff line change
Expand Up @@ -556,6 +556,7 @@ pub struct UserSettings {
pub two_factor_auth_expiry_in_secs: i64,
pub totp_issuer_name: String,
pub base_url: String,
pub force_two_factor_auth: bool,
}

#[derive(Debug, Deserialize, Clone)]
Expand Down
8 changes: 6 additions & 2 deletions crates/router/src/core/user.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1319,7 +1319,7 @@ pub async fn list_user_roles_details(
))
.await
.change_context(UserErrors::InternalServerError)
.attach_printable("Failed to construct proifle map")?
.attach_printable("Failed to construct profile map")?
.into_iter()
.map(|profile| (profile.get_id().to_owned(), profile.profile_name))
.collect::<HashMap<_, _>>();
Expand Down Expand Up @@ -1927,7 +1927,7 @@ pub async fn terminate_two_factor_auth(
.change_context(UserErrors::InternalServerError)?
.into();

if !skip_two_factor_auth {
if state.conf.user.force_two_factor_auth || !skip_two_factor_auth {
if !tfa_utils::check_totp_in_redis(&state, &user_token.user_id).await?
&& !tfa_utils::check_recovery_code_in_redis(&state, &user_token.user_id).await?
{
Expand Down Expand Up @@ -1997,9 +1997,12 @@ pub async fn check_two_factor_auth_status_with_attempts(
.await
.change_context(UserErrors::InternalServerError)?
.into();

let is_skippable = state.conf.user.force_two_factor_auth.not();
if user_from_db.get_totp_status() == TotpStatus::NotSet {
return Ok(ApplicationResponse::Json(user_api::TwoFactorStatus {
status: None,
is_skippable,
}));
};

Expand All @@ -2018,6 +2021,7 @@ pub async fn check_two_factor_auth_status_with_attempts(
totp,
recovery_code,
}),
is_skippable,
}))
}

Expand Down
1 change: 1 addition & 0 deletions loadtest/config/development.toml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ jwt_secret = "secret"
password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch"
force_two_factor_auth = false

[locker]
host = ""
Expand Down

0 comments on commit 38232e4

Please sign in to comment.