From b5b8aa5302171dbef8335c722806f3f35b6d33b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 10 Apr 2024 13:57:36 +0000 Subject: [PATCH 1/2] Add recovery code as factor --- app/controllers/api/account.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index ddb85e0d1..7207c6cea 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -3526,7 +3526,8 @@ App::get('/v1/account/mfa/factors') $factors = new Document([ Type::TOTP => $totp !== null && $totp->getAttribute('verified', false), Type::EMAIL => $user->getAttribute('email', false) && $user->getAttribute('emailVerification', false), - Type::PHONE => $user->getAttribute('phone', false) && $user->getAttribute('phoneVerification', false) + Type::PHONE => $user->getAttribute('phone', false) && $user->getAttribute('phoneVerification', false), + Type::RECOVERY_CODE => true ]); $response->dynamic($factors, Response::MODEL_MFA_FACTORS); From 65115f876c4244b3ca49d9bf3aa093406ff028f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 11 Apr 2024 07:52:54 +0000 Subject: [PATCH 2/2] Improve logic for recovery code factor --- app/controllers/api/account.php | 5 ++++- src/Appwrite/Utopia/Response/Model/MFAFactors.php | 12 +++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 7207c6cea..6cbb1485f 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -3521,13 +3521,16 @@ App::get('/v1/account/mfa/factors') ->inject('user') ->action(function (Response $response, Document $user) { + $mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []); + $recoveryCodeEnabled = \is_array($mfaRecoveryCodes) && \count($mfaRecoveryCodes) > 0; + $totp = TOTP::getAuthenticatorFromUser($user); $factors = new Document([ Type::TOTP => $totp !== null && $totp->getAttribute('verified', false), Type::EMAIL => $user->getAttribute('email', false) && $user->getAttribute('emailVerification', false), Type::PHONE => $user->getAttribute('phone', false) && $user->getAttribute('phoneVerification', false), - Type::RECOVERY_CODE => true + Type::RECOVERY_CODE => $recoveryCodeEnabled ]); $response->dynamic($factors, Response::MODEL_MFA_FACTORS); diff --git a/src/Appwrite/Utopia/Response/Model/MFAFactors.php b/src/Appwrite/Utopia/Response/Model/MFAFactors.php index 4f20000d1..47938ac07 100644 --- a/src/Appwrite/Utopia/Response/Model/MFAFactors.php +++ b/src/Appwrite/Utopia/Response/Model/MFAFactors.php @@ -13,19 +13,25 @@ class MFAFactors extends Model $this ->addRule(Type::TOTP, [ 'type' => self::TYPE_BOOLEAN, - 'description' => 'TOTP', + 'description' => 'Can TOTP be used for MFA challenge for this account.', 'default' => false, 'example' => true ]) ->addRule(Type::PHONE, [ 'type' => self::TYPE_BOOLEAN, - 'description' => 'Phone', + 'description' => 'Can phone (SMS) be used for MFA challenge for this account.', 'default' => false, 'example' => true ]) ->addRule(Type::EMAIL, [ 'type' => self::TYPE_BOOLEAN, - 'description' => 'Email', + 'description' => 'Can email be used for MFA challenge for this account.', + 'default' => false, + 'example' => true + ]) + ->addRule(Type::RECOVERY_CODE, [ + 'type' => self::TYPE_BOOLEAN, + 'description' => 'Can recovery code be used for MFA challenge for this account.', 'default' => false, 'example' => true ])