fix: remove some leftovers
This commit is contained in:
parent
a62b3f562e
commit
3f688a2aa7
5 changed files with 20 additions and 64 deletions
|
@ -4177,17 +4177,6 @@ $consoleCollections = array_merge([
|
||||||
'array' => false,
|
'array' => false,
|
||||||
'filters' => [],
|
'filters' => [],
|
||||||
],
|
],
|
||||||
[
|
|
||||||
'$id' => ID::custom('minFactors'),
|
|
||||||
'type' => Database::VAR_INTEGER,
|
|
||||||
'format' => '',
|
|
||||||
'size' => 0,
|
|
||||||
'signed' => true,
|
|
||||||
'required' => false,
|
|
||||||
'default' => null,
|
|
||||||
'array' => false,
|
|
||||||
'filters' => [],
|
|
||||||
],
|
|
||||||
[
|
[
|
||||||
'$id' => ID::custom('services'),
|
'$id' => ID::custom('services'),
|
||||||
'type' => Database::VAR_STRING,
|
'type' => Database::VAR_STRING,
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit ab5a7e673e92ebc2ebdcd9bc23e5c8fd57ff6db1
|
Subproject commit 0a007a3b1b6eafc39dc19b7129f41643102f9676
|
|
@ -3499,7 +3499,7 @@ App::get('/v1/account/mfa/providers')
|
||||||
|
|
||||||
App::post('/v1/account/mfa/:provider')
|
App::post('/v1/account/mfa/:provider')
|
||||||
->desc('Add Authenticator')
|
->desc('Add Authenticator')
|
||||||
->groups(['api', 'account', 'mfa'])
|
->groups(['api', 'account'])
|
||||||
->label('event', 'users.[userId].update.mfa')
|
->label('event', 'users.[userId].update.mfa')
|
||||||
->label('scope', 'accounts.write')
|
->label('scope', 'accounts.write')
|
||||||
->label('audits.event', 'user.update')
|
->label('audits.event', 'user.update')
|
||||||
|
@ -3559,7 +3559,7 @@ App::post('/v1/account/mfa/:provider')
|
||||||
|
|
||||||
App::put('/v1/account/mfa/:provider')
|
App::put('/v1/account/mfa/:provider')
|
||||||
->desc('Verify Authenticator')
|
->desc('Verify Authenticator')
|
||||||
->groups(['api', 'account', 'mfa'])
|
->groups(['api', 'account'])
|
||||||
->label('event', 'users.[userId].update.mfa')
|
->label('event', 'users.[userId].update.mfa')
|
||||||
->label('scope', 'accounts.write')
|
->label('scope', 'accounts.write')
|
||||||
->label('audits.event', 'user.update')
|
->label('audits.event', 'user.update')
|
||||||
|
@ -3697,11 +3697,13 @@ App::post('/v1/account/mfa/challenge')
|
||||||
->action(function (string $provider, Response $response, Database $dbForProject, Document $user, Document $project, Event $queueForEvents, Messaging $queueForMessaging, Mail $queueForMails, Locale $locale) {
|
->action(function (string $provider, Response $response, Database $dbForProject, Document $user, Document $project, Event $queueForEvents, Messaging $queueForMessaging, Mail $queueForMails, Locale $locale) {
|
||||||
|
|
||||||
$expire = DateTime::addSeconds(new \DateTime(), Auth::TOKEN_EXPIRATION_CONFIRM);
|
$expire = DateTime::addSeconds(new \DateTime(), Auth::TOKEN_EXPIRATION_CONFIRM);
|
||||||
|
$code = Auth::codeGenerator();
|
||||||
$challenge = new Document([
|
$challenge = new Document([
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'provider' => $provider,
|
'provider' => $provider,
|
||||||
'token' => Auth::tokenGenerator(),
|
'token' => Auth::tokenGenerator(),
|
||||||
|
'code' => $code,
|
||||||
'expire' => $expire,
|
'expire' => $expire,
|
||||||
'$permissions' => [
|
'$permissions' => [
|
||||||
Permission::read(Role::user($user->getId())),
|
Permission::read(Role::user($user->getId())),
|
||||||
|
@ -3710,6 +3712,8 @@ App::post('/v1/account/mfa/challenge')
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
$challenge = $dbForProject->createDocument('challenges', $challenge);
|
||||||
|
|
||||||
switch ($provider) {
|
switch ($provider) {
|
||||||
case 'phone':
|
case 'phone':
|
||||||
if (empty(App::getEnv('_APP_SMS_PROVIDER'))) {
|
if (empty(App::getEnv('_APP_SMS_PROVIDER'))) {
|
||||||
|
@ -3722,11 +3726,14 @@ App::post('/v1/account/mfa/challenge')
|
||||||
throw new Exception(Exception::USER_PHONE_NOT_VERIFIED);
|
throw new Exception(Exception::USER_PHONE_NOT_VERIFIED);
|
||||||
}
|
}
|
||||||
|
|
||||||
$code = Auth::codeGenerator();
|
$queueForMessaging
|
||||||
$challenge->setAttribute('code', $code);
|
->setMessage(new Document([
|
||||||
$messaging
|
'$id' => $challenge->getId(),
|
||||||
->setRecipient($user->getAttribute('phone'))
|
'data' => [
|
||||||
->setMessage($code)
|
'content' => $code,
|
||||||
|
],
|
||||||
|
]))
|
||||||
|
->setRecipients([$user->getAttribute('phone')])
|
||||||
->trigger();
|
->trigger();
|
||||||
break;
|
break;
|
||||||
case 'email':
|
case 'email':
|
||||||
|
@ -3740,21 +3747,14 @@ App::post('/v1/account/mfa/challenge')
|
||||||
throw new Exception(Exception::USER_EMAIL_NOT_VERIFIED);
|
throw new Exception(Exception::USER_EMAIL_NOT_VERIFIED);
|
||||||
}
|
}
|
||||||
|
|
||||||
$code = Auth::codeGenerator();
|
$queueForMails
|
||||||
$challenge->setAttribute('code', $code);
|
->setSubject("{$code} is your 6-digit code")
|
||||||
$from = $project->isEmpty() || $project->getId() === 'console' ? '' : \sprintf($locale->getText('emails.sender'), $project->getAttribute('name'));
|
|
||||||
|
|
||||||
$mails
|
|
||||||
->setSubject('mfa challenge')
|
|
||||||
->setBody($code)
|
->setBody($code)
|
||||||
->setFrom($from)
|
|
||||||
->setRecipient($user->getAttribute('email'))
|
->setRecipient($user->getAttribute('email'))
|
||||||
->trigger();
|
->trigger();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$challenge = $dbForProject->createDocument('challenges', $challenge);
|
|
||||||
|
|
||||||
$queueForEvents
|
$queueForEvents
|
||||||
->setParam('userId', $user->getId())
|
->setParam('userId', $user->getId())
|
||||||
->setParam('challengeId', $challenge->getId());
|
->setParam('challengeId', $challenge->getId());
|
||||||
|
|
|
@ -166,7 +166,6 @@ App::post('/v1/projects')
|
||||||
'webhooks' => null,
|
'webhooks' => null,
|
||||||
'keys' => null,
|
'keys' => null,
|
||||||
'auths' => $auths,
|
'auths' => $auths,
|
||||||
'minFactors' => 1,
|
|
||||||
'search' => implode(' ', [$projectId, $name]),
|
'search' => implode(' ', [$projectId, $name]),
|
||||||
'database' => $database
|
'database' => $database
|
||||||
]));
|
]));
|
||||||
|
@ -741,36 +740,6 @@ App::patch('/v1/projects/:projectId/auth/max-sessions')
|
||||||
$response->dynamic($project, Response::MODEL_PROJECT);
|
$response->dynamic($project, Response::MODEL_PROJECT);
|
||||||
});
|
});
|
||||||
|
|
||||||
App::patch('/v1/projects/:projectId/auth/mfa/factors')
|
|
||||||
->desc('Update Project user minimum sessions factors')
|
|
||||||
->groups(['api', 'projects'])
|
|
||||||
->label('scope', 'projects.write')
|
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
|
|
||||||
->label('sdk.namespace', 'projects')
|
|
||||||
->label('sdk.method', 'updateAuthMfaFactors')
|
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
|
||||||
->label('sdk.response.model', Response::MODEL_PROJECT)
|
|
||||||
->param('projectId', '', new UID(), 'Project unique ID.')
|
|
||||||
->param('factors', false, new Range(1, 4), '')
|
|
||||||
->inject('response')
|
|
||||||
->inject('dbForConsole')
|
|
||||||
->action(function (string $projectId, int $factors, Response $response, Database $dbForConsole) {
|
|
||||||
|
|
||||||
$project = $dbForConsole->getDocument('projects', $projectId);
|
|
||||||
|
|
||||||
if ($project->isEmpty()) {
|
|
||||||
throw new Exception(Exception::PROJECT_NOT_FOUND);
|
|
||||||
}
|
|
||||||
|
|
||||||
$auths = $project->getAttribute('auths', []);
|
|
||||||
$auths['minFactors'] = $factors;
|
|
||||||
|
|
||||||
$dbForConsole->updateDocument('projects', $project->getId(), $project->setAttribute('auths', $auths));
|
|
||||||
|
|
||||||
$response->dynamic($project, Response::MODEL_PROJECT);
|
|
||||||
});
|
|
||||||
|
|
||||||
App::delete('/v1/projects/:projectId')
|
App::delete('/v1/projects/:projectId')
|
||||||
->desc('Delete project')
|
->desc('Delete project')
|
||||||
->groups(['api', 'projects'])
|
->groups(['api', 'projects'])
|
||||||
|
|
|
@ -564,17 +564,15 @@ App::init()
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($mode !== APP_MODE_ADMIN) {
|
if ($mode !== APP_MODE_ADMIN) {
|
||||||
$minFactors = $project->getAttribute('minFactors') ?? 1;
|
|
||||||
$mfaEnabled = $user->getAttribute('mfa', false);
|
$mfaEnabled = $user->getAttribute('mfa', false);
|
||||||
$hasVerifiedAuthenticator = $user->getAttribute('totpVerification', false);
|
$hasVerifiedAuthenticator = $user->getAttribute('totpVerification', false);
|
||||||
$hasVerifiedEmail = $user->getAttribute('emailVerification', false);
|
$hasVerifiedEmail = $user->getAttribute('emailVerification', false);
|
||||||
$hasVerifiedPhone = $user->getAttribute('phoneVerification', false);
|
$hasVerifiedPhone = $user->getAttribute('phoneVerification', false);
|
||||||
$hasMoreFactors = $hasVerifiedEmail || $hasVerifiedPhone || $hasVerifiedAuthenticator;
|
$hasMoreFactors = $hasVerifiedEmail || $hasVerifiedPhone || $hasVerifiedAuthenticator;
|
||||||
if ($mfaEnabled && $hasMoreFactors && $minFactors === 1) {
|
$minimumFactors = ($mfaEnabled && $hasMoreFactors) ? 2 : 1;
|
||||||
$minFactors = 2;
|
|
||||||
}
|
|
||||||
if (!in_array('mfa', $route->getGroups())) {
|
if (!in_array('mfa', $route->getGroups())) {
|
||||||
if ($session && \count($session->getAttribute('factors')) < $minFactors) {
|
if ($session && \count($session->getAttribute('factors')) < $minimumFactors) {
|
||||||
throw new AppwriteException(AppwriteException::USER_MORE_FACTORS_REQUIRED);
|
throw new AppwriteException(AppwriteException::USER_MORE_FACTORS_REQUIRED);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue