Improve logic for recovery code factor

2024-06-13 16:24:47 +12:00 · 2024-04-11 07:52:54 +00:00 · 2024-04-11 07:52:54 +00:00 · 65115f876c
parent b5b8aa5302
commit 65115f876c
2 changed files with 13 additions and 4 deletions
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -3521,13 +3521,16 @@ App::get('/v1/account/mfa/factors')
    ->inject('user')
    ->action(function (Response $response, Document $user) {

+        $mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
+        $recoveryCodeEnabled = \is_array($mfaRecoveryCodes) && \count($mfaRecoveryCodes) > 0;
+
        $totp = TOTP::getAuthenticatorFromUser($user);

        $factors = new Document([
            Type::TOTP => $totp !== null && $totp->getAttribute('verified', false),
            Type::EMAIL => $user->getAttribute('email', false) && $user->getAttribute('emailVerification', false),
            Type::PHONE => $user->getAttribute('phone', false) && $user->getAttribute('phoneVerification', false),
-            Type::RECOVERY_CODE => true
+            Type::RECOVERY_CODE => $recoveryCodeEnabled
        ]);

        $response->dynamic($factors, Response::MODEL_MFA_FACTORS);
--- a/src/Appwrite/Utopia/Response/Model/MFAFactors.php
+++ b/src/Appwrite/Utopia/Response/Model/MFAFactors.php
@ -13,19 +13,25 @@ class MFAFactors extends Model
        $this
            ->addRule(Type::TOTP, [
                'type' => self::TYPE_BOOLEAN,
-                'description' => 'TOTP',
+                'description' => 'Can TOTP be used for MFA challenge for this account.',
                'default' => false,
                'example' => true
            ])
            ->addRule(Type::PHONE, [
                'type' => self::TYPE_BOOLEAN,
-                'description' => 'Phone',
+                'description' => 'Can phone (SMS) be used for MFA challenge for this account.',
                'default' => false,
                'example' => true
            ])
            ->addRule(Type::EMAIL, [
                'type' => self::TYPE_BOOLEAN,
-                'description' => 'Email',
+                'description' => 'Can email be used for MFA challenge for this account.',
+                'default' => false,
+                'example' => true
+            ])
+            ->addRule(Type::RECOVERY_CODE, [
+                'type' => self::TYPE_BOOLEAN,
+                'description' => 'Can recovery code be used for MFA challenge for this account.',
                'default' => false,
                'example' => true
            ])