Improve logic for recovery code factor
This commit is contained in:
parent
b5b8aa5302
commit
65115f876c
2 changed files with 13 additions and 4 deletions
|
@ -3521,13 +3521,16 @@ App::get('/v1/account/mfa/factors')
|
||||||
->inject('user')
|
->inject('user')
|
||||||
->action(function (Response $response, Document $user) {
|
->action(function (Response $response, Document $user) {
|
||||||
|
|
||||||
|
$mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
|
||||||
|
$recoveryCodeEnabled = \is_array($mfaRecoveryCodes) && \count($mfaRecoveryCodes) > 0;
|
||||||
|
|
||||||
$totp = TOTP::getAuthenticatorFromUser($user);
|
$totp = TOTP::getAuthenticatorFromUser($user);
|
||||||
|
|
||||||
$factors = new Document([
|
$factors = new Document([
|
||||||
Type::TOTP => $totp !== null && $totp->getAttribute('verified', false),
|
Type::TOTP => $totp !== null && $totp->getAttribute('verified', false),
|
||||||
Type::EMAIL => $user->getAttribute('email', false) && $user->getAttribute('emailVerification', false),
|
Type::EMAIL => $user->getAttribute('email', false) && $user->getAttribute('emailVerification', false),
|
||||||
Type::PHONE => $user->getAttribute('phone', false) && $user->getAttribute('phoneVerification', false),
|
Type::PHONE => $user->getAttribute('phone', false) && $user->getAttribute('phoneVerification', false),
|
||||||
Type::RECOVERY_CODE => true
|
Type::RECOVERY_CODE => $recoveryCodeEnabled
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$response->dynamic($factors, Response::MODEL_MFA_FACTORS);
|
$response->dynamic($factors, Response::MODEL_MFA_FACTORS);
|
||||||
|
|
|
@ -13,19 +13,25 @@ class MFAFactors extends Model
|
||||||
$this
|
$this
|
||||||
->addRule(Type::TOTP, [
|
->addRule(Type::TOTP, [
|
||||||
'type' => self::TYPE_BOOLEAN,
|
'type' => self::TYPE_BOOLEAN,
|
||||||
'description' => 'TOTP',
|
'description' => 'Can TOTP be used for MFA challenge for this account.',
|
||||||
'default' => false,
|
'default' => false,
|
||||||
'example' => true
|
'example' => true
|
||||||
])
|
])
|
||||||
->addRule(Type::PHONE, [
|
->addRule(Type::PHONE, [
|
||||||
'type' => self::TYPE_BOOLEAN,
|
'type' => self::TYPE_BOOLEAN,
|
||||||
'description' => 'Phone',
|
'description' => 'Can phone (SMS) be used for MFA challenge for this account.',
|
||||||
'default' => false,
|
'default' => false,
|
||||||
'example' => true
|
'example' => true
|
||||||
])
|
])
|
||||||
->addRule(Type::EMAIL, [
|
->addRule(Type::EMAIL, [
|
||||||
'type' => self::TYPE_BOOLEAN,
|
'type' => self::TYPE_BOOLEAN,
|
||||||
'description' => 'Email',
|
'description' => 'Can email be used for MFA challenge for this account.',
|
||||||
|
'default' => false,
|
||||||
|
'example' => true
|
||||||
|
])
|
||||||
|
->addRule(Type::RECOVERY_CODE, [
|
||||||
|
'type' => self::TYPE_BOOLEAN,
|
||||||
|
'description' => 'Can recovery code be used for MFA challenge for this account.',
|
||||||
'default' => false,
|
'default' => false,
|
||||||
'example' => true
|
'example' => true
|
||||||
])
|
])
|
||||||
|
|
Loading…
Reference in a new issue