CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-28 23:41:23 +12:00
Code Issues Projects Releases Wiki Activity

fix: some fixes

Browse source
This commit is contained in:
Torsten Dittmann 2023-12-07 10:05:37 +01:00
parent 28fb6a0c16
commit 83c411e5fd
9 changed files with 47 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.env
View file

@ -78,7 +78,7 @@ _APP_MAINTENANCE_RETENTION_ABUSE=86400
_APP_MAINTENANCE_RETENTION_AUDIT=1209600 _APP_MAINTENANCE_RETENTION_AUDIT=1209600
_APP_USAGE_AGGREGATION_INTERVAL=5 _APP_USAGE_AGGREGATION_INTERVAL=5
_APP_MAINTENANCE_RETENTION_USAGE_HOURLY=8640000 _APP_MAINTENANCE_RETENTION_USAGE_HOURLY=8640000
_APP_USAGE_STATS=enabled _APP_USAGE_STATS=disabled
_APP_LOGGING_PROVIDER= _APP_LOGGING_PROVIDER=
_APP_LOGGING_CONFIG= _APP_LOGGING_CONFIG=
_APP_GRAPHQL_MAX_BATCH_SIZE=10 _APP_GRAPHQL_MAX_BATCH_SIZE=10

2
app/config/specs/open-api3-latest-client.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/open-api3-latest-console.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/open-api3-latest-server.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/swagger2-latest-client.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/swagger2-latest-console.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/swagger2-latest-server.json
View file

File diff suppressed because one or more lines are too long

73
app/controllers/api/account.php
View file

@ -2571,7 +2571,7 @@ App::get('/v1/account/mfa/providers')
->label('usage.metric', 'users.{scope}.requests.read') ->label('usage.metric', 'users.{scope}.requests.read')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account') ->label('sdk.namespace', 'account')
->label('sdk.method', 'get') ->label('sdk.method', 'listProviders')
->label('sdk.description', '/docs/references/account/get.md') ->label('sdk.description', '/docs/references/account/get.md')
->label('sdk.response.code', Response::STATUS_CODE_OK) ->label('sdk.response.code', Response::STATUS_CODE_OK)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
@ -2602,11 +2602,11 @@ App::post('/v1/account/mfa/:provider')
->label('usage.metric', 'users.{scope}.requests.update') ->label('usage.metric', 'users.{scope}.requests.update')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account') ->label('sdk.namespace', 'account')
->label('sdk.method', 'updateMFA') ->label('sdk.method', 'addAuthenticator')
->label('sdk.description', '/docs/references/account/update-mfa.md') ->label('sdk.description', '/docs/references/account/update-mfa.md')
->label('sdk.response.code', Response::STATUS_CODE_OK) ->label('sdk.response.code', Response::STATUS_CODE_OK)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
->label('sdk.response.model', Response::MODEL_USER) ->label('sdk.response.model', Response::MODEL_MFA_PROVIDER)
->label('sdk.offline.model', '/account') ->label('sdk.offline.model', '/account')
->label('sdk.offline.key', 'current') ->label('sdk.offline.key', 'current')
->param('provider', null, new WhiteList(['totp']), 'Provider.') ->param('provider', null, new WhiteList(['totp']), 'Provider.')
@ -2628,18 +2628,18 @@ App::post('/v1/account/mfa/:provider')
$backups = Provider::generateBackupCodes(); $backups = Provider::generateBackupCodes();
switch ($provider) { switch ($provider) {
case 'totp': case 'totp':
if ($user->getAttribute('totp') && $user->getAttribute('totpVerification')) { if ($user->getAttribute('totp') && $user->getAttribute('totpVerification')) {
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already exists.'); throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already exists.');
} }
$user $user
->setAttribute('totp', true) ->setAttribute('totp', true)
->setAttribute('totpVerification', false) ->setAttribute('totpVerification', false)
->setAttribute('totpBackup', $backups) ->setAttribute('totpBackup', $backups)
->setAttribute('totpSecret', $otp->getSecret()); ->setAttribute('totpSecret', $otp->getSecret());
break; break;
} }
$model = new Document(); $model = new Document();
$model $model
@ -2665,7 +2665,7 @@ App::put('/v1/account/mfa/:provider')
->label('usage.metric', 'users.{scope}.requests.update') ->label('usage.metric', 'users.{scope}.requests.update')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account') ->label('sdk.namespace', 'account')
->label('sdk.method', 'updateMFA') ->label('sdk.method', 'verifyAuthenticator')
->label('sdk.description', '/docs/references/account/update-mfa.md') ->label('sdk.description', '/docs/references/account/update-mfa.md')
->label('sdk.response.code', Response::STATUS_CODE_OK) ->label('sdk.response.code', Response::STATUS_CODE_OK)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
@ -2687,20 +2687,20 @@ App::put('/v1/account/mfa/:provider')
default => false default => false
}; };
if (!$success) { if (!$success) {
throw new Exception(Exception::USER_INVALID_TOKEN); throw new Exception(Exception::USER_INVALID_TOKEN);
} }
switch ($provider) { switch ($provider) {
case 'totp': case 'totp':
if (!$user->getAttribute('totp')) { if (!$user->getAttribute('totp')) {
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP not added.'); throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP not added.');
} elseif ($user->getAttribute('totpVerification')) { } elseif ($user->getAttribute('totpVerification')) {
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already verified.'); throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already verified.');
} }
$user->setAttribute('totpVerification', true); $user->setAttribute('totpVerification', true);
break; break;
} }
$user = $dbForProject->withRequestTimestamp($requestTimestamp, fn () => $dbForProject->updateDocument('users', $user->getId(), $user)); $user = $dbForProject->withRequestTimestamp($requestTimestamp, fn () => $dbForProject->updateDocument('users', $user->getId(), $user));
@ -2818,7 +2818,7 @@ App::put('/v1/account/mfa/challenge')
->label('sdk.method', 'updateChallenge') ->label('sdk.method', 'updateChallenge')
->label('sdk.description', '/docs/references/account/update-challenge.md') ->label('sdk.description', '/docs/references/account/update-challenge.md')
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT) ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
->label('sdk.response.model', Response::MODEL_NONE) ->label('sdk.response.model', Response::MODEL_SESSION)
->label('abuse-limit', 10) ->label('abuse-limit', 10)
->label('abuse-key', 'userId:{param-userId}') ->label('abuse-key', 'userId:{param-userId}')
->param('challengeId', '', new Text(256), 'Valid verification token.') ->param('challengeId', '', new Text(256), 'Valid verification token.')
@ -2836,16 +2836,17 @@ App::put('/v1/account/mfa/challenge')
throw new Exception(Exception::USER_INVALID_TOKEN); throw new Exception(Exception::USER_INVALID_TOKEN);
} }
$success = match ($challenge->getAttribute('provider')) { $provider = $challenge->getAttribute('provider');
$success = match ($provider) {
'totp' => Challenge\TOTP::challenge($challenge, $user, $otp), 'totp' => Challenge\TOTP::challenge($challenge, $user, $otp),
'phone' => Challenge\Phone::challenge($challenge, $user, $otp), 'phone' => Challenge\Phone::challenge($challenge, $user, $otp),
'email' => Challenge\Email::challenge($challenge, $user, $otp), 'email' => Challenge\Email::challenge($challenge, $user, $otp),
default => false default => false
}; };
if (!$success) { if (!$success) {
throw new Exception(Exception::USER_INVALID_TOKEN); throw new Exception(Exception::USER_INVALID_TOKEN);
} }
$dbForProject->deleteDocument('challenges', $challengeId); $dbForProject->deleteDocument('challenges', $challengeId);
$dbForProject->deleteCachedDocument('users', $user->getId()); $dbForProject->deleteCachedDocument('users', $user->getId());
@ -2854,7 +2855,7 @@ App::put('/v1/account/mfa/challenge')
$sessionId = Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration); $sessionId = Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration);
$session = $dbForProject->getDocument('sessions', $sessionId); $session = $dbForProject->getDocument('sessions', $sessionId);
$dbForProject->updateDocument('sessions', $sessionId, $session->setAttribute('factors', $session->getAttribute('factors', 1) + 1)); $dbForProject->updateDocument('sessions', $sessionId, $session->setAttribute('factors', $provider, Document::SET_TYPE_APPEND));
$response->noContent(); $response->dynamic($session, Response::MODEL_SESSION);
}); });

5
app/controllers/general.php
View file

@ -375,8 +375,9 @@ App::init()
throw new AppwriteException(AppwriteException::USER_PASSWORD_RESET_REQUIRED); throw new AppwriteException(AppwriteException::USER_PASSWORD_RESET_REQUIRED);
} }
if ($mode !== APP_MODE_ADMIN) { if ($mode !== APP_MODE_ADMIN && $project->getId() !== 'console') {
$minFactors = $project->getAttribute('minFactors') ?? 1; $minFactors = $project->getAttribute('minFactors') ?? 2;
var_dump($minFactors);
if (!in_array('mfa', $route->getGroups())) { if (!in_array('mfa', $route->getGroups())) {
if ($session && \count($session->getAttribute('factors')) < $minFactors) { if ($session && \count($session->getAttribute('factors')) < $minFactors) {
throw new AppwriteException(AppwriteException::USER_MORE_FACTORS_REQUIRED); throw new AppwriteException(AppwriteException::USER_MORE_FACTORS_REQUIRED);