fix: some fixes
This commit is contained in:
parent
28fb6a0c16
commit
83c411e5fd
9 changed files with 47 additions and 45 deletions
2
.env
2
.env
|
@ -78,7 +78,7 @@ _APP_MAINTENANCE_RETENTION_ABUSE=86400
|
||||||
_APP_MAINTENANCE_RETENTION_AUDIT=1209600
|
_APP_MAINTENANCE_RETENTION_AUDIT=1209600
|
||||||
_APP_USAGE_AGGREGATION_INTERVAL=5
|
_APP_USAGE_AGGREGATION_INTERVAL=5
|
||||||
_APP_MAINTENANCE_RETENTION_USAGE_HOURLY=8640000
|
_APP_MAINTENANCE_RETENTION_USAGE_HOURLY=8640000
|
||||||
_APP_USAGE_STATS=enabled
|
_APP_USAGE_STATS=disabled
|
||||||
_APP_LOGGING_PROVIDER=
|
_APP_LOGGING_PROVIDER=
|
||||||
_APP_LOGGING_CONFIG=
|
_APP_LOGGING_CONFIG=
|
||||||
_APP_GRAPHQL_MAX_BATCH_SIZE=10
|
_APP_GRAPHQL_MAX_BATCH_SIZE=10
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -2571,7 +2571,7 @@ App::get('/v1/account/mfa/providers')
|
||||||
->label('usage.metric', 'users.{scope}.requests.read')
|
->label('usage.metric', 'users.{scope}.requests.read')
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'get')
|
->label('sdk.method', 'listProviders')
|
||||||
->label('sdk.description', '/docs/references/account/get.md')
|
->label('sdk.description', '/docs/references/account/get.md')
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||||
|
@ -2602,11 +2602,11 @@ App::post('/v1/account/mfa/:provider')
|
||||||
->label('usage.metric', 'users.{scope}.requests.update')
|
->label('usage.metric', 'users.{scope}.requests.update')
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'updateMFA')
|
->label('sdk.method', 'addAuthenticator')
|
||||||
->label('sdk.description', '/docs/references/account/update-mfa.md')
|
->label('sdk.description', '/docs/references/account/update-mfa.md')
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||||
->label('sdk.response.model', Response::MODEL_USER)
|
->label('sdk.response.model', Response::MODEL_MFA_PROVIDER)
|
||||||
->label('sdk.offline.model', '/account')
|
->label('sdk.offline.model', '/account')
|
||||||
->label('sdk.offline.key', 'current')
|
->label('sdk.offline.key', 'current')
|
||||||
->param('provider', null, new WhiteList(['totp']), 'Provider.')
|
->param('provider', null, new WhiteList(['totp']), 'Provider.')
|
||||||
|
@ -2628,18 +2628,18 @@ App::post('/v1/account/mfa/:provider')
|
||||||
|
|
||||||
$backups = Provider::generateBackupCodes();
|
$backups = Provider::generateBackupCodes();
|
||||||
|
|
||||||
switch ($provider) {
|
switch ($provider) {
|
||||||
case 'totp':
|
case 'totp':
|
||||||
if ($user->getAttribute('totp') && $user->getAttribute('totpVerification')) {
|
if ($user->getAttribute('totp') && $user->getAttribute('totpVerification')) {
|
||||||
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already exists.');
|
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already exists.');
|
||||||
}
|
}
|
||||||
$user
|
$user
|
||||||
->setAttribute('totp', true)
|
->setAttribute('totp', true)
|
||||||
->setAttribute('totpVerification', false)
|
->setAttribute('totpVerification', false)
|
||||||
->setAttribute('totpBackup', $backups)
|
->setAttribute('totpBackup', $backups)
|
||||||
->setAttribute('totpSecret', $otp->getSecret());
|
->setAttribute('totpSecret', $otp->getSecret());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$model = new Document();
|
$model = new Document();
|
||||||
$model
|
$model
|
||||||
|
@ -2665,7 +2665,7 @@ App::put('/v1/account/mfa/:provider')
|
||||||
->label('usage.metric', 'users.{scope}.requests.update')
|
->label('usage.metric', 'users.{scope}.requests.update')
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'updateMFA')
|
->label('sdk.method', 'verifyAuthenticator')
|
||||||
->label('sdk.description', '/docs/references/account/update-mfa.md')
|
->label('sdk.description', '/docs/references/account/update-mfa.md')
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||||
|
@ -2687,20 +2687,20 @@ App::put('/v1/account/mfa/:provider')
|
||||||
default => false
|
default => false
|
||||||
};
|
};
|
||||||
|
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
throw new Exception(Exception::USER_INVALID_TOKEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
switch ($provider) {
|
switch ($provider) {
|
||||||
case 'totp':
|
case 'totp':
|
||||||
if (!$user->getAttribute('totp')) {
|
if (!$user->getAttribute('totp')) {
|
||||||
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP not added.');
|
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP not added.');
|
||||||
} elseif ($user->getAttribute('totpVerification')) {
|
} elseif ($user->getAttribute('totpVerification')) {
|
||||||
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already verified.');
|
throw new Exception(Exception::GENERAL_UNKNOWN, 'TOTP already verified.');
|
||||||
}
|
}
|
||||||
$user->setAttribute('totpVerification', true);
|
$user->setAttribute('totpVerification', true);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = $dbForProject->withRequestTimestamp($requestTimestamp, fn () => $dbForProject->updateDocument('users', $user->getId(), $user));
|
$user = $dbForProject->withRequestTimestamp($requestTimestamp, fn () => $dbForProject->updateDocument('users', $user->getId(), $user));
|
||||||
|
|
||||||
|
@ -2818,7 +2818,7 @@ App::put('/v1/account/mfa/challenge')
|
||||||
->label('sdk.method', 'updateChallenge')
|
->label('sdk.method', 'updateChallenge')
|
||||||
->label('sdk.description', '/docs/references/account/update-challenge.md')
|
->label('sdk.description', '/docs/references/account/update-challenge.md')
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
|
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
|
||||||
->label('sdk.response.model', Response::MODEL_NONE)
|
->label('sdk.response.model', Response::MODEL_SESSION)
|
||||||
->label('abuse-limit', 10)
|
->label('abuse-limit', 10)
|
||||||
->label('abuse-key', 'userId:{param-userId}')
|
->label('abuse-key', 'userId:{param-userId}')
|
||||||
->param('challengeId', '', new Text(256), 'Valid verification token.')
|
->param('challengeId', '', new Text(256), 'Valid verification token.')
|
||||||
|
@ -2836,16 +2836,17 @@ App::put('/v1/account/mfa/challenge')
|
||||||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
throw new Exception(Exception::USER_INVALID_TOKEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
$success = match ($challenge->getAttribute('provider')) {
|
$provider = $challenge->getAttribute('provider');
|
||||||
|
$success = match ($provider) {
|
||||||
'totp' => Challenge\TOTP::challenge($challenge, $user, $otp),
|
'totp' => Challenge\TOTP::challenge($challenge, $user, $otp),
|
||||||
'phone' => Challenge\Phone::challenge($challenge, $user, $otp),
|
'phone' => Challenge\Phone::challenge($challenge, $user, $otp),
|
||||||
'email' => Challenge\Email::challenge($challenge, $user, $otp),
|
'email' => Challenge\Email::challenge($challenge, $user, $otp),
|
||||||
default => false
|
default => false
|
||||||
};
|
};
|
||||||
|
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
throw new Exception(Exception::USER_INVALID_TOKEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
$dbForProject->deleteDocument('challenges', $challengeId);
|
$dbForProject->deleteDocument('challenges', $challengeId);
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
@ -2854,7 +2855,7 @@ App::put('/v1/account/mfa/challenge')
|
||||||
$sessionId = Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration);
|
$sessionId = Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration);
|
||||||
$session = $dbForProject->getDocument('sessions', $sessionId);
|
$session = $dbForProject->getDocument('sessions', $sessionId);
|
||||||
|
|
||||||
$dbForProject->updateDocument('sessions', $sessionId, $session->setAttribute('factors', $session->getAttribute('factors', 1) + 1));
|
$dbForProject->updateDocument('sessions', $sessionId, $session->setAttribute('factors', $provider, Document::SET_TYPE_APPEND));
|
||||||
|
|
||||||
$response->noContent();
|
$response->dynamic($session, Response::MODEL_SESSION);
|
||||||
});
|
});
|
||||||
|
|
|
@ -375,8 +375,9 @@ App::init()
|
||||||
throw new AppwriteException(AppwriteException::USER_PASSWORD_RESET_REQUIRED);
|
throw new AppwriteException(AppwriteException::USER_PASSWORD_RESET_REQUIRED);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($mode !== APP_MODE_ADMIN) {
|
if ($mode !== APP_MODE_ADMIN && $project->getId() !== 'console') {
|
||||||
$minFactors = $project->getAttribute('minFactors') ?? 1;
|
$minFactors = $project->getAttribute('minFactors') ?? 2;
|
||||||
|
var_dump($minFactors);
|
||||||
if (!in_array('mfa', $route->getGroups())) {
|
if (!in_array('mfa', $route->getGroups())) {
|
||||||
if ($session && \count($session->getAttribute('factors')) < $minFactors) {
|
if ($session && \count($session->getAttribute('factors')) < $minFactors) {
|
||||||
throw new AppwriteException(AppwriteException::USER_MORE_FACTORS_REQUIRED);
|
throw new AppwriteException(AppwriteException::USER_MORE_FACTORS_REQUIRED);
|
||||||
|
|
Loading…
Reference in a new issue