feat: updated strategy to use OTP with email

ory · Jul 11, 2022 · 2cb7536 · 2cb7536
1 parent 47903ed
commit 2cb7536
Show file tree

Hide file tree

Showing 30 changed files with 508 additions and 332 deletions.
diff --git a/cmd/clidoc/main.go b/cmd/clidoc/main.go
@@ -69,6 +69,7 @@ func init() {
 		"NewErrorValidationVerificationFlowExpired":               text.NewErrorValidationVerificationFlowExpired(-time.Second),
 		"NewInfoSelfServiceVerificationSuccessful":                text.NewInfoSelfServiceVerificationSuccessful(),
 		"NewVerificationEmailSent":                                text.NewVerificationEmailSent(),
+		"NewVerificationOTPSent":                                  text.NewVerificationOTPSent(),
 		"NewErrorValidationVerificationTokenInvalidOrAlreadyUsed": text.NewErrorValidationVerificationTokenInvalidOrAlreadyUsed(),
 		"NewErrorValidationVerificationRetrySuccess":              text.NewErrorValidationVerificationRetrySuccess(),
 		"NewErrorValidationVerificationStateFailure":              text.NewErrorValidationVerificationStateFailure(),
@@ -111,6 +112,7 @@ func init() {
 		"NewErrorValidationRecoveryFlowExpired":                   text.NewErrorValidationRecoveryFlowExpired(time.Second),
 		"NewRecoverySuccessful":                                   text.NewRecoverySuccessful(inAMinute),
 		"NewRecoveryEmailSent":                                    text.NewRecoveryEmailSent(),
+		"NewRecoveryOTPSent":                                      text.NewRecoveryOTPSent(),
 		"NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed":     text.NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed(),
 		"NewErrorValidationRecoveryRetrySuccess":                  text.NewErrorValidationRecoveryRetrySuccess(),
 		"NewErrorValidationRecoveryStateFailure":                  text.NewErrorValidationRecoveryStateFailure(),

diff --git a/driver/registry.go b/driver/registry.go
@@ -8,10 +8,6 @@ import (
 	"github.com/gorilla/sessions"
 	"github.com/pkg/errors"
 
-	"github.com/ory/nosurf"
-	"github.com/ory/x/otelx"
-	"github.com/ory/x/logrusx"
-	"github.com/ory/kratos/selfservice/token"
 	"github.com/ory/kratos/continuity"
 	"github.com/ory/kratos/courier"
 	"github.com/ory/kratos/hash"
@@ -20,6 +16,10 @@ import (
 	"github.com/ory/kratos/selfservice/flow/settings"
 	"github.com/ory/kratos/selfservice/flow/verification"
 	"github.com/ory/kratos/selfservice/strategy/link"
+	"github.com/ory/kratos/selfservice/token"
+	"github.com/ory/nosurf"
+	"github.com/ory/x/logrusx"
+	"github.com/ory/x/otelx"
 
 	"github.com/ory/x/healthx"
 

diff --git a/driver/registry_default.go b/driver/registry_default.go
@@ -279,9 +279,9 @@ func (m *RegistryDefault) selfServiceStrategies() []interface{} {
 		m.selfserviceStrategies = []interface{}{
 			password2.NewStrategy(m),
 			oidc.NewStrategy(m),
-			otp.NewStrategy(m),
 			profile.NewStrategy(m),
 			link.NewStrategy(m),
+			otp.NewStrategy(m),
 			totp.NewStrategy(m),
 			webauthn.NewStrategy(m),
 			lookup.NewStrategy(m),

diff --git a/driver/registry_default_test.go b/driver/registry_default_test.go
@@ -566,30 +566,46 @@ func TestDriverDefault_Strategies(t *testing.T) {
 	})
 
 	t.Run("case=recovery", func(t *testing.T) {
-		for k, tc := range []struct {
+		for _, tc := range []struct {
+			name   string
 			prep   func(conf *config.Config)
 			expect []string
 		}{
 			{
+				name:   "default - otp and link methods are enabled",
+				prep:   func(conf *config.Config) {},
+				expect: []string{"otp", "link"},
+			},
+			{
+				name: "turn off otp and link recovery methods",
 				prep: func(conf *config.Config) {
 					conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".link.enabled", false)
+					conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".otp.enabled", false)
 				},
 			},
 			{
+				name: "turn on link method",
 				prep: func(conf *config.Config) {
 					conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".link.enabled", true)
+					conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".otp.enabled", false)
 				}, expect: []string{"link"},
 			},
+			{
+				name: "turn on otp method",
+				prep: func(conf *config.Config) {
+					conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".link.enabled", false)
+					conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".otp.enabled", true)
+				}, expect: []string{"otp"},
+			},
 		} {
-			t.Run(fmt.Sprintf("run=%d", k), func(t *testing.T) {
+			t.Run(fmt.Sprintf("run=%s", tc.name), func(t *testing.T) {
 				conf, reg := internal.NewFastRegistryWithMocks(t)
 				tc.prep(conf)
 
 				s := reg.RecoveryStrategies(context.Background())
 				require.Len(t, s, len(tc.expect))
-				for k, e := range tc.expect {
-					assert.Equal(t, e, s[k].RecoveryStrategyID())
-				}
+
+				assert.ElementsMatch(t, tc.expect, strategyToString(s))
 			})
 		}
 	})
@@ -713,11 +729,21 @@ func TestDefaultRegistry_AllStrategies(t *testing.T) {
 	})
 
 	t.Run("case=all recovery strategies", func(t *testing.T) {
-		expects := []string{"link"}
+		expects := []string{"otp", "link"}
 		s := reg.AllRecoveryStrategies()
 		require.Len(t, s, len(expects))
 		for k, e := range expects {
 			assert.Equal(t, e, s[k].RecoveryStrategyID())
 		}
 	})
 }
+
+func strategyToString(s recovery.Strategies) []string {
+	actualStrategies := make([]string, 0, len(s))
+
+	for _, strategy := range s {
+		actualStrategies = append(actualStrategies, strategy.RecoveryStrategyID())
+	}
+
+	return actualStrategies
+}
diff --git a/identity/extension_recovery.go b/identity/extension_recovery.go
@@ -49,15 +49,6 @@ func (r *SchemaExtensionRecovery) Run(ctx jsonschema.ValidationContext, s schema
 	return ctx.Error("", "recovery.via has unknown value %q", s.Recovery.Via)
 }
 
-func (r *SchemaExtensionRecovery) has(haystack []RecoveryAddress, needle *RecoveryAddress) *RecoveryAddress {
-	for _, has := range haystack {
-		if has.Value == needle.Value && has.Via == needle.Via {
-			return &has
-		}
-	}
-	return nil
-}
-
 func (r *SchemaExtensionRecovery) appendAddress(address *RecoveryAddress) {
 	if has := r.has(r.i.RecoveryAddresses, address); has != nil {
 		if r.has(r.v, address) == nil {
@@ -69,8 +60,15 @@ func (r *SchemaExtensionRecovery) appendAddress(address *RecoveryAddress) {
 	if has := r.has(r.v, address); has == nil {
 		r.v = append(r.v, *address)
 	}
+}
 
-	return
+func (r *SchemaExtensionRecovery) has(haystack []RecoveryAddress, needle *RecoveryAddress) *RecoveryAddress {
+	for _, has := range haystack {
+		if has.Value == needle.Value && has.Via == needle.Via {
+			return &has
+		}
+	}
+	return nil
 }
 
 func (r *SchemaExtensionRecovery) Finish() error {