teamhanko · FreddyDevelop · Dec 3, 2024 · Nov 6, 2024 · Nov 6, 2024 · Nov 7, 2024
diff --git a/backend/dto/admin/otp.go b/backend/dto/admin/otp.go
@@ -0,0 +1,15 @@
+package admin
+
+import (
+	"github.com/gofrs/uuid"
+	"time"
+)
+
+type GetOTPRequestDto struct {
+	UserID string `param:"user_id" validate:"required,uuid4"`
+}
+
+type OTPDto struct {
+	ID        uuid.UUID `json:"id"`
+	CreatedAt time.Time `json:"created_at"`
+}
diff --git a/backend/dto/admin/password.go b/backend/dto/admin/password.go
@@ -10,3 +10,12 @@ type PasswordCredential struct {
 	CreatedAt time.Time `json:"created_at"`
 	UpdatedAt time.Time `json:"updated_at"`
 }
+
+type GetPasswordCredentialRequestDto struct {
+	UserID string `param:"user_id" validate:"required,uuid4"`
+}
+
+type CreateOrUpdatePasswordCredentialRequestDto struct {
+	GetPasswordCredentialRequestDto
+	Password string `json:"password" validate:"required"`
+}
diff --git a/backend/dto/admin/session.go b/backend/dto/admin/session.go
@@ -9,3 +9,12 @@ type CreateSessionTokenDto struct {
 type CreateSessionTokenResponse struct {
 	SessionToken string `json:"session_token"`
 }
+
+type ListSessionsRequestDto struct {
+	UserID string `param:"user_id" validate:"required,uuid4"`
+}
+
+type DeleteSessionRequestDto struct {
+	ListSessionsRequestDto
+	SessionID string `param:"session_id" validate:"required,uuid4"`
+}
diff --git a/backend/dto/admin/user.go b/backend/dto/admin/user.go
@@ -16,6 +16,7 @@ type User struct {
 	UpdatedAt           time.Time                        `json:"updated_at"`
 	Password            *PasswordCredential              `json:"password,omitempty"`
 	Identities          []Identity                       `json:"identities,omitempty"`
+	OTP                 *OTPDto                          `json:"otp"`
 }
 
 // FromUserModel Converts the DB model to a DTO object
@@ -46,6 +47,14 @@ func FromUserModel(model models.User) User {
 		}
 	}
 
+	var otp *OTPDto = nil
+	if model.OTPSecret != nil {
+		otp = &OTPDto{
+			ID:        model.OTPSecret.ID,
+			CreatedAt: model.OTPSecret.CreatedAt,
+		}
+	}
+
 	return User{
 		ID:                  model.ID,
 		WebauthnCredentials: credentials,
@@ -55,6 +64,7 @@ func FromUserModel(model models.User) User {
 		UpdatedAt:           model.UpdatedAt,
 		Password:            passwordCredential,
 		Identities:          identities,
+		OTP:                 otp,
 	}
 }
 

diff --git a/backend/dto/admin/webauthn.go b/backend/dto/admin/webauthn.go
@@ -0,0 +1,10 @@
+package admin
+
+type ListWebauthnCredentialsRequestDto struct {
+	UserID string `param:"user_id" validate:"required,uuid"`
+}
+
+type GetWebauthnCredentialRequestDto struct {
+	ListWebauthnCredentialsRequestDto
+	WebauthnCredentialID string `param:"credential_id" validate:"required"`
+}
diff --git a/backend/dto/webauthn.go b/backend/dto/webauthn.go
@@ -21,6 +21,7 @@ type WebauthnCredentialResponse struct {
 	Transports      []string   `json:"transports"`
 	BackupEligible  bool       `json:"backup_eligible"`
 	BackupState     bool       `json:"backup_state"`
+	MFAOnly         bool       `json:"mfa_only"`
 }
 
 // FromWebauthnCredentialModel Converts the DB model to a DTO object
@@ -36,5 +37,6 @@ func FromWebauthnCredentialModel(c *models.WebauthnCredential) *WebauthnCredenti
 		Transports:      c.Transports.GetNames(),
 		BackupEligible:  c.BackupEligible,
 		BackupState:     c.BackupState,
+		MFAOnly:         c.MFAOnly,
 	}
 }
diff --git a/backend/flow_api/services/password.go b/backend/flow_api/services/password.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/gobuffalo/pop/v6"
 	"github.com/gofrs/uuid"
-	"github.com/teamhanko/hanko/backend/config"
 	"github.com/teamhanko/hanko/backend/persistence"
 	"github.com/teamhanko/hanko/backend/persistence/models"
 	"golang.org/x/crypto/bcrypt"
@@ -25,13 +24,11 @@ type Password interface {
 
 type password struct {
 	persister persistence.Persister
-	cfg       config.Config
 }
 
-func NewPasswordService(cfg config.Config, persister persistence.Persister) Password {
+func NewPasswordService(persister persistence.Persister) Password {
 	return &password{
 		persister,
-		cfg,
 	}
 }
 

diff --git a/backend/handler/admin_router.go b/backend/handler/admin_router.go
@@ -60,6 +60,7 @@ func NewAdminRouter(cfg *config.Config, persister persistence.Persister, prometh
 
 	userHandler := NewUserHandlerAdmin(persister)
 	emailHandler := NewEmailAdminHandler(cfg, persister)
+	sessionsHandler := NewSessionAdminHandler(cfg, persister, sessionManager, auditLogger)
 
 	user := g.Group("/users")
 	user.GET("", userHandler.List)
@@ -74,6 +75,28 @@ func NewAdminRouter(cfg *config.Config, persister persistence.Persister, prometh
 	email.DELETE("/:email_id", emailHandler.Delete)
 	email.POST("/:email_id/set_primary", emailHandler.SetPrimaryEmail)
 
+	webauthnCredentialHandler := NewWebauthnCredentialAdminHandler(persister)
+	webauthnCredentials := user.Group("/:user_id/webauthn_credentials")
+	webauthnCredentials.GET("", webauthnCredentialHandler.List)
+	webauthnCredentials.GET("/:credential_id", webauthnCredentialHandler.Get)
+	webauthnCredentials.DELETE("/:credential_id", webauthnCredentialHandler.Delete)
+
+	passwordCredentialHandler := NewPasswordAdminHandler(persister)
+	passwordCredentials := user.Group("/:user_id/password")
+	passwordCredentials.GET("", passwordCredentialHandler.Get)
+	passwordCredentials.POST("", passwordCredentialHandler.Create)
+	passwordCredentials.PUT("", passwordCredentialHandler.Update)
+	passwordCredentials.DELETE("", passwordCredentialHandler.Delete)
+
+	userSessions := user.Group("/:user_id/sessions")
+	userSessions.GET("", sessionsHandler.List)
+	userSessions.DELETE("/:session_id", sessionsHandler.Delete)
+
+	otpHandler := NewOTPAdminHandler(persister)
+	otp := user.Group("/:user_id/otp")
+	otp.GET("", otpHandler.Get)
+	otp.DELETE("", otpHandler.Delete)
+
 	auditLogHandler := NewAuditLogHandler(persister)
 
 	auditLogs := g.Group("/audit_logs")
@@ -87,7 +110,6 @@ func NewAdminRouter(cfg *config.Config, persister persistence.Persister, prometh
 	webhooks.DELETE("/:id", webhookHandler.Delete)
 	webhooks.PUT("/:id", webhookHandler.Update)
 
-	sessionsHandler := NewSessionAdminHandler(cfg, persister, sessionManager, auditLogger)
 	sessions := g.Group("/sessions")
 	sessions.POST("", sessionsHandler.Generate)
 

diff --git a/backend/handler/email_admin.go b/backend/handler/email_admin.go
@@ -42,23 +42,6 @@ func NewEmailAdminHandler(cfg *config.Config, persister persistence.Persister) E
 	}
 }
 
-func loadDto[I admin.EmailRequests](ctx echo.Context) (*I, error) {
-	var adminDto I
-	err := ctx.Bind(&adminDto)
-	if err != nil {
-		ctx.Logger().Error(err)
-		return nil, echo.NewHTTPError(http.StatusBadRequest, err)
-	}
-
-	err = ctx.Validate(adminDto)
-	if err != nil {
-		ctx.Logger().Error(err)
-		return nil, echo.NewHTTPError(http.StatusBadRequest, err)
-	}
-
-	return &adminDto, nil
-}
-
 func (h *emailAdminHandler) List(ctx echo.Context) error {
 	listDto, err := loadDto[admin.ListEmailRequestDto](ctx)
 	if err != nil {

diff --git a/backend/handler/otp_admin.go b/backend/handler/otp_admin.go
@@ -0,0 +1,77 @@
+package handler
+
+import (
+	"fmt"
+	"github.com/gofrs/uuid"
+	"github.com/labstack/echo/v4"
+	"github.com/teamhanko/hanko/backend/dto/admin"
+	"github.com/teamhanko/hanko/backend/persistence"
+	"net/http"
+)
+
+type OTPAdminHandler interface {
+	Get(ctx echo.Context) error
+	Delete(ctx echo.Context) error
+}
+
+type otpAdminHandler struct {
+	persister persistence.Persister
+}
+
+func NewOTPAdminHandler(persister persistence.Persister) OTPAdminHandler {
+	return &otpAdminHandler{persister: persister}
+}
+
+func (h *otpAdminHandler) Get(ctx echo.Context) error {
+	getDto, err := loadDto[admin.GetOTPRequestDto](ctx)
+	if err != nil {
+		return err
+	}
+
+	userID, err := uuid.FromString(getDto.UserID)
+	if err != nil {
+		return fmt.Errorf(parseUserUuidFailureMessage, err)
+	}
+
+	userModel, err := h.persister.GetUserPersister().Get(userID)
+	if err != nil {
+		return err
+	}
+
+	if userModel == nil || userModel.OTPSecret == nil {
+		return echo.NewHTTPError(http.StatusNotFound)
+	}
+
+	return ctx.JSON(http.StatusOK, admin.OTPDto{
+		ID:        userModel.OTPSecret.ID,
+		CreatedAt: userModel.OTPSecret.CreatedAt,
+	})
+}
+
+func (h *otpAdminHandler) Delete(ctx echo.Context) error {
+	deleteDto, err := loadDto[admin.GetOTPRequestDto](ctx)
+	if err != nil {
+		return err
+	}
+
+	userID, err := uuid.FromString(deleteDto.UserID)
+	if err != nil {
+		return fmt.Errorf(parseUserUuidFailureMessage, err)
+	}
+
+	userModel, err := h.persister.GetUserPersister().Get(userID)
+	if err != nil {
+		return err
+	}
+
+	if userModel == nil || userModel.OTPSecret == nil {
+		return echo.NewHTTPError(http.StatusNotFound)
+	}
+
+	err = h.persister.GetOTPSecretPersister().Delete(userModel.OTPSecret)
+	if err != nil {
+		return err
+	}
+
+	return ctx.NoContent(http.StatusNoContent)
+}