Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: tfa validate endpoint, user self request, cleanup #399

Merged
merged 2 commits into from
Jan 22, 2025
Merged

feat: tfa validate endpoint, user self request, cleanup #399

merged 2 commits into from
Jan 22, 2025

Conversation

golanglemonade
Copy link
Member

@golanglemonade golanglemonade commented Jan 22, 2025
edited
Loading

  • Adds a /v1/2fa/validate endpoint to use to validate an OTP code request - We additionally have the otp_code as an input to the Login endpoint; I've removed this for now as it wasn't actually ever checked. If we want to include that as part of the login handler we can pull out most of this logic and reuse it across both handlers.

This validate endoint will take in either an otp_code or a recovery_code. If the otp code is provided it will validate it against the secret. If the recovery code is provided, it will validate it against the database values and remove the value once used.

  • Removes recovery codes from all request except an update tfa request
  • adds the QR code generation to the tfa update request
  • removes tfa secret from TFA responses
  • removes tags from tfa setting schema
  • adds a self query to only pull data about the authorized user

@golanglemonade
cleanup
e24d8aa 
Signed-off-by: Sarah Funkhouser <[email protected]>
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
33.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@golanglemonade golanglemonade marked this pull request as ready for review January 22, 2025 05:24
@golanglemonade golanglemonade requested a review from a team as a code owner January 22, 2025 05:24
@matoszz matoszz merged commit 75fdf4e into main Jan 22, 2025
18 checks passed
@matoszz matoszz deleted the feat-totp-validate branch January 22, 2025 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matoszz matoszz matoszz approved these changes

@LemonAid711 LemonAid711 Awaiting requested review from LemonAid711 LemonAid711 is a code owner automatically assigned from theopenlane/blacksmiths

@theopenlane-bender theopenlane-bender Awaiting requested review from theopenlane-bender theopenlane-bender is a code owner automatically assigned from theopenlane/blacksmiths

Assignees
No one assigned
Labels
cli coreclient dbschema enhancement New feature or request graphapi graphqlschema httpserve migrations
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@golanglemonade @matoszz