Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: count MFA addresses in CountActiveMultiFactorCredentials for code method #4318

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

fix: count MFA addresses in CountActiveMultiFactorCredentials for code method #4318

wants to merge 5 commits into from
+496 −16

Conversation

wewelll
Copy link

@wewelll wewelll commented Feb 24, 2025
edited
Loading

Attempt to fix ory/network#409

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@CLAassistant
Copy link

CLAassistant commented Feb 24, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@wewelll wewelll force-pushed the fix-count-active-multi-factor-credentials branch from 4108816 to 953042d Compare February 24, 2025 11:41
@wewelll wewelll changed the title fix CountActiveMultiFactorCredentials for code method fix: count MFA addresses in CountActiveMultiFactorCredentials for code method Feb 24, 2025
@wewelll wewelll force-pushed the fix-count-active-multi-factor-credentials branch 2 times, most recently from be41841 to 82572bd Compare February 24, 2025 14:29
aeneasr
aeneasr reviewed Feb 25, 2025
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good! I guess the only question is if there are regression cases where this would break an existing set up. So for example:

  1. Dev has set up code MFA
  2. An identity exists where config does not have the address
  3. MFA does no longer work for them

The best way to figure this out is here and here. A regression case for code is here. More regression cases are here.

Also it makes sense to add an end to end test in test/e2e to test the case you have: An identity schema with a field for code MFA that is not required, and an identity that is trying to sign in without filling in the data (should not show 2fa), and one that is singing in with filling out the data (should show 2fa). With such a test we can ensure that this won't break in the future when someone changes something.

Thank you!

@wewelll wewelll force-pushed the fix-count-active-multi-factor-credentials branch from dcfd798 to 82572bd Compare February 26, 2025 11:23
@wewelll
Copy link
Author

wewelll commented Feb 26, 2025

Thank you for the advice @aeneasr
I have added a commit to be retro-compatible with existing configs. Can you confirm that it looks good to you ?
I'm trying to add an e2e test now

@wewelll wewelll force-pushed the fix-count-active-multi-factor-credentials branch from 106a477 to 66ed39e Compare February 26, 2025 13:11
@wewelll
Copy link
Author

wewelll commented Feb 26, 2025

It looks like a test is broken in selfservice/strategy/password but I did not change anything there. Where could it come from ?

@aeneasr
Copy link
Member

aeneasr commented Feb 27, 2025

Yes, that's on master - I'll rebase this PR then it should pass

@aeneasr aeneasr force-pushed the fix-count-active-multi-factor-credentials branch from 66ed39e to d02a07a Compare February 27, 2025 07:38
@wewelll wewelll force-pushed the fix-count-active-multi-factor-credentials branch from d02a07a to 2e379d6 Compare February 27, 2025 11:03
@wewelll wewelll force-pushed the fix-count-active-multi-factor-credentials branch from 1b39978 to 653bdf3 Compare February 27, 2025 13:17
@wewelll wewelll marked this pull request as ready for review February 27, 2025 13:49
@wewelll wewelll requested a review from a team as a code owner February 27, 2025 13:49
@wewelll wewelll force-pushed the fix-count-active-multi-factor-credentials branch from 7012e34 to e95ecb9 Compare February 27, 2025 14:08
@wewelll
test: add e2e test case where a user can log-in with a aal1 session b…
03f6b01 
…ut highest_available aal is required for the settings flow
@wewelll wewelll requested a review from aeneasr February 27, 2025 15:58
@wewelll
Copy link
Author

wewelll commented Feb 27, 2025

Thank you, all tests are passing now.

Here is a summary of the changes on the tests:

  • all existing tests are still passing
  • added some test cases on CountActiveMultiFactorCredentials for the old and new version of the code credential
  • added new tests cases for TestDoesSessionSatisfy
  • added a new e2e test suite for optional mfa with code

Let me know if there is something more to do !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@wewelll @CLAassistant @aeneasr