-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge MFA into dev #564
Merged
Merged
Merge MFA into dev #564
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ethod accordingly This change allows to exactly know when a ChorusUser is authenticated or not
… in `ChorusUser`
Remove option from the ChorusUser object field, since it makes the api a lot worse. Tihs means we still call ChorusUser::shell a few times (mostly in logins, but also in one mfa route). The ratelimiter should be refactored at some point to allow an instance send unauthenticated ratelimited requests
Locks entities/mfa_token.rs to the client feature. This representation is purely client sided, for a server sided mfa token, you'd likely only store the expiration timestamp and give the JWT to be handled by the client.
- add Enable and Disable TOTP MFA routes - add Enable and Disable SMS MFA routes
- Adds the MfaAuthenticator type - Renames AuthenticatorType to MfaAuthenticationType - these are ways we can authenticate, not types of authenticators - Adds MfaAuthenticatorType, removes the old ReadyAuthenticatorType which was just this type in the Ready payload - Adds the get_webauthn_authenticators route
changes: - Removed the weirdness with EnableTotpMfaReturn and EnableTotpMfaResponse. I've realized we have not reason to hide a received token from library users, as they'll probably want to save it somewhere as well. - For the same reason, made disable_totp_mfa return the new token - Updated documentation on several mfa types - Renamed type MfaVerificationSchema to MfaChallenge - Renamed field mfa on MfaRequiredSchema to mfa_challenge
- Added two aliases for ChorusUser::complete_mfa_challenge, MfaChallenge::complete and MfaVerifySchema::verify_mfa
kozabrada123
added a commit
that referenced
this pull request
Nov 24, 2024
Release tracker for v0.18.0 of chorus, set to release on November 24th, 2024. ## Public API changes - #570: Various entity public api changes - 644d3be, 85e922b: Add type `OneOrMoreSnowflakes`, allow `GatewayRequestGuildMembers` to request multiple guild and user ids - f65b9c1: Differentiate `PresenceUpdate` and `GatewayPresenceUpdate` - 0e5fd86: Temporarily fix `PresenceUpdate` for Spacebar Client by making `user` optional - 61ac7d1: Updated `LazyRequest` (op 14) to use the `Snowflake` type for ids instead of just `String` ## Additions - #564: MFA implementation, by @xystrive and @kozabrada123 - 4ed68ce: Added [Last Messages request](https://docs.discord.sex/topics/gateway-events#request-last-messages) and [response](https://docs.discord.sex/topics/gateway-events#last-messages) - b23fb68: Add `ReadState` to `GatewayReady` - #571: Gateway Opcode enum - #573: Gateway Disconnect Opcode enums ## Bugfixes - #565: Fix sqlx En-/Decoding of `PremiumType` - 7460d3f: Fix `GatewayIdentifyConnectionProps` for Spacebar Client by deriving default on all fields, since the client does not send it - 3d9460f: Derive Default for `MessageReferenceType`, assume default reference_type if none is provided - 4baecf9: Fixed a deserialization error related to `presences` in `GuildMembersChunk` being an array, not a single value - 1b20102: Fixed a deserialization error with deserializing `activities` in `PresenceUpdate` as an empty array when they are sent as `null` - 7feb571: Fixed a deserialization error on discord.com related to experiments (they are not implemented yet, see #578) - fb94afa: Fixed a deserialization error on discord.com related to `last_viewed` in `ReadState` being a version / counter, not a `DateTime` ## Internal changes - 40754c5: bump sqlx-pg-uint to v0.8.0 - #575: Refactor of gateway close code handling - 4ed68ce: Refactored the gateway to fully use the `Opcode` enum instead of constants - #579 --------- Co-authored-by: bitfl0wer <[email protected]> Co-authored-by: Flori <[email protected]> Co-authored-by: xystrive <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Continuation of #521
TODOs
Original description
New changes:
mfa
branch with the latestdev
commitsOption
on theobject
field inChorusUser
has been removed, to make the api more ergonomic. If we aim to re-do how ratelimited requests work, adding theOption
for a few versions and then removing it again at some point is quite annoying from an api pov.shell
was (until now, with one unauthenticated mfa endpoint) called only when creating a new (authenticated)ChorusUser
, which imo justified its calls toUser::default
andUserSettings::default
as they were overridden soon after. A true solution for this issue would be to allow theInstance
to perform unauthenticated yet still ratelimited requests, which likely means a rework of the ratelimiter logic.ChorusUser::update_with_login_data
, which replaces the last couple of lines (gateway identifying, fetching user object and user settings) for each login implementation, as that was just duplicated codeAuthenticatorType
enum, from the Ready payload has been moved to the mfa types and renamed toMfaAuthenticatorType
. Another similar typeMfaAuthenticationType
was added, which covers authenticator types along with using a password or backup code.MfaToken
andChorusRequest
(1927ed8), which allows adding the mfa token to requests that need it (if we have obtained one)MfaToken
has been feature locked to theClient
feature (825e0ed)httptest
as a dev-dependency on non wasm targetsTestBundle
on an httptest servermfa
tests to work with a mocked server