get mfa method from the ticket itself

VAuthenticator · Jul 22, 2024 · 3136936 · 3136936
1 parent f54efd1
commit 3136936
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 18 deletions.
diff --git a/src/main/kotlin/com/vauthenticator/server/account/emailverification/VerifyEMailChallenge.kt b/src/main/kotlin/com/vauthenticator/server/account/emailverification/VerifyEMailChallenge.kt
@@ -2,7 +2,6 @@ package com.vauthenticator.server.account.emailverification
 
 import com.vauthenticator.server.account.Account
 import com.vauthenticator.server.account.repository.AccountRepository
-import com.vauthenticator.server.mfa.domain.MfaMethod
 import com.vauthenticator.server.mfa.domain.MfaMethodsEnrollmentAssociation
 import com.vauthenticator.server.ticket.InvalidTicketException
 import com.vauthenticator.server.ticket.TicketId
@@ -17,7 +16,7 @@ class VerifyEMailChallenge(
     fun verifyMail(ticket: String) {
         ticketRepository.loadFor(TicketId(ticket))
             .map {
-                mfaMethodsEnrollmentAssociation.associate(ticket, MfaMethod.EMAIL_MFA_METHOD)
+                mfaMethodsEnrollmentAssociation.associate(ticket)
                 enableAccountFrom(it.userName)
             }
             .orElseThrow { throw InvalidTicketException("The ticket $ticket is not a valid ticket, it seems to be expired") }

diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt b/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt
@@ -35,10 +35,6 @@ class MfaEnrolmentAssociationEndPoint(
         )
 
 
-    /*
-    * /api/mfa/enrollment -> enrollmentId
-    *
-    * */
     @PostMapping("/api/mfa/enrollment")
     fun enrollMfa(authentication: Authentication, enrolling: MfaEnrollingDevice) {
         TODO("will return ticket to enroll")

diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt b/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt
@@ -4,19 +4,20 @@ import com.vauthenticator.server.account.Account
 import com.vauthenticator.server.mfa.repository.MfaAccountMethodsRepository
 import com.vauthenticator.server.oauth2.clientapp.ClientAppId
 import com.vauthenticator.server.ticket.*
+import com.vauthenticator.server.ticket.Ticket.Companion.MFA_CHANNEL_CONTEXT_KEY
+import com.vauthenticator.server.ticket.Ticket.Companion.MFA_METHOD_CONTEXT_KEY
 
 class MfaMethodsEnrollmentAssociation(
     private val ticketRepository: TicketRepository,
     private val mfaAccountMethodsRepository: MfaAccountMethodsRepository
 ) {
 
-    //todo mfaMethod: MfaMethod can be encoded in the ticket itself
-    //todo ticket can be an higher abstraction like RawTicket
-    fun associate(ticket: String, mfaMethod: MfaMethod) {
+    fun associate(ticket: String) {
         ticketRepository.loadFor(TicketId(ticket))
             .map { ticket ->
                 val email = ticket.userName
                 val mfaAccountMethods = mfaAccountMethodsRepository.findAll(email)
+                val mfaMethod = MfaMethod.valueOf(ticket.context.content[MFA_METHOD_CONTEXT_KEY]!!)
                 if (!mfaAccountMethods.any { it.method == mfaMethod }) {
                     mfaAccountMethodsRepository.save(email, mfaMethod)
                 }
@@ -51,8 +52,8 @@ class MfaMethodsEnrollment(
             clientAppId,
             TicketContext(
                 mapOf(
-                    "mfaChannel" to mfaChannel,
-                    "mfaMethod" to mfaMethod.name
+                    MFA_CHANNEL_CONTEXT_KEY to mfaChannel,
+                    MFA_METHOD_CONTEXT_KEY to mfaMethod.name
                 )
             )
         )

diff --git a/src/main/kotlin/com/vauthenticator/server/ticket/Ticket.kt b/src/main/kotlin/com/vauthenticator/server/ticket/Ticket.kt
@@ -8,7 +8,12 @@ data class Ticket(
     val clientAppId: String,
     val ttl: Long,
     val context: TicketContext = TicketContext.empty(),
-)
+) {
+    companion object {
+        val MFA_CHANNEL_CONTEXT_KEY = "mfaChannel"
+        val MFA_METHOD_CONTEXT_KEY = "mfaMethod"
+    }
+}
 
 data class TicketContext(val content: Map<String, String>) {
 

diff --git a/...st/kotlin/com/vauthenticator/server/account/emailverification/VerifyEMailChallengeTest.kt b/...st/kotlin/com/vauthenticator/server/account/emailverification/VerifyEMailChallengeTest.kt
@@ -1,7 +1,6 @@
 package com.vauthenticator.server.account.emailverification
 
 import com.vauthenticator.server.account.repository.AccountRepository
-import com.vauthenticator.server.mfa.domain.MfaMethod
 import com.vauthenticator.server.mfa.domain.MfaMethodsEnrollmentAssociation
 import com.vauthenticator.server.oauth2.clientapp.ClientAppId
 import com.vauthenticator.server.support.AccountTestFixture
@@ -58,13 +57,13 @@ internal class VerifyEMailChallengeTest {
                 ClientAppId.empty().content
             )
         )
-        every { mfaMethodsEnrollmentAssociation.associate("A_TICKET", MfaMethod.EMAIL_MFA_METHOD) } just runs
+        every { mfaMethodsEnrollmentAssociation.associate("A_TICKET") } just runs
         every { accountRepository.accountFor(account.email) } returns Optional.of(account)
         every { accountRepository.save(enabledAccount) } just runs
         every { ticketRepository.delete(ticketId) } just runs
 
         underTest.verifyMail("A_TICKET")
-        verify(exactly = 1) { mfaMethodsEnrollmentAssociation.associate("A_TICKET", MfaMethod.EMAIL_MFA_METHOD) }
+        verify(exactly = 1) { mfaMethodsEnrollmentAssociation.associate("A_TICKET") }
     }
 
     @Test
@@ -80,7 +79,7 @@ internal class VerifyEMailChallengeTest {
             )
         )
         every { accountRepository.accountFor(account.email) } returns Optional.empty()
-        every { mfaMethodsEnrollmentAssociation.associate("A_TICKET", MfaMethod.EMAIL_MFA_METHOD) } just runs
+        every { mfaMethodsEnrollmentAssociation.associate("A_TICKET") } just runs
 
         assertThrows(InvalidTicketException::class.java) { underTest.verifyMail("A_TICKET") }
     }

diff --git a/src/test/kotlin/com/vauthenticator/server/ticket/MfaMethodsEnrollmentAssociationTest.kt b/src/test/kotlin/com/vauthenticator/server/ticket/MfaMethodsEnrollmentAssociationTest.kt
@@ -61,7 +61,7 @@ class MfaMethodsEnrollmentAssociationTest {
         every { ticketRepository.delete(ticket.ticketId) } just runs
 
 
-        underTest.associate(RAW_TICKET, MfaMethod.EMAIL_MFA_METHOD)
+        underTest.associate(RAW_TICKET)
 
         verify { ticketRepository.loadFor(ticketId) }
         verify { mfaAccountMethodsRepository.findAll(email) }
@@ -77,7 +77,7 @@ class MfaMethodsEnrollmentAssociationTest {
         every { mfaAccountMethodsRepository.findAll(email) } returns listOf(mfaAccountMethod)
         every { ticketRepository.delete(ticket.ticketId) } just runs
 
-        underTest.associate(RAW_TICKET, MfaMethod.EMAIL_MFA_METHOD)
+        underTest.associate(RAW_TICKET)
 
         verify { ticketRepository.loadFor(ticketId) }
         verify { mfaAccountMethodsRepository.findAll(email) }