devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

Feat:

Browse Source 
- Add TOTP MFA for signup
- Test cases for totp signup and verify_email
This commit is contained in:
scaletech-milan 2023-12-06 15:53:01 +05:30
parent febf4f9b15
commit 7e9fac335b
6 changed files with 431 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
server/resolvers/verify_email.go
View File

@ -9,6 +9,7 @@ import (
"github.com/google/uuid" "github.com/google/uuid"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"github.com/authorizerdev/authorizer/server/authenticators"
"github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/constants"
"github.com/authorizerdev/authorizer/server/cookie" "github.com/authorizerdev/authorizer/server/cookie"
"github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/db"
@ -60,6 +61,71 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
return res, err return res, err
} }
isMFADisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMultiFactorAuthentication)
if err != nil || !isMFADisabled {
log.Debug("MFA service not enabled: ", err)
}
isTOTPLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableTOTPLogin)
if err != nil || !isTOTPLoginDisabled {
log.Debug("totp service not enabled: ", err)
}
isMailOTPDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMailOTPLogin)
if err != nil || !isMailOTPDisabled {
log.Debug("mail OTP service not enabled: ", err)
}
setOTPMFaSession := func(expiresAt int64) error {
mfaSession := uuid.NewString()
err = memorystore.Provider.SetMfaSession(user.ID, mfaSession, expiresAt)
if err != nil {
log.Debug("Failed to add mfasession: ", err)
return err
}
cookie.SetMfaSession(gc, mfaSession)
return nil
}
// If mfa enabled and also totp enabled
if refs.BoolValue(user.IsMultiFactorAuthEnabled) && !isMFADisabled && !isTOTPLoginDisabled {
expiresAt := time.Now().Add(3 * time.Minute).Unix()
if err := setOTPMFaSession(expiresAt); err != nil {
log.Debug("Failed to set mfa session: ", err)
return nil, err
}
authenticator, err := db.Provider.GetAuthenticatorDetailsByUserId(ctx, user.ID, constants.EnvKeyTOTPAuthenticator)
if err != nil || authenticator == nil || authenticator.VerifiedAt == nil {
// generate totp
// Generate a base64 URL and initiate the registration for TOTP
authConfig, err := authenticators.Provider.Generate(ctx, user.ID)
if err != nil {
log.Debug("error while generating base64 url: ", err)
return nil, err
}
recoveryCodes := []*string{}
for _, code := range authConfig.RecoveryCodes {
recoveryCodes = append(recoveryCodes, refs.NewStringRef(code))
}
// when user is first time registering for totp
res = &model.AuthResponse{
Message: `Proceed to totp verification screen`,
ShouldShowTotpScreen: refs.NewBoolRef(true),
AuthenticatorScannerImage: refs.NewStringRef(authConfig.ScannerImage),
AuthenticatorSecret: refs.NewStringRef(authConfig.Secret),
AuthenticatorRecoveryCodes: recoveryCodes,
}
return res, nil
} else {
//when user is already register for totp
res = &model.AuthResponse{
Message: `Proceed to totp screen`,
ShouldShowTotpScreen: refs.NewBoolRef(true),
}
return res, nil
}
}
isSignUp := false isSignUp := false
if user.EmailVerifiedAt == nil { if user.EmailVerifiedAt == nil {
isSignUp = true isSignUp = true

1
server/test/integration_test.go
View File

@ -129,6 +129,7 @@ func TestResolvers(t *testing.T) {
mobileSingupTest(t, s) mobileSingupTest(t, s)
mobileLoginTests(t, s) mobileLoginTests(t, s)
totpLoginTest(t, s) totpLoginTest(t, s)
totpSignupTest(t, s)
forgotPasswordTest(t, s) forgotPasswordTest(t, s)
resendVerifyEmailTests(t, s) resendVerifyEmailTests(t, s)
resetPasswordTest(t, s) resetPasswordTest(t, s)

2
server/test/signup_test.go
View File

@ -37,7 +37,7 @@ func signupTests(t *testing.T, s TestSetup) {
Password: s.TestInfo.Password, Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password, ConfirmPassword: s.TestInfo.Password,
}) })
assert.NotNil(t, err, "singup disabled") assert.NotNil(t, err, "signup disabled")
assert.Nil(t, res) assert.Nil(t, res)
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableSignUp, false) memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableSignUp, false)
res, err = resolvers.SignupResolver(ctx, model.SignUpInput{ res, err = resolvers.SignupResolver(ctx, model.SignUpInput{

2
server/test/totp_login_test.go
View File

@ -92,6 +92,7 @@ func totpLoginTest(t *testing.T, s TestSetup) {
assert.NotNil(t, tf) assert.NotNil(t, tf)
code := tf.OTP() code := tf.OTP()
assert.NotEmpty(t, code) assert.NotEmpty(t, code)
// Set mfa cookie session // Set mfa cookie session
mfaSession := uuid.NewString() mfaSession := uuid.NewString()
memorystore.Provider.SetMfaSession(verifyRes.User.ID, mfaSession, time.Now().Add(1*time.Minute).Unix()) memorystore.Provider.SetMfaSession(verifyRes.User.ID, mfaSession, time.Now().Add(1*time.Minute).Unix())
@ -122,6 +123,7 @@ func totpLoginTest(t *testing.T, s TestSetup) {
cookie = fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", sessionToken) cookie = fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", sessionToken)
cookie = strings.TrimSuffix(cookie, ";") cookie = strings.TrimSuffix(cookie, ";")
req.Header.Set("Cookie", cookie) req.Header.Set("Cookie", cookie)
//logged out //logged out
logout, err := resolvers.LogoutResolver(ctx) logout, err := resolvers.LogoutResolver(ctx)
assert.NoError(t, err) assert.NoError(t, err)

187
server/test/totp_signup_test.go Normal file
View File

@ -0,0 +1,187 @@
package test
import (
"bytes"
"encoding/base64"
"fmt"
"strings"
"testing"
"time"
"github.com/authorizerdev/authorizer/server/authenticators"
"github.com/authorizerdev/authorizer/server/constants"
"github.com/authorizerdev/authorizer/server/db"
"github.com/authorizerdev/authorizer/server/graph/model"
"github.com/authorizerdev/authorizer/server/memorystore"
"github.com/authorizerdev/authorizer/server/refs"
"github.com/authorizerdev/authorizer/server/resolvers"
"github.com/authorizerdev/authorizer/server/token"
"github.com/gokyle/twofactor"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/tuotoo/qrcode"
)
func totpSignupTest(t *testing.T, s TestSetup) {
t.Helper()
// Test case to verify TOTP for signup
t.Run(`should verify totp for signup`, func(t *testing.T) {
// Create request and context using test setup
req, ctx := createContext(s)
email := "verify_totp." + s.TestInfo.Email
// Test case: Invalid password (confirm password mismatch)
res, err := resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password + "s",
})
assert.NotNil(t, err, "invalid password")
assert.Nil(t, res)
{
// Test case: Invalid password ("test" as the password)
res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: "test",
ConfirmPassword: "test",
})
assert.NotNil(t, err, "invalid password")
assert.Nil(t, res)
}
{
// Test case: Signup disabled
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableSignUp, true)
res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password,
})
assert.NotNil(t, err, "signup disabled")
assert.Nil(t, res)
}
{
// Test case: Successful signup
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableSignUp, false)
res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password,
AppData: map[string]interface{}{
"test": "test",
},
})
assert.Nil(t, err, "signup should be successful")
user := *res.User
assert.Equal(t, email, refs.StringValue(user.Email))
assert.Equal(t, "test", user.AppData["test"])
assert.Nil(t, res.AccessToken, "access token should be nil")
}
{
// Test case: Duplicate email (should throw an error)
res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password,
})
assert.NotNil(t, err, "should throw duplicate email error")
assert.Nil(t, res)
}
// Clean up data for the email
cleanData(email)
{
// Test case: Email verification and TOTP setup
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableEmailVerification, false)
// Sign up a user
res, err := resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password,
})
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.Equal(t, "Verification email has been sent. Please check your inbox", res.Message)
// Retrieve user and update for TOTP setup
user, err := db.Provider.GetUserByID(ctx, res.User.ID)
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.NotNil(t, user)
// Enable multi-factor authentication and update the user
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableTOTPLogin, false)
user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
updatedUser, err := db.Provider.UpdateUser(ctx, user)
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.Equal(t, true, *updatedUser.IsMultiFactorAuthEnabled)
// Initialise totp authenticator store
authenticators.InitTOTPStore()
// Verify an email and get TOTP response
verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup)
assert.Nil(t, err)
assert.Equal(t, email, verificationRequest.Email)
verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
Token: verificationRequest.Token,
})
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.NotNil(t, &verifyRes)
assert.Nil(t, verifyRes.AccessToken)
assert.Equal(t, "Proceed to totp verification screen", verifyRes.Message)
assert.NotEqual(t, *verifyRes.AuthenticatorScannerImage, "", "totp url should not be empty")
assert.NotEqual(t, *verifyRes.AuthenticatorSecret, "", "totp secret should not be empty")
assert.NotNil(t, verifyRes.AuthenticatorRecoveryCodes)
// Get TOTP URL for for validation
pngBytes, err := base64.StdEncoding.DecodeString(*verifyRes.AuthenticatorScannerImage)
assert.NoError(t, err)
qrmatrix, err := qrcode.Decode(bytes.NewReader(pngBytes))
assert.NoError(t, err)
tf, label, err := twofactor.FromURL(qrmatrix.Content)
data := strings.Split(label, ":")
assert.NoError(t, err)
assert.Equal(t, email, data[1])
assert.NotNil(t, tf)
code := tf.OTP()
assert.NotEmpty(t, code)
// Set MFA cookie session
mfaSession := uuid.NewString()
memorystore.Provider.SetMfaSession(res.User.ID, mfaSession, time.Now().Add(1*time.Minute).Unix())
cookie := fmt.Sprintf("%s=%s;", constants.MfaCookieName+"_session", mfaSession)
cookie = strings.TrimSuffix(cookie, ";")
req.Header.Set("Cookie", cookie)
valid, err := resolvers.VerifyOtpResolver(ctx, model.VerifyOTPRequest{
Email: &email,
IsTotp: refs.NewBoolRef(true),
Otp: code,
})
accessToken := *valid.AccessToken
assert.NoError(t, err)
assert.NotNil(t, accessToken)
assert.NotEmpty(t, valid.Message)
assert.NotEmpty(t, accessToken)
claims, err := token.ParseJWTToken(accessToken)
assert.NoError(t, err)
assert.NotEmpty(t, claims)
signUpMethod := claims["login_method"]
sessionKey := res.User.ID
if signUpMethod != nil && signUpMethod != "" {
sessionKey = signUpMethod.(string) + ":" + res.User.ID
}
sessionToken, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+claims["nonce"].(string))
assert.NoError(t, err)
assert.NotEmpty(t, sessionToken)
cookie = fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", sessionToken)
cookie = strings.TrimSuffix(cookie, ";")
req.Header.Set("Cookie", cookie)
}
// Clean up data for the email
cleanData(email)
})
}

238
server/test/verify_otp_test.go
View File

@ -1,92 +1,202 @@
package test package test
import ( import (
"bytes"
"context" "context"
"encoding/base64"
"fmt" "fmt"
"strings" "strings"
"testing" "testing"
"time" "time"
"github.com/gokyle/twofactor"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/tuotoo/qrcode"
"github.com/authorizerdev/authorizer/server/authenticators"
"github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/constants"
"github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/db"
"github.com/authorizerdev/authorizer/server/graph/model" "github.com/authorizerdev/authorizer/server/graph/model"
"github.com/authorizerdev/authorizer/server/memorystore" "github.com/authorizerdev/authorizer/server/memorystore"
"github.com/authorizerdev/authorizer/server/refs" "github.com/authorizerdev/authorizer/server/refs"
"github.com/authorizerdev/authorizer/server/resolvers" "github.com/authorizerdev/authorizer/server/resolvers"
"github.com/google/uuid" "github.com/authorizerdev/authorizer/server/token"
"github.com/stretchr/testify/assert"
) )
func verifyOTPTest(t *testing.T, s TestSetup) { func verifyOTPTest(t *testing.T, s TestSetup) {
t.Helper() t.Helper()
t.Run(`should verify otp`, func(t *testing.T) { t.Run(`should verify otp`, func(t *testing.T) {
// Set up request and context using test setup
req, ctx := createContext(s) req, ctx := createContext(s)
email := "verify_otp." + s.TestInfo.Email email := "verify_otp." + s.TestInfo.Email
res, err := resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password,
})
assert.NoError(t, err)
assert.NotNil(t, res)
// Login should fail as email is not verified // Test case: Setup email OTP MFA for login
loginRes, err := resolvers.LoginResolver(ctx, model.LoginInput{ {
Email: refs.NewStringRef(email), // Sign up a user
Password: s.TestInfo.Password, res, err := resolvers.SignupResolver(ctx, model.SignUpInput{
}) Email: refs.NewStringRef(email),
assert.Error(t, err) Password: s.TestInfo.Password,
assert.Nil(t, loginRes) ConfirmPassword: s.TestInfo.Password,
verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup) })
assert.Nil(t, err) assert.NoError(t, err)
assert.Equal(t, email, verificationRequest.Email) assert.NotNil(t, res)
verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
Token: verificationRequest.Token,
})
assert.Nil(t, err)
assert.NotEqual(t, verifyRes.AccessToken, "", "access token should not be empty")
// Using access token update profile // Attempt to login should fail as email is not verified
s.GinContext.Request.Header.Set("Authorization", "Bearer "+refs.StringValue(verifyRes.AccessToken)) loginRes, err := resolvers.LoginResolver(ctx, model.LoginInput{
ctx = context.WithValue(req.Context(), "GinContextKey", s.GinContext) Email: refs.NewStringRef(email),
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableMailOTPLogin, false) Password: s.TestInfo.Password,
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableTOTPLogin, true) })
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisablePhoneVerification, true) assert.NotNil(t, err, "email is not verified")
updateProfileRes, err := resolvers.UpdateProfileResolver(ctx, model.UpdateProfileInput{ assert.Nil(t, loginRes)
IsMultiFactorAuthEnabled: refs.NewBoolRef(true),
})
assert.NoError(t, err)
assert.NotEmpty(t, updateProfileRes.Message)
// Login should not return error but access token should be empty as otp should have been sent // Verify the email
loginRes, err = resolvers.LoginResolver(ctx, model.LoginInput{ verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup)
Email: refs.NewStringRef(email), assert.Nil(t, err)
Password: s.TestInfo.Password, assert.Equal(t, email, verificationRequest.Email)
}) verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
assert.NoError(t, err) Token: verificationRequest.Token,
assert.NotNil(t, loginRes) })
assert.Nil(t, loginRes.AccessToken) assert.Nil(t, err)
assert.NotEqual(t, verifyRes.AccessToken, "", "access token should not be empty")
// Get otp from db // Use access token to update the profile
otp, err := db.Provider.GetOTPByEmail(ctx, email) s.GinContext.Request.Header.Set("Authorization", "Bearer "+refs.StringValue(verifyRes.AccessToken))
assert.NoError(t, err) ctx = context.WithValue(req.Context(), "GinContextKey", s.GinContext)
assert.NotEmpty(t, otp.Otp) memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableMailOTPLogin, false)
// Get user by email memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableTOTPLogin, true)
user, err := db.Provider.GetUserByEmail(ctx, email) memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisablePhoneVerification, true)
assert.NoError(t, err) updateProfileRes, err := resolvers.UpdateProfileResolver(ctx, model.UpdateProfileInput{
assert.NotNil(t, user) IsMultiFactorAuthEnabled: refs.NewBoolRef(true),
// Set mfa cookie session })
mfaSession := uuid.NewString() assert.NoError(t, err)
memorystore.Provider.SetMfaSession(user.ID, mfaSession, time.Now().Add(1*time.Minute).Unix()) assert.NotEmpty(t, updateProfileRes.Message)
cookie := fmt.Sprintf("%s=%s;", constants.MfaCookieName+"_session", mfaSession)
cookie = strings.TrimSuffix(cookie, ";") // Login should not return an error, but the access token should be empty as OTP should have been sent
req.Header.Set("Cookie", cookie) loginRes, err = resolvers.LoginResolver(ctx, model.LoginInput{
verifyOtpRes, err := resolvers.VerifyOtpResolver(ctx, model.VerifyOTPRequest{ Email: refs.NewStringRef(email),
Email: &email, Password: s.TestInfo.Password,
Otp: otp.Otp, })
}) assert.NoError(t, err)
assert.Nil(t, err) assert.NotNil(t, loginRes)
assert.NotEqual(t, verifyOtpRes.AccessToken, "", "access token should not be empty") assert.Nil(t, loginRes.AccessToken)
cleanData(email)
// Get OTP from db
otp, err := db.Provider.GetOTPByEmail(ctx, email)
assert.NoError(t, err)
assert.NotEmpty(t, otp.Otp)
// Get user by email
user, err := db.Provider.GetUserByEmail(ctx, email)
assert.NoError(t, err)
assert.NotNil(t, user)
// Set MFA cookie session
mfaSession := uuid.NewString()
memorystore.Provider.SetMfaSession(user.ID, mfaSession, time.Now().Add(1*time.Minute).Unix())
cookie := fmt.Sprintf("%s=%s;", constants.MfaCookieName+"_session", mfaSession)
cookie = strings.TrimSuffix(cookie, ";")
req.Header.Set("Cookie", cookie)
// Verify OTP
verifyOtpRes, err := resolvers.VerifyOtpResolver(ctx, model.VerifyOTPRequest{
Email: &email,
Otp: otp.Otp,
})
assert.Nil(t, err)
assert.NotEqual(t, verifyOtpRes.AccessToken, "", "access token should not be empty")
// Clean up data for the email
cleanData(email)
}
// Test case: Setup TOTP MFA for signup
{
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableEmailVerification, false)
signUpRes, err := resolvers.SignupResolver(ctx, model.SignUpInput{
Email: refs.NewStringRef(email),
Password: s.TestInfo.Password,
ConfirmPassword: s.TestInfo.Password,
})
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.Equal(t, "Verification email has been sent. Please check your inbox", signUpRes.Message)
// Retrieve user and update for TOTP setup
user, err := db.Provider.GetUserByID(ctx, signUpRes.User.ID)
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.NotNil(t, user)
// Enable multi-factor authentication and update the user
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableTOTPLogin, false)
user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
updatedUser, err := db.Provider.UpdateUser(ctx, user)
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.Equal(t, true, *updatedUser.IsMultiFactorAuthEnabled)
// Initialise totp authenticator store
authenticators.InitTOTPStore()
// Verify an email and get TOTP response
verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup)
assert.Nil(t, err)
assert.Equal(t, email, verificationRequest.Email)
verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
Token: verificationRequest.Token,
})
assert.Nil(t, err, "Expected no error but got: %v", err)
assert.NotNil(t, &verifyRes)
assert.Nil(t, verifyRes.AccessToken)
assert.Equal(t, "Proceed to totp verification screen", verifyRes.Message)
assert.NotEqual(t, *verifyRes.AuthenticatorScannerImage, "", "totp url should not be empty")
assert.NotEqual(t, *verifyRes.AuthenticatorSecret, "", "totp secret should not be empty")
assert.NotNil(t, verifyRes.AuthenticatorRecoveryCodes)
// Get TOTP URL for validation
pngBytes, err := base64.StdEncoding.DecodeString(*verifyRes.AuthenticatorScannerImage)
assert.NoError(t, err)
qrmatrix, err := qrcode.Decode(bytes.NewReader(pngBytes))
assert.NoError(t, err)
tf, label, err := twofactor.FromURL(qrmatrix.Content)
data := strings.Split(label, ":")
assert.NoError(t, err)
assert.Equal(t, email, data[1])
assert.NotNil(t, tf)
code := tf.OTP()
assert.NotEmpty(t, code)
// Set mfa cookie session
mfaSession := uuid.NewString()
memorystore.Provider.SetMfaSession(signUpRes.User.ID, mfaSession, time.Now().Add(1*time.Minute).Unix())
cookie := fmt.Sprintf("%s=%s;", constants.MfaCookieName+"_session", mfaSession)
cookie = strings.TrimSuffix(cookie, ";")
req.Header.Set("Cookie", cookie)
valid, err := resolvers.VerifyOtpResolver(ctx, model.VerifyOTPRequest{
Email: &email,
IsTotp: refs.NewBoolRef(true),
Otp: code,
})
accessToken := *valid.AccessToken
assert.NoError(t, err)
assert.NotNil(t, accessToken)
assert.NotEmpty(t, valid.Message)
assert.NotEmpty(t, accessToken)
claims, err := token.ParseJWTToken(accessToken)
assert.NoError(t, err)
assert.NotEmpty(t, claims)
signUpMethod := claims["login_method"]
sessionKey := signUpRes.User.ID
if signUpMethod != nil && signUpMethod != "" {
sessionKey = signUpMethod.(string) + ":" + signUpRes.User.ID
}
sessionToken, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+claims["nonce"].(string))
assert.NoError(t, err)
assert.NotEmpty(t, sessionToken)
cookie = fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", sessionToken)
cookie = strings.TrimSuffix(cookie, ";")
req.Header.Set("Cookie", cookie)
// Clean up data for the email
cleanData(email)
}
}) })
} }