u

ory · Jul 13, 2023 · 44fa8b1 · 44fa8b1
1 parent 62ce450
commit 44fa8b1
Show file tree

Hide file tree

Showing 22 changed files with 302 additions and 430 deletions.
diff --git a/driver/config/config.go b/driver/config/config.go
@@ -224,8 +224,9 @@ type (
  Config json.RawMessage `json:"config"`
  }
  SelfServiceStrategy struct {
- Enabled bool `json:"enabled"`
- Config json.RawMessage `json:"config"`
+ Enabled bool `json:"enabled"`
+ Config json.RawMessage `json:"config"`
+ AllowedFlows []string `json:"allowed_flows"`
  }
  Schema struct {
  ID string `json:"id" koanf:"id"`
@@ -727,10 +728,13 @@ func (p *Config) SelfServiceStrategy(ctx context.Context, strategy string) *Self
  config = c
  }
 
- enabledKey := fmt.Sprintf("%s.%s.enabled", ViperKeySelfServiceStrategyConfig, strategy)
+ basePath := fmt.Sprintf("%s.%s", ViperKeySelfServiceStrategyConfig, strategy)
+
+ enabledKey := fmt.Sprintf("%s.enabled", basePath)
  s := &SelfServiceStrategy{
- Enabled: pp.Bool(enabledKey),
- Config: json.RawMessage(config),
+ Enabled: pp.Bool(enabledKey),
+ Config: json.RawMessage(config),
+ AllowedFlows: pp.Strings(fmt.Sprintf("%s.allowed_flows", basePath)),
  }
 
  // The default value can easily be overwritten by setting e.g. `{"selfservice": "null"}` which means that

diff --git a/driver/registry_default.go b/driver/registry_default.go
@@ -96,11 +96,12 @@ type RegistryDefault struct {
  persister persistence.Persister
  migrationStatus popx.MigrationStatuses
 
- hookVerifier *hook.Verifier
- hookSessionIssuer *hook.SessionIssuer
- hookSessionDestroyer *hook.SessionDestroyer
- hookAddressVerifier *hook.AddressVerifier
- hookShowVerificationUI *hook.ShowVerificationUIHook
+ hookVerifier *hook.Verifier
+ hookSessionIssuer *hook.SessionIssuer
+ hookSessionDestroyer *hook.SessionDestroyer
+ hookAddressVerifier *hook.AddressVerifier
+ hookShowVerificationUI *hook.ShowVerificationUIHook
+ hookCodeAddressVerifier *hook.CodeAddressVerifier
 
  identityHandler *identity.Handler
  identityValidator *identity.Validator
@@ -329,6 +330,12 @@ func (m *RegistryDefault) selfServiceStrategies() []interface{} {
 func (m *RegistryDefault) RegistrationStrategies(ctx context.Context) (registrationStrategies registration.Strategies) {
  for _, strategy := range m.selfServiceStrategies() {
  if s, ok := strategy.(registration.Strategy); ok {
+ // the code method needs to be checked explicitly for registration
+ // TODO: we need to somehow check if the `code` strategy is enabled specifically for registration
+ // if s.ID() == identity.CredentialsTypeCodeAuth && m.Config().SelfServiceStrategy(ctx, string(s.ID())).RegistrationEnabled {
+ // registrationStrategies = append(registrationStrategies, s)
+ // continue
+ // }
  if m.Config().SelfServiceStrategy(ctx, string(s.ID())).Enabled {
  registrationStrategies = append(registrationStrategies, s)
  }
@@ -351,6 +358,12 @@ func (m *RegistryDefault) AllRegistrationStrategies() registration.Strategies {
 func (m *RegistryDefault) LoginStrategies(ctx context.Context) (loginStrategies login.Strategies) {
  for _, strategy := range m.selfServiceStrategies() {
  if s, ok := strategy.(login.Strategy); ok {
+ // the code method needs to be checked explicity for login
+ // TODO: we need to somwhow check if the `code` strategy is enabled specifically for login
+ // if s.ID() == identity.CredentialsTypeCodeAuth && m.Config().SelfServiceStrategy(ctx, string(s.ID())).LoginEnabled {
+ // loginStrategies = append(loginStrategies, s)
+ // continue
+ // }
  if m.Config().SelfServiceStrategy(ctx, string(s.ID())).Enabled {
  loginStrategies = append(loginStrategies, s)
  }

diff --git a/driver/registry_default_hooks.go b/driver/registry_default_hooks.go
@@ -15,6 +15,13 @@ func (m *RegistryDefault) HookVerifier() *hook.Verifier {
  return m.hookVerifier
 }
 
+func (m *RegistryDefault) HookCodeAddressVerifier() *hook.CodeAddressVerifier {
+ if m.hookCodeAddressVerifier == nil {
+ m.hookCodeAddressVerifier = hook.NewCodeAddressVerifier(m)
+ }
+ return m.hookCodeAddressVerifier
+}
+
 func (m *RegistryDefault) HookSessionIssuer() *hook.SessionIssuer {
  if m.hookSessionIssuer == nil {
  m.hookSessionIssuer = hook.NewSessionIssuer(m)

diff --git a/driver/registry_default_registration.go b/driver/registry_default_registration.go
@@ -28,6 +28,12 @@ func (m *RegistryDefault) PostRegistrationPostPersistHooks(ctx context.Context,
  initialHookCount = 1
  }
 
+ // TODO: this needs to be specific to the flow and not just the `code` general strategy
+ if m.Config().SelfServiceStrategy(ctx, identity.CredentialsTypeCodeAuth.String()).Enabled {
+ b = append(b, m.HookCodeAddressVerifier())
+ initialHookCount += 1
+ }
+
  for _, v := range m.getHooks(string(credentialsType), m.Config().SelfServiceFlowRegistrationAfterHooks(ctx, string(credentialsType))) {
  if hook, ok := v.(registration.PostHookPostPersistExecutor); ok {
  b = append(b, hook)