Merge remote-tracking branch 'origin/master' into hperl/passwordless-…

…strategy
ory · Jan 10, 2024 · 62c6118 · 62c6118
2 parents 751da9b + 21ab031
commit 62c6118
Show file tree

Hide file tree

Showing 107 changed files with 1,750 additions and 1,194 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2023-12-11)](#2023-12-11)
+- [ (2024-01-08)](#2024-01-08)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Documentation](#documentation)
@@ -314,7 +314,7 @@
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
-# [](https://github.com/ory/kratos/compare/v1.0.0...v) (2023-12-11)
+# [](https://github.com/ory/kratos/compare/v1.0.0...v) (2024-01-08)
 
 ## Breaking Changes
 
@@ -420,6 +420,9 @@ https://github.com/ory/kratos/pull/3480
 
   Signed-off-by: nxy7 <[email protected]>
 
+- Check whoami aal before accepting hydra login request
+  ([#3669](https://github.com/ory/kratos/issues/3669))
+  ([a2f79c3](https://github.com/ory/kratos/commit/a2f79c31f3208b88024897fc8bf1307ccac6f895))
 - Code method on registration and 2fa
   ([#3481](https://github.com/ory/kratos/issues/3481))
   ([7aa2e29](https://github.com/ory/kratos/commit/7aa2e293175d0f4b6c13552cc3781f54f8caf3a0))
@@ -448,6 +451,14 @@ https://github.com/ory/kratos/pull/3480
 - Don't return 500 on conflict for POST /admin/identities
   ([#3437](https://github.com/ory/kratos/issues/3437))
   ([1429949](https://github.com/ory/kratos/commit/142994932e449d9948148804502c98ef73daafff))
+- Don't return nil if code is invalid
+  ([#3662](https://github.com/ory/kratos/issues/3662))
+  ([df8ec2b](https://github.com/ory/kratos/commit/df8ec2b9b77a53beb32e3f94a8fccb711896d8e7)):
+
+  - fix: don't return nil if code is invalid
+
+  - chore: add test
+
 - Error handling on identity import
   ([#3520](https://github.com/ory/kratos/issues/3520))
   ([83bfb2d](https://github.com/ory/kratos/commit/83bfb2d2a9c69bf3a3442500b9484c1a69f8c794)):
@@ -484,6 +495,11 @@ https://github.com/ory/kratos/pull/3480
 - Incorrect SMTP error handling
   ([#3636](https://github.com/ory/kratos/issues/3636))
   ([ee138ec](https://github.com/ory/kratos/commit/ee138ec4e1ba55ef077858653220db9e6b0c7254))
+- Incorrect swagger spec for filter parameter
+  ([#3684](https://github.com/ory/kratos/issues/3684))
+  ([2c1470a](https://github.com/ory/kratos/commit/2c1470ab3556e639f06a01ac1646a6b90c7ecac7)),
+  closes [#3676](https://github.com/ory/kratos/issues/3676)
+  [#3675](https://github.com/ory/kratos/issues/3675)
 - Increase connection-level timeouts and shutdown timeouts
   ([#3570](https://github.com/ory/kratos/issues/3570))
   ([200b413](https://github.com/ory/kratos/commit/200b4138a429d113ee045d16031bb0a6312c1c01)):
@@ -605,6 +621,9 @@ https://github.com/ory/kratos/pull/3480
 - Remove slow queries from update identities
   ([#3553](https://github.com/ory/kratos/issues/3553))
   ([d138abb](https://github.com/ory/kratos/commit/d138abb6278ebb232e120bee0fb956a0f2816b8d))
+- Rename "phone" courier channel to "sms"
+  ([#3680](https://github.com/ory/kratos/issues/3680))
+  ([eb8d1b9](https://github.com/ory/kratos/commit/eb8d1b9abd6d2b3eb86ab11d48d9ebd059586b67))
 - Respect gomail.SendError in mail queue
   ([#3600](https://github.com/ory/kratos/issues/3600))
   ([9c608b9](https://github.com/ory/kratos/commit/9c608b991874d839782d9219f2fc27d0d4a398af))
@@ -661,6 +680,9 @@ https://github.com/ory/kratos/pull/3480
 - Use org ID from session if available in login flow
   ([#3545](https://github.com/ory/kratos/issues/3545))
   ([1b3647c](https://github.com/ory/kratos/commit/1b3647c2acdad966f920c2b9e6e657c52aa50c6e))
+- Use provider label in link message
+  ([#3661](https://github.com/ory/kratos/issues/3661))
+  ([fa5ec93](https://github.com/ory/kratos/commit/fa5ec93e8ae7d971d07f0e9b3acaa0840b9ac7de))
 - Use registry client for schema loading
   ([#3471](https://github.com/ory/kratos/issues/3471))
   ([3a57726](https://github.com/ory/kratos/commit/3a577269980213e4415fd5fa713882990e2e7640))
@@ -712,6 +734,9 @@ https://github.com/ory/kratos/pull/3480
 - Add OpenTelemetry span for password hash comparison
   ([#3383](https://github.com/ory/kratos/issues/3383))
   ([e3fcf0c](https://github.com/ory/kratos/commit/e3fcf0c31db9742ed61bcf783e37ee119ed19d42))
+- Add sms verification for phone numbers
+  ([#3649](https://github.com/ory/kratos/issues/3649))
+  ([e3a3c4f](https://github.com/ory/kratos/commit/e3a3c4fe0d6697f6864283daf4be8a8f8971c7b4))
 - Add support for recovery on native flows
   ([#3273](https://github.com/ory/kratos/issues/3273))
   ([e363889](https://github.com/ory/kratos/commit/e363889732c0a1cb801fd12b2e0e8546006e9714))

diff --git a/Makefile b/Makefile
@@ -125,6 +125,7 @@ sdk: .bin/swagger .bin/ory node_modules
 		--git-user-id ory \
 		--git-repo-id client-go \
 		--git-host github.com \
+		--api-name-suffix "Api" \
 		-t .schema/openapi/templates/go \
 		-c .schema/openapi/gen.go.yml
 
@@ -138,6 +139,7 @@ sdk: .bin/swagger .bin/ory node_modules
 		--git-user-id ory \
 		--git-repo-id client-go \
 		--git-host github.com \
+		--api-name-suffix "Api" \
 		-t .schema/openapi/templates/go \
 		-c .schema/openapi/gen.go.yml
 

diff --git a/contrib/quickstart/kratos/phone-password/identity.schema.json b/contrib/quickstart/kratos/phone-password/identity.schema.json
@@ -0,0 +1,31 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "phone": {
+          "type": "string",
+          "format": "tel",
+          "title": "Phone number",
+          "minLength": 3,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            },
+            "verification": {
+              "via": "sms"
+            }
+          }
+        }
+      },
+      "required": ["phone"],
+      "additionalProperties": false
+    }
+  }
+}
diff --git a/contrib/quickstart/kratos/phone-password/kratos.yml b/contrib/quickstart/kratos/phone-password/kratos.yml
@@ -0,0 +1,114 @@
+version: v0.13.0
+
+dsn: memory
+
+serve:
+  public:
+    base_url: http://127.0.0.1:4433/
+    cors:
+      enabled: true
+  admin:
+    base_url: http://kratos:4434/
+
+selfservice:
+  default_browser_return_url: http://127.0.0.1:4455/
+  allowed_return_urls:
+    - http://127.0.0.1:4455
+    - http://localhost:19006/Callback
+    - exp://localhost:8081/--/Callback
+
+  methods:
+    password:
+      enabled: true
+    totp:
+      config:
+        issuer: Kratos
+      enabled: true
+    lookup_secret:
+      enabled: true
+    link:
+      enabled: true
+    code:
+      enabled: true
+
+  flows:
+    error:
+      ui_url: http://127.0.0.1:4455/error
+
+    settings:
+      ui_url: http://127.0.0.1:4455/settings
+      privileged_session_max_age: 15m
+      required_aal: highest_available
+
+    recovery:
+      enabled: true
+      ui_url: http://127.0.0.1:4455/recovery
+      use: code
+
+    verification:
+      enabled: true
+      ui_url: http://127.0.0.1:4455/verification
+      use: code
+      after:
+        default_browser_return_url: http://127.0.0.1:4455/
+
+    logout:
+      after:
+        default_browser_return_url: http://127.0.0.1:4455/login
+
+    login:
+      ui_url: http://127.0.0.1:4455/login
+      lifespan: 10m
+
+    registration:
+      lifespan: 10m
+      ui_url: http://127.0.0.1:4455/registration
+      after:
+        password:
+          hooks:
+            - hook: session
+            - hook: show_verification_ui
+
+log:
+  level: debug
+  format: text
+  leak_sensitive_values: true
+
+secrets:
+  cookie:
+    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+  cipher:
+    - 32-LONG-SECRET-NOT-SECURE-AT-ALL
+
+ciphers:
+  algorithm: xchacha20-poly1305
+
+hashers:
+  algorithm: bcrypt
+  bcrypt:
+    cost: 8
+
+identity:
+  default_schema_id: default
+  schemas:
+    - id: default
+      url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+  channels:
+    - id: sms
+      type: http
+      request_config:
+        url: https://api.twilio.com/2010-04-01/Accounts/AXXXXXXXXXXXXXX/Messages.json
+        method: POST
+        body: base64://ZnVuY3Rpb24oY3R4KSB7ClRvOiBjdHguUmVjaXBpZW50LApCb2R5OiBjdHguQm9keSwKfQ==
+        headers:
+          Content-Type: application/x-www-form-urlencoded
+        auth:
+          type: basic_auth
+          config:
+            user: AXXXXXXX
+            password: XXXX
+
+feature_flags:
+  use_continue_with_transitions: true
diff --git a/courier/channel.go b/courier/channel.go
@@ -0,0 +1,13 @@
+// Copyright © 2023 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package courier
+
+import (
+	"context"
+)
+
+type Channel interface {
+	ID() string
+	Dispatch(ctx context.Context, msg Message) error
+}
diff --git a/courier/courier.go b/courier/courier.go
@@ -7,16 +7,15 @@ import (
 	"context"
 	"time"
 
-	"github.com/ory/kratos/courier/template"
 	"github.com/ory/x/jsonnetsecure"
 
 	"github.com/cenkalti/backoff"
 	"github.com/gofrs/uuid"
 	"github.com/pkg/errors"
 
+	"github.com/ory/kratos/courier/template"
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/x"
-	gomail "github.com/ory/mail/v3"
 )
 
 type (
@@ -33,11 +32,8 @@ type (
 		Work(ctx context.Context) error
 		QueueEmail(ctx context.Context, t EmailTemplate) (uuid.UUID, error)
 		QueueSMS(ctx context.Context, t SMSTemplate) (uuid.UUID, error)
-		SmtpDialer() *gomail.Dialer
 		DispatchQueue(ctx context.Context) error
 		DispatchMessage(ctx context.Context, msg Message) error
-		SetGetEmailTemplateType(f func(t EmailTemplate) (TemplateType, error))
-		SetNewEmailTemplateFromMessage(f func(d template.Dependencies, msg Message) (EmailTemplate, error))
 		UseBackoff(b backoff.BackOff)
 		FailOnDispatchError()
 	}
@@ -51,26 +47,42 @@ type (
 	}
 
 	courier struct {
-		smsClient           *smsClient
-		smtpClient          *smtpClient
-		httpClient          *httpClient
+		courierChannels     map[string]Channel
 		deps                Dependencies
 		failOnDispatchError bool
 		backoff             backoff.BackOff
 	}
 )
 
 func NewCourier(ctx context.Context, deps Dependencies) (Courier, error) {
-	smtp, err := newSMTP(ctx, deps)
+	return NewCourierWithCustomTemplates(ctx, deps, NewEmailTemplateFromMessage)
+}
+
+func NewCourierWithCustomTemplates(ctx context.Context, deps Dependencies, newEmailTemplateFromMessage func(d template.Dependencies, msg Message) (EmailTemplate, error)) (Courier, error) {
+	cs, err := deps.CourierConfig().CourierChannels(ctx)
 	if err != nil {
 		return nil, err
 	}
+	channels := make(map[string]Channel, len(cs))
+	for _, c := range cs {
+		switch c.Type {
+		case "smtp":
+			ch, err := NewSMTPChannelWithCustomTemplates(deps, c.SMTPConfig, newEmailTemplateFromMessage)
+			if err != nil {
+				return nil, err
+			}
+			channels[ch.ID()] = ch
+		case "http":
+			channels[c.ID] = newHttpChannel(c.ID, c.RequestConfig, deps)
+		default:
+			return nil, errors.Errorf("unknown courier channel type: %s", c.Type)
+		}
+	}
+
 	return &courier{
-		smsClient:  newSMS(ctx, deps),
-		smtpClient: smtp,
-		httpClient: newHTTP(ctx, deps),
-		deps:       deps,
-		backoff:    backoff.NewExponentialBackOff(),
+		deps:            deps,
+		backoff:         backoff.NewExponentialBackOff(),
+		courierChannels: channels,
 	}, nil
 }
 

diff --git a/courier/courier_dispatcher.go b/courier/courier_dispatcher.go
@@ -19,24 +19,21 @@ func (c *courier) DispatchMessage(ctx context.Context, msg Message) error {
 		return err
 	}
 
-	switch msg.Type {
-	case MessageTypeEmail:
-		if err := c.dispatchEmail(ctx, msg); err != nil {
-			return err
-		}
-	case MessageTypePhone:
-		if err := c.dispatchSMS(ctx, msg); err != nil {
-			return err
-		}
-	default:
-		return errors.Errorf("received unexpected message type: %d", msg.Type)
+	channel, ok := c.courierChannels[msg.Channel.String()]
+	if !ok {
+		return errors.Errorf("message %s has unknown channel %q", msg.ID.String(), msg.Channel)
+	}
+
+	if err := channel.Dispatch(ctx, msg); err != nil {
+		return err
 	}
 
 	if err := c.deps.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusSent); err != nil {
 		c.deps.Logger().
 			WithError(err).
 			WithField("message_id", msg.ID).
 			WithField("message_nid", msg.NID).
+			WithField("channel", channel.ID()).
 			Error(`Unable to set the message status to "sent".`)
 		return err
 	}
@@ -47,6 +44,7 @@ func (c *courier) DispatchMessage(ctx context.Context, msg Message) error {
 		WithField("message_type", msg.Type).
 		WithField("message_template_type", msg.TemplateType).
 		WithField("message_subject", msg.Subject).
+		WithField("channel", channel.ID()).
 		Debug("Courier sent out message.")
 
 	return nil