mirror of
https://github.com/teamhanko/hanko.git
synced 2025-10-27 06:06:54 +08:00
240 lines
8.0 KiB
Go
240 lines
8.0 KiB
Go
package flow
|
|
|
|
import (
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/capabilities"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/credential_onboarding"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/credential_usage"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/device_trust"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/login"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/mfa_creation"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/mfa_usage"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/profile"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/registration"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/shared"
|
|
"github.com/teamhanko/hanko/backend/flow_api/flow/user_details"
|
|
"github.com/teamhanko/hanko/backend/flowpilot"
|
|
"time"
|
|
)
|
|
|
|
var CapabilitiesSubFlow = flowpilot.NewSubFlow(shared.FlowCapabilities).
|
|
State(shared.StatePreflight, capabilities.RegisterClientCapabilities{}).
|
|
MustBuild()
|
|
|
|
var CredentialUsageSubFlow = flowpilot.NewSubFlow(shared.FlowCredentialUsage).
|
|
State(shared.StateLoginInit,
|
|
credential_usage.ContinueWithLoginIdentifier{},
|
|
credential_usage.WebauthnGenerateRequestOptions{},
|
|
credential_usage.WebauthnVerifyAssertionResponse{},
|
|
credential_usage.RememberMe{},
|
|
shared.ThirdPartyOAuth{}).
|
|
State(shared.StateLoginPasskey,
|
|
credential_usage.WebauthnVerifyAssertionResponse{},
|
|
shared.Back{}).
|
|
State(shared.StateThirdParty,
|
|
shared.ExchangeToken{},
|
|
shared.Back{}).
|
|
State(shared.StateLoginMethodChooser,
|
|
credential_usage.ContinueToPasswordLogin{},
|
|
credential_usage.ContinueToPasscodeConfirmation{},
|
|
credential_usage.WebauthnGenerateRequestOptions{},
|
|
shared.Back{},
|
|
).
|
|
State(shared.StateLoginPassword,
|
|
credential_usage.PasswordLogin{},
|
|
credential_usage.ContinueToPasscodeConfirmationRecovery{},
|
|
shared.Back{},
|
|
).
|
|
State(shared.StateLoginPasswordRecovery,
|
|
credential_usage.PasswordRecovery{}).
|
|
State(shared.StatePasscodeConfirmation,
|
|
credential_usage.VerifyPasscode{},
|
|
credential_usage.ReSendPasscode{},
|
|
shared.Back{}).
|
|
BeforeState(shared.StatePasscodeConfirmation,
|
|
credential_usage.SendPasscode{}).
|
|
MustBuild()
|
|
|
|
var CredentialOnboardingSubFlow = flowpilot.NewSubFlow(shared.FlowCredentialOnboarding).
|
|
State(shared.StateCredentialOnboardingChooser,
|
|
credential_onboarding.ContinueToPasskey{},
|
|
credential_onboarding.ContinueToPassword{},
|
|
credential_onboarding.SkipCredentialOnboardingMethodChooser{},
|
|
shared.Back{}).
|
|
State(shared.StateOnboardingCreatePasskey,
|
|
credential_onboarding.WebauthnGenerateCreationOptions{},
|
|
credential_onboarding.SkipPasskey{},
|
|
shared.Back{}).
|
|
State(shared.StateOnboardingVerifyPasskeyAttestation,
|
|
credential_onboarding.WebauthnVerifyAttestationResponse{},
|
|
shared.Back{}).
|
|
State(shared.StatePasswordCreation,
|
|
credential_onboarding.RegisterPassword{},
|
|
credential_onboarding.SkipPassword{},
|
|
shared.Back{}).
|
|
MustBuild()
|
|
|
|
var UserDetailsSubFlow = flowpilot.NewSubFlow(shared.FlowUserDetails).
|
|
State(shared.StateOnboardingUsername,
|
|
user_details.UsernameSet{},
|
|
user_details.SkipUsername{}).
|
|
State(shared.StateOnboardingEmail,
|
|
user_details.EmailAddressSet{},
|
|
user_details.SkipEmail{}).
|
|
MustBuild()
|
|
|
|
var MFACreationSubFlow = flowpilot.NewSubFlow(shared.FlowMFACreation).
|
|
State(shared.StateMFAMethodChooser,
|
|
mfa_creation.ContinueToOTPSecretCreation{},
|
|
mfa_creation.ContinueToSecurityKeyCreation{},
|
|
mfa_creation.SkipMFA{},
|
|
shared.Back{}).
|
|
BeforeState(shared.StateMFAOTPSecretCreation,
|
|
mfa_creation.OTPSecretGenerate{}).
|
|
State(shared.StateMFAOTPSecretCreation,
|
|
mfa_creation.OTPCodeVerify{},
|
|
shared.Back{}).
|
|
State(shared.StateMFASecurityKeyCreation,
|
|
mfa_creation.WebauthnGenerateCreationOptionsForSecurityKeys{},
|
|
shared.Back{}).
|
|
MustBuild()
|
|
|
|
var MFAUsageSubFlow = flowpilot.NewSubFlow(shared.FlowMFAUsage).
|
|
State(shared.StateLoginSecurityKey,
|
|
mfa_usage.WebauthnGenerateRequestOptionsSecurityKey{},
|
|
mfa_usage.ContinueToLoginOTP{}).
|
|
State(shared.StateLoginOTP,
|
|
mfa_usage.OTPCodeValidate{},
|
|
mfa_usage.ContinueToLoginSecurityKey{}).
|
|
MustBuild()
|
|
|
|
var DeviceTrustSubFlow = flowpilot.NewSubFlow(shared.FlowDeviceTrust).
|
|
State(shared.StateDeviceTrust,
|
|
device_trust.TrustDevice{},
|
|
shared.Skip{},
|
|
shared.Back{}).
|
|
MustBuild()
|
|
|
|
func NewLoginFlow(debug bool) flowpilot.Flow {
|
|
return flowpilot.NewFlow(shared.FlowLogin).
|
|
State(shared.StateSuccess).
|
|
InitialState(shared.StatePreflight, shared.StateLoginInit).
|
|
ErrorState(shared.StateError).
|
|
BeforeState(shared.StateLoginInit,
|
|
login.WebauthnGenerateRequestOptionsForConditionalUi{}).
|
|
BeforeState(shared.StateSuccess,
|
|
login.TriggerLoginWebhook{},
|
|
device_trust.IssueTrustDeviceCookie{},
|
|
shared.IssueSession{},
|
|
shared.GetUserData{}).
|
|
AfterState(shared.StateOnboardingVerifyPasskeyAttestation,
|
|
shared.WebauthnCredentialSave{}).
|
|
AfterState(shared.StatePasscodeConfirmation,
|
|
shared.EmailPersistVerifiedStatus{}).
|
|
AfterState(shared.StatePasswordCreation,
|
|
shared.PasswordSave{}).
|
|
AfterState(shared.StateOnboardingEmail, login.CreateEmail{}).
|
|
AfterState(shared.StatePasscodeConfirmation, login.CreateEmail{}).
|
|
AfterFlow(shared.FlowCredentialUsage, login.ScheduleOnboardingStates{}).
|
|
SubFlows(
|
|
CapabilitiesSubFlow,
|
|
CredentialUsageSubFlow,
|
|
CredentialOnboardingSubFlow,
|
|
DeviceTrustSubFlow,
|
|
UserDetailsSubFlow,
|
|
MFACreationSubFlow,
|
|
MFAUsageSubFlow).
|
|
TTL(24 * time.Hour).
|
|
Debug(debug).
|
|
MustBuild()
|
|
}
|
|
|
|
func NewRegistrationFlow(debug bool) flowpilot.Flow {
|
|
return flowpilot.NewFlow(shared.FlowRegistration).
|
|
State(shared.StateRegistrationInit,
|
|
registration.RegisterLoginIdentifier{},
|
|
credential_usage.RememberMe{},
|
|
shared.ThirdPartyOAuth{}).
|
|
State(shared.StateThirdParty,
|
|
shared.ExchangeToken{},
|
|
shared.Back{}).
|
|
State(shared.StateSuccess).
|
|
InitialState(shared.StatePreflight,
|
|
shared.StateRegistrationInit).
|
|
ErrorState(shared.StateError).
|
|
BeforeState(shared.StateSuccess,
|
|
shared.IssueSession{},
|
|
shared.GetUserData{},
|
|
registration.CreateUser{}).
|
|
SubFlows(
|
|
CapabilitiesSubFlow,
|
|
CredentialUsageSubFlow,
|
|
CredentialOnboardingSubFlow,
|
|
UserDetailsSubFlow,
|
|
MFACreationSubFlow).
|
|
TTL(24 * time.Hour).
|
|
Debug(debug).
|
|
MustBuild()
|
|
}
|
|
|
|
func NewProfileFlow(debug bool) flowpilot.Flow {
|
|
return flowpilot.NewFlow(shared.FlowProfile).
|
|
State(shared.StateProfileInit,
|
|
profile.AccountDelete{},
|
|
profile.ContinueToOTPSecretCreation{},
|
|
profile.EmailCreate{},
|
|
profile.EmailDelete{},
|
|
profile.EmailSetPrimary{},
|
|
profile.EmailVerify{},
|
|
profile.OTPSecretDelete{},
|
|
profile.PasswordCreate{},
|
|
profile.PasswordDelete{},
|
|
profile.PasswordUpdate{},
|
|
profile.SecurityKeyCreate{},
|
|
profile.SecurityKeyDelete{},
|
|
profile.UsernameCreate{},
|
|
profile.UsernameDelete{},
|
|
profile.UsernameUpdate{},
|
|
profile.WebauthnCredentialCreate{},
|
|
profile.WebauthnCredentialDelete{},
|
|
profile.SessionDelete{},
|
|
profile.WebauthnCredentialRename{},
|
|
).
|
|
State(shared.StateProfileWebauthnCredentialVerification,
|
|
profile.WebauthnVerifyAttestationResponse{},
|
|
shared.Back{}).
|
|
State(shared.StateProfileAccountDeleted).
|
|
InitialState(shared.StatePreflight, shared.StateProfileInit).
|
|
ErrorState(shared.StateError).
|
|
BeforeEachAction(profile.RefreshSessionUser{}).
|
|
BeforeState(shared.StateProfileInit, profile.GetProfileData{}, profile.GetSessions{}).
|
|
AfterState(shared.StateProfileWebauthnCredentialVerification, shared.WebauthnCredentialSave{}).
|
|
AfterState(shared.StatePasscodeConfirmation, shared.EmailPersistVerifiedStatus{}).
|
|
SubFlows(
|
|
CapabilitiesSubFlow,
|
|
CredentialOnboardingSubFlow,
|
|
CredentialUsageSubFlow,
|
|
MFACreationSubFlow).
|
|
TTL(24 * time.Hour).
|
|
Debug(debug).
|
|
MustBuild()
|
|
}
|
|
|
|
func NewTokenExchangeFlow(debug bool) flowpilot.Flow {
|
|
return flowpilot.NewFlow("token_exchange").
|
|
State(shared.StateThirdParty,
|
|
shared.ExchangeToken{}).
|
|
State(shared.StateSuccess).
|
|
BeforeState(shared.StateSuccess,
|
|
shared.IssueSession{},
|
|
shared.GetUserData{}).
|
|
SubFlows(
|
|
CredentialUsageSubFlow,
|
|
UserDetailsSubFlow).
|
|
AfterState(shared.StatePasscodeConfirmation,
|
|
shared.EmailPersistVerifiedStatus{}).
|
|
InitialState(shared.StateThirdParty).
|
|
ErrorState(shared.StateError).
|
|
Debug(debug).
|
|
MustBuild()
|
|
}
|