rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-30 01:27:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(users): Add force_two_factor_auth environment variable (#6466)

Browse Source
This commit is contained in:
Mani Chandra
2024-11-05 19:13:11 +05:30
committed by GitHub
parent 95f2e0b8c5
commit 6b66cccd02
10 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/config.example.toml
View File

@ -396,6 +396,7 @@ password_validity_in_days = 90 # Number of days after which password shoul
two_factor_auth_expiry_in_secs = 300 # Number of seconds after which 2FA should be done again if doing update/change from inside two_factor_auth_expiry_in_secs = 300 # Number of seconds after which 2FA should be done again if doing update/change from inside
totp_issuer_name = "Hyperswitch" # Name of the issuer for TOTP totp_issuer_name = "Hyperswitch" # Name of the issuer for TOTP
base_url = "" # Base url used for user specific redirects and emails base_url = "" # Base url used for user specific redirects and emails
force_two_factor_auth = false # Whether to force two factor authentication for all users
#tokenization configuration which describe token lifetime and payment method for specific connector #tokenization configuration which describe token lifetime and payment method for specific connector
[tokenization] [tokenization]

1
config/deployments/integration_test.toml
View File

@ -139,6 +139,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300 two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Integ" totp_issuer_name = "Hyperswitch Integ"
base_url = "https://integ.hyperswitch.io" base_url = "https://integ.hyperswitch.io"
force_two_factor_auth = false
[frm] [frm]
enabled = true enabled = true

1
config/deployments/production.toml
View File

@ -146,6 +146,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300 two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Production" totp_issuer_name = "Hyperswitch Production"
base_url = "https://live.hyperswitch.io" base_url = "https://live.hyperswitch.io"
force_two_factor_auth = false
[frm] [frm]
enabled = false enabled = false

1
config/deployments/sandbox.toml
View File

@ -146,6 +146,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300 two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Sandbox" totp_issuer_name = "Hyperswitch Sandbox"
base_url = "https://app.hyperswitch.io" base_url = "https://app.hyperswitch.io"
force_two_factor_auth = false
[frm] [frm]
enabled = true enabled = true

1
config/development.toml
View File

@ -318,6 +318,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300 two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch Dev" totp_issuer_name = "Hyperswitch Dev"
base_url = "http://localhost:8080" base_url = "http://localhost:8080"
force_two_factor_auth = false
[bank_config.eps] [bank_config.eps]
stripe = { banks = "arzte_und_apotheker_bank,austrian_anadi_bank_ag,bank_austria,bankhaus_carl_spangler,bankhaus_schelhammer_und_schattera_ag,bawag_psk_ag,bks_bank_ag,brull_kallmus_bank_ag,btv_vier_lander_bank,capital_bank_grawe_gruppe_ag,dolomitenbank,easybank_ag,erste_bank_und_sparkassen,hypo_alpeadriabank_international_ag,hypo_noe_lb_fur_niederosterreich_u_wien,hypo_oberosterreich_salzburg_steiermark,hypo_tirol_bank_ag,hypo_vorarlberg_bank_ag,hypo_bank_burgenland_aktiengesellschaft,marchfelder_bank,oberbank_ag,raiffeisen_bankengruppe_osterreich,schoellerbank_ag,sparda_bank_wien,volksbank_gruppe,volkskreditbank_ag,vr_bank_braunau" } stripe = { banks = "arzte_und_apotheker_bank,austrian_anadi_bank_ag,bank_austria,bankhaus_carl_spangler,bankhaus_schelhammer_und_schattera_ag,bawag_psk_ag,bks_bank_ag,brull_kallmus_bank_ag,btv_vier_lander_bank,capital_bank_grawe_gruppe_ag,dolomitenbank,easybank_ag,erste_bank_und_sparkassen,hypo_alpeadriabank_international_ag,hypo_noe_lb_fur_niederosterreich_u_wien,hypo_oberosterreich_salzburg_steiermark,hypo_tirol_bank_ag,hypo_vorarlberg_bank_ag,hypo_bank_burgenland_aktiengesellschaft,marchfelder_bank,oberbank_ag,raiffeisen_bankengruppe_osterreich,schoellerbank_ag,sparda_bank_wien,volksbank_gruppe,volkskreditbank_ag,vr_bank_braunau" }

1
config/docker_compose.toml
View File

@ -56,6 +56,7 @@ password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300 two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch" totp_issuer_name = "Hyperswitch"
base_url = "http://localhost:8080" base_url = "http://localhost:8080"
force_two_factor_auth = false
[locker] [locker]
host = "" host = ""

1
crates/api_models/src/user.rs
View File

@ -211,6 +211,7 @@ pub struct TwoFactorAuthStatusResponseWithAttempts {
#[derive(Debug, serde::Deserialize, serde::Serialize)] #[derive(Debug, serde::Deserialize, serde::Serialize)]
pub struct TwoFactorStatus { pub struct TwoFactorStatus {
pub status: Option<TwoFactorAuthStatusResponseWithAttempts>, pub status: Option<TwoFactorAuthStatusResponseWithAttempts>,
pub is_skippable: bool,
} }
#[derive(Debug, serde::Deserialize, serde::Serialize)] #[derive(Debug, serde::Deserialize, serde::Serialize)]

1
crates/router/src/configs/settings.rs
View File

@ -556,6 +556,7 @@ pub struct UserSettings {
pub two_factor_auth_expiry_in_secs: i64, pub two_factor_auth_expiry_in_secs: i64,
pub totp_issuer_name: String, pub totp_issuer_name: String,
pub base_url: String, pub base_url: String,
pub force_two_factor_auth: bool,
} }
#[derive(Debug, Deserialize, Clone)] #[derive(Debug, Deserialize, Clone)]

8
crates/router/src/core/user.rs
View File

@ -1319,7 +1319,7 @@ pub async fn list_user_roles_details(
)) ))
.await .await
.change_context(UserErrors::InternalServerError) .change_context(UserErrors::InternalServerError)
.attach_printable("Failed to construct proifle map")? .attach_printable("Failed to construct profile map")?
.into_iter() .into_iter()
.map(|profile| (profile.get_id().to_owned(), profile.profile_name)) .map(|profile| (profile.get_id().to_owned(), profile.profile_name))
.collect::<HashMap<_, _>>(); .collect::<HashMap<_, _>>();
@ -1927,7 +1927,7 @@ pub async fn terminate_two_factor_auth(
.change_context(UserErrors::InternalServerError)? .change_context(UserErrors::InternalServerError)?
.into(); .into();
if !skip_two_factor_auth { if state.conf.user.force_two_factor_auth || !skip_two_factor_auth {
if !tfa_utils::check_totp_in_redis(&state, &user_token.user_id).await? if !tfa_utils::check_totp_in_redis(&state, &user_token.user_id).await?
&& !tfa_utils::check_recovery_code_in_redis(&state, &user_token.user_id).await? && !tfa_utils::check_recovery_code_in_redis(&state, &user_token.user_id).await?
{ {
@ -1997,9 +1997,12 @@ pub async fn check_two_factor_auth_status_with_attempts(
.await .await
.change_context(UserErrors::InternalServerError)? .change_context(UserErrors::InternalServerError)?
.into(); .into();
let is_skippable = state.conf.user.force_two_factor_auth.not();
if user_from_db.get_totp_status() == TotpStatus::NotSet { if user_from_db.get_totp_status() == TotpStatus::NotSet {
return Ok(ApplicationResponse::Json(user_api::TwoFactorStatus { return Ok(ApplicationResponse::Json(user_api::TwoFactorStatus {
status: None, status: None,
is_skippable,
})); }));
}; };
@ -2018,6 +2021,7 @@ pub async fn check_two_factor_auth_status_with_attempts(
totp, totp,
recovery_code, recovery_code,
}), }),
is_skippable,
})) }))
} }

1
loadtest/config/development.toml
View File

@ -35,6 +35,7 @@ jwt_secret = "secret"
password_validity_in_days = 90 password_validity_in_days = 90
two_factor_auth_expiry_in_secs = 300 two_factor_auth_expiry_in_secs = 300
totp_issuer_name = "Hyperswitch" totp_issuer_name = "Hyperswitch"
force_two_factor_auth = false
[locker] [locker]
host = "" host = ""