Skip to content

Implement TOTP MFA enrollment flows #6598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 14, 2022
Merged

Implement TOTP MFA enrollment flows #6598

merged 4 commits into from
Sep 14, 2022

Conversation

prameshj
Copy link
Contributor

@prameshj prameshj commented Sep 13, 2022
edited
Loading

Implement the enrollment flow for TOTP MFA.

This PR contains the following changes:

  1. API calls for start/finalize enrollment for TOTP
  2. merging all totp mfa code into src/mfa/assertions. We do not need to restrict to platform_browser.
  3. Extending MfaInfo parsing logic to look for totpInfo.

These changes will be merged into the TOTP development branch.

Testing

  • Added unit tests
  • Verified the enrollment flow by modifying the demo app.

@prameshj
Implement TOTP MFA enrollment.
b3212b3 
This includes changes to mfa_info, addition of TotpMultiFactorImpl and unit tests.
@changeset-bot
Copy link

changeset-bot bot commented Sep 13, 2022
edited
Loading

⚠️ No Changeset found

Latest commit: eac5600

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@prameshj prameshj marked this pull request as draft September 13, 2022 21:32
@google-oss-bot
Copy link
Contributor

google-oss-bot commented Sep 13, 2022
edited
Loading

Size Report 1

Affected Products

  • @firebase/auth

    TypeBase (b012cae)Merge (9aa7373)Diff
    browser155 kB156 kB+297 B (+0.2%)
    cordova183 kB184 kB+450 B (+0.2%)
    esm5203 kB203 kB+450 B (+0.2%)
    main148 kB149 kB+456 B (+0.3%)
    module155 kB156 kB+297 B (+0.2%)
    react-native168 kB169 kB+458 B (+0.3%)

  • @firebase/auth/cordova

    TypeBase (b012cae)Merge (9aa7373)Diff
    browser183 kB184 kB+450 B (+0.2%)
    module183 kB184 kB+450 B (+0.2%)

  • @firebase/auth/internal

    TypeBase (b012cae)Merge (9aa7373)Diff
    browser166 kB166 kB+297 B (+0.2%)
    esm5216 kB217 kB+450 B (+0.2%)
    main184 kB184 kB+458 B (+0.2%)
    module166 kB166 kB+297 B (+0.2%)

  • @firebase/auth/react-native

    TypeBase (b012cae)Merge (9aa7373)Diff
    browser168 kB169 kB+458 B (+0.3%)
    module168 kB169 kB+458 B (+0.3%)

  • firebase

    TypeBase (b012cae)Merge (9aa7373)Diff
    firebase-auth-compat.js125 kB125 kB+144 B (+0.1%)
    firebase-auth-cordova.js137 kB137 kB+181 B (+0.1%)
    firebase-auth-react-native.js148 kB148 kB+191 B (+0.1%)
    firebase-auth.js116 kB116 kB+144 B (+0.1%)
    firebase-compat.js738 kB738 kB+144 B (+0.0%)

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/9y7ODQGWtU.html

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Sep 13, 2022
edited
Loading

Size Analysis Report 1

Affected Products

  • @firebase/auth

    • checkActionCode

      Size

      TypeBase (b012cae)Merge (9aa7373)Diff
      size32.6 kB32.7 kB+160 B (+0.5%)
      size-with-ext-deps52.3 kB52.5 kB+160 B (+0.3%)

      Dependency

      TypeBase (b012cae)Merge (9aa7373)Diff
      classes

      15 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
UserImpl
UserMetadata

      16 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
TotpMultiFactorInfoImpl
UserImpl
UserMetadata

      + TotpMultiFactorInfoImpl

    • getMultiFactorResolver

      Size

      TypeBase (b012cae)Merge (9aa7373)Diff
      size34.1 kB34.3 kB+160 B (+0.5%)
      size-with-ext-deps53.9 kB54.1 kB+160 B (+0.3%)

      Dependency

      TypeBase (b012cae)Merge (9aa7373)Diff
      classes

      18 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
MultiFactorResolverImpl
MultiFactorSessionImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
UserCredentialImpl
UserImpl
UserMetadata

      19 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
MultiFactorResolverImpl
MultiFactorSessionImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
TotpMultiFactorInfoImpl
UserCredentialImpl
UserImpl
UserMetadata

      + TotpMultiFactorInfoImpl

    • multiFactor

      Size

      TypeBase (b012cae)Merge (9aa7373)Diff
      size33.6 kB33.8 kB+160 B (+0.5%)
      size-with-ext-deps53.4 kB53.6 kB+160 B (+0.3%)

      Dependency

      TypeBase (b012cae)Merge (9aa7373)Diff
      classes

      17 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
MultiFactorSessionImpl
MultiFactorUserImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
UserImpl
UserMetadata

      18 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
MultiFactorSessionImpl
MultiFactorUserImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
TotpMultiFactorInfoImpl
UserImpl
UserMetadata

      + TotpMultiFactorInfoImpl

    • verifyPasswordResetCode

      Size

      TypeBase (b012cae)Merge (9aa7373)Diff
      size32.6 kB32.8 kB+160 B (+0.5%)
      size-with-ext-deps52.4 kB52.6 kB+160 B (+0.3%)

      Dependency

      TypeBase (b012cae)Merge (9aa7373)Diff
      classes

      15 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
UserImpl
UserMetadata

      16 dependencies

      AuthImpl
AuthInterop
AuthMiddlewareQueue
Delay
FetchProvider
InMemoryPersistence
MultiFactorInfoImpl
NetworkTimeout
PersistenceUserManager
PhoneMultiFactorInfoImpl
ProactiveRefresh
StsTokenManager
Subscription
TotpMultiFactorInfoImpl
UserImpl
UserMetadata

      + TotpMultiFactorInfoImpl

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/4lyLmAvFbc.html

@prameshj
move all TOTP implementation into core/mfa/assertions.
3e1ac5e 
We do not need to restrict this to platform_browser. SMS mfa is in platform_browser since it requires a recaptcha step.
@prameshj
Include a reference to Auth in TotpSecret
0c70e50 
This is cleaner than looking up the app and auth instance with getApp and getAuth.
@prameshj prameshj marked this pull request as ready for review September 14, 2022 16:37
@prameshj
Copy link
Contributor Author

@sam-gc @bhparijat PTAL. Thanks!

@prameshj
Copy link
Contributor Author

cc @renkelvin

sam-gc
sam-gc reviewed Sep 14, 2022
View reviewed changes
@prameshj prameshj changed the title [WIP] Implement TOTP MFA enrollment flows Implement TOTP MFA enrollment flows Sep 14, 2022
@prameshj prameshj merged commit d9ad868 into mfa-totp Sep 14, 2022
@prameshj prameshj deleted the mfa-totp-prameshj branch September 14, 2022 22:33
prameshj added a commit that referenced this pull request Sep 16, 2022
@prameshj
Implement TOTP MFA enrollment flows (#6598)
9774b69 
* Implement TOTP MFA enrollment.

This includes changes to mfa_info, addition of TotpMultiFactorImpl and unit tests.

* move all TOTP implementation into core/mfa/assertions.

We do not need to restrict this to platform_browser. SMS mfa is in platform_browser since it requires a recaptcha step.

* Include a reference to Auth in TotpSecret

This is cleaner than looking up the app and auth instance with getApp and getAuth.

* addressed review comments, added totp subdirectory.
prameshj added a commit that referenced this pull request Sep 16, 2022
@prameshj
Implement TOTP MFA enrollment flows (#6598)
9c6e780 
* Implement TOTP MFA enrollment.

This includes changes to mfa_info, addition of TotpMultiFactorImpl and unit tests.

* move all TOTP implementation into core/mfa/assertions.

We do not need to restrict this to platform_browser. SMS mfa is in platform_browser since it requires a recaptcha step.

* Include a reference to Auth in TotpSecret

This is cleaner than looking up the app and auth instance with getApp and getAuth.

* addressed review comments, added totp subdirectory.
bhparijat pushed a commit that referenced this pull request Sep 23, 2022
@prameshj @bhparijat
Implement TOTP MFA enrollment flows (#6598)
595ee5f 
* Implement TOTP MFA enrollment.

This includes changes to mfa_info, addition of TotpMultiFactorImpl and unit tests.

* move all TOTP implementation into core/mfa/assertions.

We do not need to restrict this to platform_browser. SMS mfa is in platform_browser since it requires a recaptcha step.

* Include a reference to Auth in TotpSecret

This is cleaner than looking up the app and auth instance with getApp and getAuth.

* addressed review comments, added totp subdirectory.
bhparijat pushed a commit that referenced this pull request Sep 23, 2022
@prameshj @bhparijat
Implement TOTP MFA enrollment flows (#6598)
344ac3a 
* Implement TOTP MFA enrollment.

This includes changes to mfa_info, addition of TotpMultiFactorImpl and unit tests.

* move all TOTP implementation into core/mfa/assertions.

We do not need to restrict this to platform_browser. SMS mfa is in platform_browser since it requires a recaptcha step.

* Include a reference to Auth in TotpSecret

This is cleaner than looking up the app and auth instance with getApp and getAuth.

* addressed review comments, added totp subdirectory.
bhparijat pushed a commit that referenced this pull request Oct 11, 2022
@prameshj @bhparijat
Implement TOTP MFA enrollment flows (#6598)
29e1ae0 
* Implement TOTP MFA enrollment.

This includes changes to mfa_info, addition of TotpMultiFactorImpl and unit tests.

* move all TOTP implementation into core/mfa/assertions.

We do not need to restrict this to platform_browser. SMS mfa is in platform_browser since it requires a recaptcha step.

* Include a reference to Auth in TotpSecret

This is cleaner than looking up the app and auth instance with getApp and getAuth.

* addressed review comments, added totp subdirectory.
bhparijat pushed a commit that referenced this pull request Oct 13, 2022
@prameshj @bhparijat
Implement TOTP MFA enrollment flows (#6598)
813a531 
* Implement TOTP MFA enrollment.

This includes changes to mfa_info, addition of TotpMultiFactorImpl and unit tests.

* move all TOTP implementation into core/mfa/assertions.

We do not need to restrict this to platform_browser. SMS mfa is in platform_browser since it requires a recaptcha step.

* Include a reference to Auth in TotpSecret

This is cleaner than looking up the app and auth instance with getApp and getAuth.

* addressed review comments, added totp subdirectory.
@firebase firebase locked and limited conversation to collaborators Oct 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sam-gc sam-gc sam-gc approved these changes

@avolkovi avolkovi Awaiting requested review from avolkovi avolkovi is a code owner

@lisajian lisajian Awaiting requested review from lisajian lisajian is a code owner

@yuchenshi yuchenshi Awaiting requested review from yuchenshi yuchenshi is a code owner

@dwyfrequency dwyfrequency Awaiting requested review from dwyfrequency

@hsubox76 hsubox76 Awaiting requested review from hsubox76 hsubox76 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@prameshj @google-oss-bot @sam-gc