diff --git a/selfservice/flowhelpers/login.go b/selfservice/flowhelpers/login.go new file mode 100644 index 000000000000..76d673f0fdea --- /dev/null +++ b/selfservice/flowhelpers/login.go @@ -0,0 +1,31 @@ +package flowhelpers + +import ( + "github.com/ory/kratos/identity" + "github.com/ory/kratos/session" + "net/http" +) + +// GuessForcedLoginIdentifier returns the identifier for login flows where the identity needs to refresh the session. +func GuessForcedLoginIdentifier(r *http.Request, d interface { + session.ManagementProvider + identity.PrivilegedPoolProvider +}, f interface { + IsForced() bool +}, ct identity.CredentialsType) (identifier string) { + // This block adds the identifier to the method when the request is forced - as a hint for the user. + if !f.IsForced() { + // do nothing + } else if sess, err := d.SessionManager().FetchFromRequest(r.Context(), r); err != nil { + // do nothing + } else if id, err := d.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), sess.IdentityID); err != nil { + // do nothing + } else if creds, ok := id.GetCredentials(ct); !ok { + // do nothing + } else if len(creds.Identifiers) == 0 { + // do nothing + } else { + identifier = creds.Identifiers[0] + } + return +} diff --git a/selfservice/flowhelpers/login_test.go b/selfservice/flowhelpers/login_test.go new file mode 100644 index 000000000000..0109f8b5a40a --- /dev/null +++ b/selfservice/flowhelpers/login_test.go @@ -0,0 +1,40 @@ +package flowhelpers_test + +import ( + "context" + "github.com/ory/kratos/identity" + "github.com/ory/kratos/internal" + "github.com/ory/kratos/internal/testhelpers" + "github.com/ory/kratos/selfservice/flow/login" + "github.com/ory/kratos/selfservice/flowhelpers" + "github.com/ory/kratos/session" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "net/http/httptest" + "testing" + "time" +) + +func TestGuessForcedLoginIdentifier(t *testing.T) { + conf, reg := internal.NewFastRegistryWithMocks(t) + testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") + + i := identity.NewIdentity("") + i.Credentials[identity.CredentialsTypePassword] = identity.Credentials{ + Type: identity.CredentialsTypePassword, + Identifiers: []string{"foobar"}, + } + require.NoError(t, reg.IdentityManager().Create(context.Background(), i)) + + sess, err := session.NewActiveSession(i, conf, time.Now(), identity.CredentialsTypePassword) + require.NoError(t, err) + reg.SessionPersister().UpsertSession(context.Background(), sess) + + r := httptest.NewRequest("GET", "/login", nil) + r.Header.Set("Authorization", "Bearer "+sess.Token) + + var f login.Flow + f.Refresh = true + + assert.Equal(t, "foobar", flowhelpers.GuessForcedLoginIdentifier(r, reg, &f, identity.CredentialsTypePassword)) +} diff --git a/selfservice/flowhelpers/stub/login.schema.json b/selfservice/flowhelpers/stub/login.schema.json new file mode 100644 index 000000000000..82f85811a16a --- /dev/null +++ b/selfservice/flowhelpers/stub/login.schema.json @@ -0,0 +1,11 @@ +{ + "$id": "https://example.com/person.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Person", + "type": "object", + "properties": { + "traits": { + "type": "object" + } + } +}