Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Make admin recovery to work without emails #1419 #1750

Merged
merged 24 commits into from
Oct 29, 2021
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
a750020
Make admin recovery to work without emails, #1419
abador Sep 14, 2021
c6f3d98
CR fixes, #1419
abador Sep 15, 2021
a6be25c
Docs, #1419
abador Sep 15, 2021
3492ca5
Update persistence/sql/persister_recovery.go
abador Sep 16, 2021
45ec59b
Migration with foreign key for sqlite, #1419
abador Sep 22, 2021
e8c943f
Merge branch 'master' into issue-1419-admin-recovery-without-email
abador Sep 29, 2021
142d4dd
Merge branch 'master' into issue-1419-admin-recovery-without-email
aeneasr Oct 11, 2021
db4b63f
chore: code review
aeneasr Oct 12, 2021
823050a
Merge branch 'master' into issue-1419-admin-recovery-without-email
abador Oct 21, 2021
f57f1bb
fix tests
abador Oct 21, 2021
99441b1
fix imports
abador Oct 21, 2021
58f696d
fix tests
abador Oct 25, 2021
5272633
fix tests
abador Oct 25, 2021
5eaedc4
Merge branch 'master' into issue-1419-admin-recovery-without-email
abador Oct 25, 2021
1fc3eb4
try to fix tests
abador Oct 25, 2021
48bcb38
try to fix tests
abador Oct 25, 2021
d19eede
try to fix tests
abador Oct 26, 2021
08a6d1f
try to fix tests
abador Oct 26, 2021
462df89
Merge branch 'master' into issue-1419-admin-recovery-without-email
abador Oct 26, 2021
6810666
try to fix tests
abador Oct 26, 2021
053da6b
Merge remote-tracking branch 'origin/issue-1419-admin-recovery-withou…
abador Oct 26, 2021
0c72018
Cleanup tests
abador Oct 26, 2021
b3ff59f
Merge branch 'master' into issue-1419-admin-recovery-without-email
abador Oct 28, 2021
9bfe61e
Merge branch 'master' into issue-1419-admin-recovery-without-email
abador Oct 28, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ docs/cli: .bin/clidoc
clidoc .

.bin/ory: Makefile
bash <(curl https://raw.githubusercontent.com/ory/cli/master/install.sh) -b .bin v0.0.53
bash <(curl https://raw.githubusercontent.com/ory/cli/master/install.sh) -b .bin v0.0.60
touch -a -m .bin/ory

node_modules: package.json Makefile
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/.static/api.json
Original file line number Diff line number Diff line change
Expand Up @@ -1618,7 +1618,7 @@
},
"/recovery/link": {
"post": {
"description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account.",
"description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account. It's possible to generate a link for an account without a recovery address.",
"operationId": "adminCreateSelfServiceRecoveryLink",
"requestBody": {
"content": {
Expand Down
5 changes: 4 additions & 1 deletion docs/docs/admin/managing-users-identities.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,10 @@ to use for this user. Similarly, the trait key/values depend on your schema as
well. The command shown does not create a password for the identity or any other
type of credential. Instead, we will use another REST call to create a recovery
link (here "invite link" is probably more appropriate, but the flow uses an
account recovery link).
account recovery link). It's possible to generate a link for an account without
a recovery address via the admin API, but if the recovery link expires the user
won't be able to reinitiate the flow by himself as long as the recovery address
has been added.

To create the account recovery link, use:

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP COLUMN "identity_id";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD COLUMN "identity_id" UUID NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `identity_recovery_tokens` DROP COLUMN `identity_id`;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `identity_recovery_tokens` ADD COLUMN `identity_id` char(36) NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP COLUMN "identity_id";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD COLUMN "identity_id" UUID NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "_identity_recovery_tokens_tmp" RENAME TO "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD COLUMN "identity_id" char(36) NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP CONSTRAINT "identity_recovery_tokens_identity_id_fk_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_identity_id_fk_idx" FOREIGN KEY ("identity_id") REFERENCES "identities" ("id") ON UPDATE RESTRICT ON DELETE CASCADE;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `identity_recovery_tokens` DROP FOREIGN KEY `identity_recovery_tokens_identity_id_fk_idx`;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `identity_recovery_tokens` ADD CONSTRAINT `identity_recovery_tokens_identity_id_fk_idx` FOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP CONSTRAINT "identity_recovery_tokens_identity_id_fk_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_identity_id_fk_idx" FOREIGN KEY ("identity_id") REFERENCES "identities" ("id") ON UPDATE RESTRICT ON DELETE CASCADE;
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@

DROP TABLE "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_tokens_nid_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_identity_recovery_addresses_id_fk" FOREIGN KEY ("identity_recovery_address_id") REFERENCES "identity_recovery_addresses" ("id") ON UPDATE NO ACTION ON DELETE CASCADE;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP CONSTRAINT "identity_recovery_tokens_identity_recovery_addresses_id_fk";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `identity_recovery_tokens` MODIFY `identity_recovery_address_id` char(36) NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `identity_recovery_tokens` MODIFY `identity_recovery_address_id` char(36);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ALTER COLUMN "identity_recovery_address_id" TYPE UUID, ALTER COLUMN "identity_recovery_address_id" SET NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ALTER COLUMN "identity_recovery_address_id" TYPE UUID, ALTER COLUMN "identity_recovery_address_id" DROP NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
INSERT INTO "_identity_recovery_tokens_tmp" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid FROM "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_addresses_code_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP COLUMN "_identity_recovery_address_id_tmp";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" RENAME COLUMN "identity_recovery_address_id" TO "_identity_recovery_address_id_tmp";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE INDEX "identity_recovery_tokens_nid_idx" ON "_identity_recovery_tokens_tmp" (id, nid);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_addresses_code_uq_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ALTER COLUMN "identity_recovery_address_id" SET NOT NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD COLUMN "identity_recovery_address_id" UUID;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE INDEX "identity_recovery_addresses_code_idx" ON "_identity_recovery_tokens_tmp" (token);
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
CREATE TABLE "_identity_recovery_tokens_tmp" (
"id" TEXT PRIMARY KEY,
"token" TEXT NOT NULL,
"used" bool NOT NULL DEFAULT 'false',
"used_at" DATETIME,
"identity_recovery_address_id" char(36),
"selfservice_recovery_flow_id" char(36),
"created_at" DATETIME NOT NULL,
"updated_at" DATETIME NOT NULL,
"expires_at" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',
"issued_at" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',
"nid" char(36),
"identity_id" char(36) NOT NULL,
FOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,
FOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE
);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
UPDATE "identity_recovery_tokens" SET "identity_recovery_address_id" = "_identity_recovery_address_id_tmp";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
UPDATE "identity_recovery_tokens" SET "identity_recovery_address_id" = "_identity_recovery_address_id_tmp";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE UNIQUE INDEX "identity_recovery_addresses_code_uq_idx" ON "_identity_recovery_tokens_tmp" (token);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE INDEX "identity_recovery_tokens_nid_idx" ON "_identity_recovery_tokens_tmp" (id, nid);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD COLUMN "identity_recovery_address_id" UUID;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP COLUMN "_identity_recovery_address_id_tmp";
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
CREATE TABLE "_identity_recovery_tokens_tmp" (
"id" TEXT PRIMARY KEY,
"token" TEXT NOT NULL,
"used" bool NOT NULL DEFAULT 'false',
"used_at" DATETIME,
"identity_recovery_address_id" char(36) NOT NULL,
"selfservice_recovery_flow_id" char(36),
"created_at" DATETIME NOT NULL,
"updated_at" DATETIME NOT NULL,
"expires_at" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',
"issued_at" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',
"nid" char(36),
FOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,
FOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE
);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE INDEX "identity_recovery_addresses_code_idx" ON "_identity_recovery_tokens_tmp" (token);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" RENAME COLUMN "identity_recovery_address_id" TO "_identity_recovery_address_id_tmp";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_identity_recovery_addresses_id_fk" FOREIGN KEY ("identity_recovery_address_id") REFERENCES "identity_recovery_addresses" ("id") ON UPDATE NO ACTION ON DELETE CASCADE;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_tokens_nid_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE UNIQUE INDEX "identity_recovery_addresses_code_uq_idx" ON "_identity_recovery_tokens_tmp" (token);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "identity_recovery_tokens" DROP CONSTRAINT "identity_recovery_tokens_identity_recovery_addresses_id_fk";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_addresses_code_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
INSERT INTO "_identity_recovery_tokens_tmp" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid, identity_id) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid, identity_id FROM "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_addresses_code_uq_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP TABLE "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "_identity_recovery_tokens_tmp" RENAME TO "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "_identity_recovery_tokens_tmp" RENAME TO "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP TABLE "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
INSERT INTO "_identity_recovery_tokens_tmp" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid, identity_id) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid, identity_id FROM "identity_recovery_tokens";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE INDEX "identity_recovery_tokens_nid_idx" ON "_identity_recovery_tokens_tmp" (id, nid);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE INDEX "identity_recovery_addresses_code_idx" ON "_identity_recovery_tokens_tmp" (token);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CREATE UNIQUE INDEX "identity_recovery_addresses_code_uq_idx" ON "_identity_recovery_tokens_tmp" (token);
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
CREATE TABLE "_identity_recovery_tokens_tmp" (
"id" TEXT PRIMARY KEY,
"token" TEXT NOT NULL,
"used" bool NOT NULL DEFAULT 'false',
"used_at" DATETIME,
"identity_recovery_address_id" char(36) NOT NULL,
"selfservice_recovery_flow_id" char(36),
"created_at" DATETIME NOT NULL,
"updated_at" DATETIME NOT NULL,
"expires_at" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',
"issued_at" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',
"nid" char(36),
"identity_id" char(36) NOT NULL,
FOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,
FOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE
);
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_tokens_nid_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_addresses_code_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DROP INDEX IF EXISTS "identity_recovery_addresses_code_uq_idx";
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
sql("DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL")
change_column("identity_recovery_tokens", "identity_recovery_address_id", "uuid", {"size": 36})
aeneasr marked this conversation as resolved.
Show resolved Hide resolved
{{ if not .IsSQLite }}
drop_foreign_key("identity_recovery_tokens", "identity_recovery_tokens_identity_id_fk_idx")
{{ end }}
drop_column("identity_recovery_tokens", "identity_id")
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
add_column("identity_recovery_tokens", "identity_id", "uuid", {"size": 36})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should have a foreign key :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in c6f3d98

{{ if not .IsSQLite }}
add_foreign_key("identity_recovery_tokens", "identity_id", {"identities": ["id"]}, {
"name": "identity_recovery_tokens_identity_id_fk_idx",
"on_delete": "CASCADE",
"on_update": "RESTRICT",
})
{{ end }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can add foreign keys in sqlite like so:

sql("ALTER TABLE selfservice_login_flows ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT")

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry missed that comment. I'll try to fix it today

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aeneasr if I add a column this way the migrations don't generate properly. The identity_id column is added i one of the first migrations and then is being removed after some temp table is generated and data is copied there. This causes tests to fail since the identity_id column doesn't exist
"sqlite create: table identity_recovery_tokens has no column named identity_id"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you share the full up/down migration?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did it help? :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry @aeneasr no it didn't. I still get "sqlite create: table identity_recovery_tokens has no column named identity_id" . The only change that wasn't in the pr is in this file: 20210410175418000063_network.sqlite3.down.sql, but it doesn't matter.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll take a look

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just checked out your branch, ran rm -rf persistence/sql/migrations/sql/* && make migrations-render-replace and it worked. Not sure what's going on on your end?

Assuming tests pass, is this PR complete in your opinion?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just checked out your branch, ran rm -rf persistence/sql/migrations/sql/* && make migrations-render-replace and it worked. Not sure what's going on on your end?

Assuming tests pass, is this PR complete in your opinion?

make migrations-render-replace works, but tests fail after that the same way. After regenerating migrations the only difference between my pr and local changes is the file I mentioned in the previous comment.

As for the PR I would say it's finished.

change_column("identity_recovery_tokens", "identity_recovery_address_id", "uuid", {"size": 36,"null": true})
16 changes: 7 additions & 9 deletions persistence/sql/persister_recovery.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,13 @@ import (
"fmt"
"time"

"github.com/ory/kratos/corp"
"github.com/ory/kratos/identity"

"github.com/gobuffalo/pop/v5"
"github.com/gofrs/uuid"

"github.com/ory/x/sqlcon"

"github.com/ory/kratos/corp"
abador marked this conversation as resolved.
Show resolved Hide resolved
"github.com/ory/kratos/identity"
"github.com/ory/kratos/selfservice/flow/recovery"
"github.com/ory/kratos/selfservice/strategy/link"
"github.com/ory/x/sqlcon"
)

var _ recovery.FlowPersister = new(Persister)
Expand Down Expand Up @@ -76,11 +73,12 @@ func (p *Persister) UseRecoveryToken(ctx context.Context, token string) (*link.R

var ra identity.RecoveryAddress
if err := tx.Where("id = ? AND nid = ?", rt.RecoveryAddressID, nid).First(&ra); err != nil {
return sqlcon.HandleError(err)
if !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) {
return err
}
rt.RecoveryAddress = &ra
}

rt.RecoveryAddress = &ra

/* #nosec G201 TableName is static */
return tx.RawQuery(fmt.Sprintf("UPDATE %s SET used=true, used_at=? WHERE id=? AND nid = ?", rt.TableName(ctx)), time.Now().UTC(), rt.ID, nid).Exec()
})); err != nil {
Expand Down
15 changes: 3 additions & 12 deletions selfservice/strategy/link/strategy_recovery.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,23 +162,14 @@ func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _
s.d.Writer().WriteError(w, r, err)
return
}

if len(id.RecoveryAddresses) == 0 {
s.d.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("The identity does not have any recovery addresses set.")))
return
}

address := id.RecoveryAddresses[0]
token := NewRecoveryToken(&address, expiresIn)
token := NewRecoveryToken(id.ID, expiresIn)
if err := s.d.RecoveryTokenPersister().CreateRecoveryToken(r.Context(), token); err != nil {
s.d.Writer().WriteError(w, r, err)
return
}

s.d.Audit().
WithField("via", address.Via).
WithField("identity_id", address.IdentityID).
WithSensitiveField("email_address", address.Value).
WithField("identity_id", id.ID).
WithSensitiveField("recovery_link_token", token).
Info("A recovery link has been created.")

Expand Down Expand Up @@ -327,7 +318,7 @@ func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, body
return s.HandleRecoveryError(w, r, f, body, err)
}

return s.recoveryIssueSession(w, r, f, token.RecoveryAddress.IdentityID)
return s.recoveryIssueSession(w, r, f, token.IdentityID)
}

func (s *Strategy) retryRecoveryFlowWithMessage(w http.ResponseWriter, r *http.Request, ft flow.Type, message *text.Message) error {
Expand Down
22 changes: 18 additions & 4 deletions selfservice/strategy/link/strategy_recovery_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,16 +100,30 @@ func TestAdminStrategy(t *testing.T) {
assert.EqualError(t, err.(*kratos.GenericOpenAPIError), "404 Not Found")
})

t.Run("description=should not be able to recover an account that does not have a recovery email", func(t *testing.T) {
t.Run("description=should create a valid recovery link without email", func(t *testing.T) {
id := identity.Identity{Traits: identity.Traits(`{}`)}

require.NoError(t, reg.IdentityManager().Create(context.Background(),
&id, identity.ManagerAllowWriteProtectedTraits))

_, _, err := adminSDK.V0alpha1Api.AdminCreateSelfServiceRecoveryLink(context.Background()).AdminCreateSelfServiceRecoveryLinkBody(kratos.AdminCreateSelfServiceRecoveryLinkBody{
publicTS, adminTS := testhelpers.NewKratosServer(t, reg)
adminSDK := testhelpers.NewSDKClient(adminTS)

rl, _, err := adminSDK.V0alpha1Api.AdminCreateSelfServiceRecoveryLink(context.Background()).AdminCreateSelfServiceRecoveryLinkBody(kratos.AdminCreateSelfServiceRecoveryLinkBody{
IdentityId: id.ID.String(),
ExpiresIn: pointerx.String("100ms"),
}).Execute()
require.IsType(t, err, new(kratos.GenericOpenAPIError), "%T", err)
assert.EqualError(t, err.(*kratos.GenericOpenAPIError), "400 Bad Request")
require.NoError(t, err)

time.Sleep(time.Millisecond * 100)
checkLink(t, rl, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan()))
res, err := publicTS.Client().Get(rl.RecoveryLink)
require.NoError(t, err)

require.Equal(t, http.StatusOK, res.StatusCode)

// We end up here because the link is expired.
assert.Contains(t, res.Request.URL.Path, "/recover", rl.RecoveryLink)
})

t.Run("description=should create a valid recovery link and set the expiry time and not be able to recover the account", func(t *testing.T) {
Expand Down
Loading