fix(auth): Allow to update MFA (#530)

brokeyourbike · web-flow · commit 2ec220a539e2 · 2023-09-06T14:03:08.000-04:00
* fix: MFA uid can be empty string

* fix: update request have different structure

* test: cover changes

* fix: display name required for MFA

* chore: link to the mfa
diff --git a/auth/user_mgt.go b/auth/user_mgt.go
@@ -68,6 +68,10 @@ type multiFactorInfoResponse struct {
 	EnrolledAt      string `json:"enrolledAt,omitempty"`
 }
 
+type multiFactorEnrollments struct {
+	Enrollments []*multiFactorInfoResponse `json:"enrollments"`
+}
+
 // MultiFactorInfo describes a user enrolled second phone factor.
 // TODO : convert PhoneNumber to PhoneMultiFactorInfo struct
 type MultiFactorInfo struct {
@@ -166,18 +170,19 @@ func (u *UserToCreate) set(key string, value interface{}) *UserToCreate {
 
 // Converts a client format second factor object to server format.
 func convertMultiFactorInfoToServerFormat(mfaInfo MultiFactorInfo) (multiFactorInfoResponse, error) {
-	var authFactorInfo multiFactorInfoResponse
+	authFactorInfo := multiFactorInfoResponse{DisplayName: mfaInfo.DisplayName}
 	if mfaInfo.EnrollmentTimestamp != 0 {
 		authFactorInfo.EnrolledAt = time.Unix(mfaInfo.EnrollmentTimestamp, 0).Format("2006-01-02T15:04:05Z07:00Z")
 	}
+	if mfaInfo.UID != "" {
+		authFactorInfo.MFAEnrollmentID = mfaInfo.UID
+	}
 	if mfaInfo.FactorID == phoneMultiFactorID {
 		authFactorInfo.PhoneInfo = mfaInfo.PhoneNumber
-		authFactorInfo.DisplayName = mfaInfo.DisplayName
-		authFactorInfo.MFAEnrollmentID = mfaInfo.UID
 		return authFactorInfo, nil
 	}
 	out, _ := json.Marshal(mfaInfo)
-	return multiFactorInfoResponse{}, fmt.Errorf("Unsupported second factor %s provided", string(out))
+	return multiFactorInfoResponse{}, fmt.Errorf("unsupported second factor %s provided", string(out))
 }
 
 func (u *UserToCreate) validatedRequest() (map[string]interface{}, error) {
@@ -333,7 +338,9 @@ func (u *UserToUpdate) validatedRequest() (map[string]interface{}, error) {
 			if err != nil {
 				return nil, err
 			}
-			req["mfaInfo"] = mfaInfo
+
+			// https://cloud.google.com/identity-platform/docs/reference/rest/v1/accounts/update
+			req["mfa"] = multiFactorEnrollments{mfaInfo}
 		} else {
 			req[k] = v
 		}
@@ -665,9 +672,6 @@ func validateAndFormatMfaSettings(mfaSettings MultiFactorSettings, methodType st
 				return nil, fmt.Errorf("\"uid\" is not supported when adding second factors via \"createUser()\"")
 			}
 		case updateUserMethod:
-			if multiFactorInfo.UID == "" {
-				return nil, fmt.Errorf("the second factor \"uid\" must be a valid non-empty string when adding second factors via \"updateUser()\"")
-			}
 		default:
 			return nil, fmt.Errorf("unsupported methodType: %s", methodType)
 		}
diff --git a/auth/user_mgt_test.go b/auth/user_mgt_test.go
@@ -894,17 +894,6 @@ func TestInvalidUpdateUser(t *testing.T) {
 				},
 			}),
 			`the second factor "phoneNumber" for "invalid" must be a non-empty E.164 standard compliant identifier string`,
-		}, {
-			(&UserToUpdate{}).MFASettings(MultiFactorSettings{
-				EnrolledFactors: []*MultiFactorInfo{
-					{
-						PhoneNumber: "+11234567890",
-						FactorID:    "phone",
-						DisplayName: "Spouse's phone number",
-					},
-				},
-			}),
-			`the second factor "uid" must be a valid non-empty string when adding second factors via "updateUser()"`,
 		}, {
 			(&UserToUpdate{}).ProviderToLink(&UserProvider{UID: "google_uid"}),
 			"user provider must specify a provider ID",
@@ -1059,10 +1048,14 @@ var updateUserCases = []struct {
 					PhoneNumber: "+11234567890",
 					DisplayName: "Spouse's phone number",
 					FactorID:    "phone",
+				}, {
+					PhoneNumber: "+11234567890",
+					DisplayName: "Spouse's phone number",
+					FactorID:    "phone",
 				},
 			},
 		}),
-		map[string]interface{}{"mfaInfo": []*multiFactorInfoResponse{
+		map[string]interface{}{"mfa": multiFactorEnrollments{Enrollments: []*multiFactorInfoResponse{
 			{
 				MFAEnrollmentID: "enrolledSecondFactor1",
 				PhoneInfo:       "+11234567890",
@@ -1074,12 +1067,16 @@ var updateUserCases = []struct {
 				DisplayName:     "Spouse's phone number",
 				PhoneInfo:       "+11234567890",
 			},
-		},
+			{
+				DisplayName: "Spouse's phone number",
+				PhoneInfo:   "+11234567890",
+			},
+		}},
 		},
 	},
 	{
 		(&UserToUpdate{}).MFASettings(MultiFactorSettings{}),
-		map[string]interface{}{"mfaInfo": nil},
+		map[string]interface{}{"mfa": multiFactorEnrollments{Enrollments: nil}},
 	},
 	{
 		(&UserToUpdate{}).ProviderToLink(&UserProvider{
