chore: remove email phone MFA feature flag (#7770)

* chore: remove feature flag of email phone mfa

* refactor(schemas): set forgot password default value

* fix(schemas): handle nullable columns with default values in schema generator

* fix(schemas): fix alter

* fix: fix integration tests

Author: wangsijie

packages/console/src/components/SignInExperiencePreview/index.tsx

@@ -9,7 +9,6 @@ import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
 import PhoneInfo from '@/assets/images/phone-info.svg?react';
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { AppDataContext } from '@/contexts/AppDataProvider';
 import type { RequestError } from '@/hooks/use-api';
 import useUiLanguages from '@/hooks/use-ui-languages';
@@ -78,9 +77,9 @@ function SignInExperiencePreview({
      * This logic aligns with the core library implementation in sign-in-experience/index.ts
      */
     const forgotPassword = (() => {
-      // If forgotPasswordMethods is null (production compatibility) or dev features are not enabled,
+      // If forgotPasswordMethods is null (production compatibility)
       // fall back to connector-based availability only
-      if (!signInExperience.forgotPasswordMethods || !isDevFeaturesEnabled) {
+      if (!signInExperience.forgotPasswordMethods) {
         return {
           email: hasEmailConnector,
           phone: hasSmsConnector,

packages/console/src/pages/Mfa/MfaForm/index.tsx

@@ -217,60 +217,52 @@ function MfaForm({ data, signInMethods, onMfaUpdated }: Props) {
                 label={<FactorLabel type={MfaFactor.TOTP} />}
                 {...register('totpEnabled')}
               />
-              {isDevFeaturesEnabled && (
-                <>
-                  <div>
-                    <Switch
-                      disabled={isMfaDisabled || isPhoneCodePrimarySignInMethod}
-                      label={<FactorLabel type={MfaFactor.PhoneVerificationCode} />}
-                      tooltip={
-                        isPhoneCodePrimarySignInMethod
-                          ? t('mfa.phone_primary_method_tip')
-                          : undefined
-                      }
-                      {...register('phoneVerificationCodeEnabled')}
-                    />
-                    {formValues.phoneVerificationCodeEnabled && !hasSmsConnector && (
-                      <InlineNotification className={styles.connectorWarning}>
-                        <Trans
-                          components={{
-                            a: <TextLink to="/connectors" />,
-                          }}
-                        >
-                          {t('mfa.no_sms_connector_warning', {
-                            link: t('mfa.setup_link'),
-                          })}
-                        </Trans>
-                      </InlineNotification>
-                    )}
-                  </div>
-                  <div>
-                    <Switch
-                      disabled={isMfaDisabled || isEmailCodePrimarySignInMethod}
-                      label={<FactorLabel type={MfaFactor.EmailVerificationCode} />}
-                      tooltip={
-                        isEmailCodePrimarySignInMethod
-                          ? t('mfa.email_primary_method_tip')
-                          : undefined
-                      }
-                      {...register('emailVerificationCodeEnabled')}
-                    />
-                    {formValues.emailVerificationCodeEnabled && !hasEmailConnector && (
-                      <InlineNotification className={styles.connectorWarning}>
-                        <Trans
-                          components={{
-                            a: <TextLink to="/connectors" />,
-                          }}
-                        >
-                          {t('mfa.no_email_connector_warning', {
-                            link: t('mfa.setup_link'),
-                          })}
-                        </Trans>
-                      </InlineNotification>
-                    )}
-                  </div>
-                </>
-              )}
+              <div>
+                <Switch
+                  disabled={isMfaDisabled || isPhoneCodePrimarySignInMethod}
+                  label={<FactorLabel type={MfaFactor.PhoneVerificationCode} />}
+                  tooltip={
+                    isPhoneCodePrimarySignInMethod ? t('mfa.phone_primary_method_tip') : undefined
+                  }
+                  {...register('phoneVerificationCodeEnabled')}
+                />
+                {formValues.phoneVerificationCodeEnabled && !hasSmsConnector && (
+                  <InlineNotification className={styles.connectorWarning}>
+                    <Trans
+                      components={{
+                        a: <TextLink to="/connectors" />,
+                      }}
+                    >
+                      {t('mfa.no_sms_connector_warning', {
+                        link: t('mfa.setup_link'),
+                      })}
+                    </Trans>
+                  </InlineNotification>
+                )}
+              </div>
+              <div>
+                <Switch
+                  disabled={isMfaDisabled || isEmailCodePrimarySignInMethod}
+                  label={<FactorLabel type={MfaFactor.EmailVerificationCode} />}
+                  tooltip={
+                    isEmailCodePrimarySignInMethod ? t('mfa.email_primary_method_tip') : undefined
+                  }
+                  {...register('emailVerificationCodeEnabled')}
+                />
+                {formValues.emailVerificationCodeEnabled && !hasEmailConnector && (
+                  <InlineNotification className={styles.connectorWarning}>
+                    <Trans
+                      components={{
+                        a: <TextLink to="/connectors" />,
+                      }}
+                    >
+                      {t('mfa.no_email_connector_warning', {
+                        link: t('mfa.setup_link'),
+                      })}
+                    </Trans>
+                  </InlineNotification>
+                )}
+              </div>
               <div className={styles.backupCodeField}>
                 <div className={styles.backupCodeDescription}>
                   <DynamicT forKey="mfa.backup_code_setup_hint" />

packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/index.tsx

@@ -2,7 +2,6 @@ import type { SignInExperience } from '@logto/schemas';
 import { useFormContext } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
-import { isDevFeaturesEnabled } from '@/consts/env';
 import Card from '@/ds-components/Card';
 import FormField from '@/ds-components/FormField';
 
@@ -33,7 +32,7 @@ function SignInForm({ signInExperience }: Props) {
         </FormFieldDescription>
         <SignInMethodEditBox signInExperience={signInExperience} />
       </FormField>
-      {isDevFeaturesEnabled && hasPasswordMethod && <ForgotPasswordMethodEditBox />}
+      {hasPasswordMethod && <ForgotPasswordMethodEditBox />}
     </Card>
   );
 }

packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/index.tsx

@@ -1,4 +1,3 @@
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { type SignInExperiencePageManagedData } from '@/pages/SignInExperience/types';
 
 import ForgotPasswordMethodsDiffSection from './ForgotPasswordMethodsDiffSection';
@@ -26,13 +25,11 @@ function SignUpAndSignInDiffSection({ before, after, isAfter = false }: Props) {
         after={after.socialSignInConnectorTargets}
         isAfter={isAfter}
       />
-      {isDevFeaturesEnabled && (
-        <ForgotPasswordMethodsDiffSection
-          before={before.forgotPasswordMethods ?? undefined}
-          after={after.forgotPasswordMethods ?? undefined}
-          isAfter={isAfter}
-        />
-      )}
+      <ForgotPasswordMethodsDiffSection
+        before={before.forgotPasswordMethods ?? undefined}
+        after={after.forgotPasswordMethods ?? undefined}
+        isAfter={isAfter}
+      />
     </>
   );
 }

packages/console/src/pages/SignInExperience/PageContent/index.tsx

@@ -8,7 +8,6 @@ import { useParams } from 'react-router-dom';
 
 import SubmitFormChangesActionBar from '@/components/SubmitFormChangesActionBar';
 import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal';
-import { isDevFeaturesEnabled } from '@/consts/env';
 import ConfirmModal from '@/ds-components/ConfirmModal';
 import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import useApi from '@/hooks/use-api';
@@ -132,10 +131,6 @@ function PageContent({ data, onSignInExperienceUpdated }: Props) {
 
   // Forgot password migration from null to normal array
   useEffect(() => {
-    if (!isDevFeaturesEnabled) {
-      return;
-    }
-
     // Wait for connectors list loading to be ready
     if (!isConnectorsReady) {
       return;

packages/console/src/pages/SignInExperience/PageContent/utils/form.ts

@@ -2,8 +2,6 @@ import type { SignUp, ForgotPasswordMethod } from '@logto/schemas';
 import { diff } from 'deep-object-diff';
 import type { DeepRequired, FieldErrorsImpl } from 'react-hook-form';
 
-import { isDevFeaturesEnabled } from '@/consts/env';
-
 import type {
   SignInExperienceForm,
   SignInExperiencePageManagedData,
@@ -34,9 +32,7 @@ const hasSocialTargetsChanged = (before: string[], after: string[]) =>
 const hasForgotPasswordMethodsChanged = (
   before: readonly ForgotPasswordMethod[] | undefined,
   after: readonly ForgotPasswordMethod[] | undefined
-) =>
-  isDevFeaturesEnabled &&
-  Object.keys(diff((before ?? []).slice().sort(), (after ?? []).slice().sort())).length > 0;
+) => Object.keys(diff((before ?? []).slice().sort(), (after ?? []).slice().sort())).length > 0;
 
 export const hasSignUpAndSignInConfigChanged = (
   before: SignInExperiencePageManagedData,

packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts

@@ -7,7 +7,6 @@ import {
 } from '@logto/schemas';
 import { conditional } from '@silverhand/essentials';
 
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { emptyBranding } from '@/types/sign-in-experience';
 import { removeFalsyValues } from '@/utils/object';
 
@@ -148,8 +147,6 @@ export const sieFormDataParser = {
       signUp: signUpFormDataParser.toSignUp(signUp),
       signInMode: createAccountEnabled ? SignInMode.SignInAndRegister : SignInMode.SignIn,
       customCss: customCss?.length ? customCss : null,
-      // TODO @wangsijie: Remove this once forgot password methods feature is ready for production.
-      forgotPasswordMethods: isDevFeaturesEnabled ? forgotPasswordMethods : null,
     };
   },
 };

packages/core/src/libraries/sign-in-experience/index.ts

@@ -284,9 +284,9 @@ export const createSignInExperienceLibrary = (
       const hasEmailConnector = logtoConnectors.some(({ type }) => type === ConnectorType.Email);
       const hasSmsConnector = logtoConnectors.some(({ type }) => type === ConnectorType.Sms);
 
-      // If forgotPasswordMethods is null (production compatibility) or dev features are not enabled,
+      // If forgotPasswordMethods is null (production compatibility),
       // fall back to connector-based availability only
-      if (!signInExperience.forgotPasswordMethods || !EnvSet.values.isDevFeaturesEnabled) {
+      if (!signInExperience.forgotPasswordMethods) {
         return {
           email: hasEmailConnector,
           phone: hasSmsConnector,

packages/core/src/libraries/sign-in-experience/mfa.ts

@@ -2,8 +2,6 @@ import { MfaFactor, SignInIdentifier, type Mfa, type SignIn } from '@logto/schem
 
 import assertThat from '#src/utils/assert-that.js';
 
-import { EnvSet } from '../../env-set/index.js';
-
 export const validateMfa = (mfa: Mfa, signIn?: SignIn) => {
   assertThat(
     new Set(mfa.factors).size === mfa.factors.length,
@@ -16,15 +14,6 @@ export const validateMfa = (mfa: Mfa, signIn?: SignIn) => {
     assertThat(mfa.factors.length > 1, 'sign_in_experiences.backup_code_cannot_be_enabled_alone');
   }
 
-  // TODO @wangsijie: Remove this guard when features are ready
-  if (
-    !EnvSet.values.isDevFeaturesEnabled &&
-    (mfa.factors.includes(MfaFactor.EmailVerificationCode) ||
-      mfa.factors.includes(MfaFactor.PhoneVerificationCode))
-  ) {
-    throw new Error('Not implemented');
-  }
-
   // Validate that email/phone verification codes are not used as both sign-in method and MFA
   if (signIn && mfa.factors.includes(MfaFactor.EmailVerificationCode)) {
     const isEmailVerificationCodeSignIn = signIn.methods.some(

packages/core/src/routes/account/index.openapi.json

@@ -147,7 +147,6 @@
       "get": {
         "operationId": "GetMfaSettings",
         "summary": "Get MFA settings",
-        "tags": ["Dev feature"],
         "description": "Get MFA settings for the user. This endpoint requires the Identities scope. Returns current MFA configuration preferences.",
         "responses": {
           "200": {
@@ -161,7 +160,6 @@
       "patch": {
         "operationId": "UpdateMfaSettings",
         "summary": "Update MFA settings",
-        "tags": ["Dev feature"],
         "description": "Update MFA settings for the user. This endpoint requires identity verification and the Identities scope. Controls whether MFA verification is required during sign-in when the user has MFA configured.",
         "responses": {
           "200": {