From dc3532e70c3edee19dca55f1fd1300f16a6d6f66 Mon Sep 17 00:00:00 2001 From: romanetar Date: Mon, 16 Jun 2025 16:57:03 +0200 Subject: [PATCH 1/3] fix: remove otp settings for service account app types Signed-off-by: romanetar --- .../js/oauth2/profile/edit_client/actions.js | 9 ++++++--- .../components/security_settings_panel.js | 17 ++++++++++------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/resources/js/oauth2/profile/edit_client/actions.js b/resources/js/oauth2/profile/edit_client/actions.js index dc33310a..94de1dbe 100644 --- a/resources/js/oauth2/profile/edit_client/actions.js +++ b/resources/js/oauth2/profile/edit_client/actions.js @@ -153,9 +153,12 @@ const normalizeEntity = (entity, entitySection) => { normEntity.pkce_enabled = entity.pkce_enabled ? 1 : 0; normEntity = normalizePKCEDependencies(normEntity); } - normEntity.otp_enabled = entity.otp_enabled ? 1 : 0; - normEntity.otp_length = entity.otp_length; - normEntity.otp_lifetime = entity.otp_lifetime; + normEntity.otp_enabled = 0; + if (entity.otp_enabled) { + normEntity.otp_enabled = 1; + normEntity.otp_length = entity.otp_length; + normEntity.otp_lifetime = entity.otp_lifetime; + } if ([appTypes.JSClient, appTypes.Native, appTypes.WebApp].includes(entity.application_type)) normEntity.max_allowed_user_sessions = entity.max_allowed_user_sessions; diff --git a/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js b/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js index ed39c0be..fe21fc14 100644 --- a/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js +++ b/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js @@ -71,13 +71,16 @@ const SecuritySettingsPanel = ( onChange={handleUsePKCEChange} /> } - + { + [appTypes.JSClient, appTypes.Native, appTypes.WebApp].includes(application_type) && + + } { formik.values.otp_enabled && <> From 5d5b218f617b9c0bb164feb2c6643aeb7c37e33d Mon Sep 17 00:00:00 2001 From: romanetar Date: Mon, 16 Jun 2025 17:39:25 +0200 Subject: [PATCH 2/3] fix: remove otp settings for service account app types Signed-off-by: romanetar --- app/Models/OAuth2/Client.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/app/Models/OAuth2/Client.php b/app/Models/OAuth2/Client.php index 5784516b..5d8601de 100644 --- a/app/Models/OAuth2/Client.php +++ b/app/Models/OAuth2/Client.php @@ -43,6 +43,12 @@ #[ORM\Cache('NONSTRICT_READ_WRITE')] // Class Client class Client extends BaseEntity implements IClient { + private static array $allowed_otp_client_types = [ + IClient::ApplicationType_JS_Client, + IClient::ApplicationType_Native, + IClient::ApplicationType_Web_App + ]; + /** * @var string */ @@ -1667,9 +1673,11 @@ public function isPasswordlessEnabled(): bool public function enablePasswordless(): void { - $this->otp_enabled = true; - $this->otp_length = intval(Config::get("otp.length")); - $this->otp_lifetime = intval(Config::get("otp.lifetime")); + if (in_array($this->getApplicationType(), self::$allowed_otp_client_types)) { + $this->otp_enabled = true; + $this->otp_length = intval(Config::get("otp.length")); + $this->otp_lifetime = intval(Config::get("otp.lifetime")); + } } public function disablePasswordless(): void From 9f80887348bdc2beca1f94ce18d52e54f26497d1 Mon Sep 17 00:00:00 2001 From: romanetar Date: Mon, 16 Jun 2025 19:45:42 +0200 Subject: [PATCH 3/3] fix: remove otp settings for service account app types Signed-off-by: romanetar --- app/Models/OAuth2/Client.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/Models/OAuth2/Client.php b/app/Models/OAuth2/Client.php index 5d8601de..c01be875 100644 --- a/app/Models/OAuth2/Client.php +++ b/app/Models/OAuth2/Client.php @@ -1673,11 +1673,13 @@ public function isPasswordlessEnabled(): bool public function enablePasswordless(): void { - if (in_array($this->getApplicationType(), self::$allowed_otp_client_types)) { - $this->otp_enabled = true; - $this->otp_length = intval(Config::get("otp.length")); - $this->otp_lifetime = intval(Config::get("otp.lifetime")); + $app_type = $this->getApplicationType(); + if (!in_array($this->getApplicationType(), self::$allowed_otp_client_types)) { + throw new ValidationException("This application type ($app_type) does not allow passwordless."); } + $this->otp_enabled = true; + $this->otp_length = intval(Config::get("otp.length")); + $this->otp_lifetime = intval(Config::get("otp.lifetime")); } public function disablePasswordless(): void