Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IsTfaEnabled #45874

Closed
cheng93 opened this issue Jan 4, 2023 · 11 comments · Fixed by #46258
Closed

IsTfaEnabled #45874

cheng93 opened this issue Jan 4, 2023 · 11 comments · Fixed by #46258
Assignees
@HaoK
Labels
api-approved API was approved in API review, it can be implemented area-identity Includes: Identity and providers help wanted Up for grabs. We would accept a PR to help resolve this issue
Milestone
8.0-preview2

Comments

@cheng93
Copy link
Contributor

cheng93 commented Jan 4, 2023

https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Core/src/SignInManager.cs#L765

Any reason why this is private? Could it be made protected?

Use case is I want to override methods that calls it, however as it's private, I have no access
@Tratcher Tratcher added the area-identity Includes: Identity and providers label Jan 4, 2023
@captainsafia
Copy link
Member

Triage: It looks like the link that you pasted might be incorrect. Can you clarify what property/method you are wanting to make protected and why?

I assume that you are referring to https://source.dot.net/#Microsoft.AspNetCore.Identity/SignInManager.cs,744.

If so, a PR is welcome.

@captainsafia captainsafia added the Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. label Jan 12, 2023
@ghost
Copy link

ghost commented Jan 12, 2023

Hi @cheng93. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

@cheng93
Copy link
Contributor Author

cheng93 commented Jan 13, 2023

Yes it is, looks like some code was committed which shifted it.

Will create a PR

@ghost ghost added Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. and removed Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. labels Jan 13, 2023
@cheng93
Copy link
Contributor Author

cheng93 commented Jan 13, 2023
edited by captainsafia

Summary

Change accessibility of IsTfaEnabled in SignInManager

Motivation and goals

- private async Task<bool> IsTfaEnabled(TUser user) {}
+ public async Task<bool> IsTwoFactorEnabled(TUser user) {}

In scope

  • Overriding methods that depend on IsTwoFactorEnabled will not be able to call it due to it being private, such as TwoFactorAuthenticatorSignInAsync
  • May want to check explicitly where IsTwoFactorEnabled for a user in a controller/service

Out of scope

Scenarios you explicitly want to exclude.

Risks / unknowns

How might developers misinterpret/misuse this? How might implementing it restrict us from other enhancements in the future? Also list any perf/security/correctness concerns.

Examples

// overriding
public override async Task<SignInResult> TwoFactorAuthenticatorSignInAsync(string code, bool isPersistent, bool rememberClient)
{
    var user = GetUser()
    if (IsTwoFactorEnabled(user)) // here it is called
    {
    }  
}
// publicly used
public async Task<IActionResult> OnGet()
{
    var user = GetUser();
    if (!await signInManager.IsTwoFactorEnabled(user))
    {
        return RedirectToSetupTwoFactor()
    }
}

@HaoK
Copy link
Member

HaoK commented Jan 18, 2023

So if we are going to make this public, it probably should be a spelled out i.e. IsTwoFactorEnabledAsync(TUser)

@HaoK HaoK added help wanted Up for grabs. We would accept a PR to help resolve this issue and removed Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. labels Jan 18, 2023
@HaoK HaoK added this to the .NET 8 Planning milestone Jan 18, 2023
@ghost
Copy link

ghost commented Jan 18, 2023

Thanks for contacting us.

We're moving this issue to the .NET 8 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

@cheng93
Copy link
Contributor Author

cheng93 commented Jan 18, 2023

I can submit PR if given the green light :)

@HaoK
Copy link
Member

HaoK commented Jan 18, 2023

Sure submit a PR and I'll review it

@captainsafia captainsafia added the api-ready-for-review API is ready for formal API review - https://github.com/dotnet/apireviews label Jan 19, 2023
@ghost
Copy link

ghost commented Jan 19, 2023

Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:

  • The PR contains changes to the reference-assembly that describe the API change. Or, you have included a snippet of reference-assembly-style code that illustrates the API change.
  • The PR describes the impact to users, both positive (useful new APIs) and negative (breaking changes).
  • Someone is assigned to "champion" this change in the meeting, and they understand the impact and design of the change.

@captainsafia
Copy link
Member

I updated the API issue comment and added the label so we can review this while the PR comes in.

@cheng93 cheng93 mentioned this issue Jan 25, 2023
Merged
4 tasks
@halter73
Copy link
Member

halter73 commented Jan 30, 2023
edited

API Review Notes:

  • Could this API be protected instead of public? Public usage is demonstrated in the example, so it looks like yes.
  • Does this support more than two factors? Should it be called IsMultiFactorEnabledAsync? No. TwoFactor is already used in other APIs, so let's stick with that.
  • Edit: I copied the wrong method name. We definitely want to suffix it with "Async".

API Approved!

namespace Microsoft.AspNetCore.Identity;

public class SignInManager<TUser> where TUser : class
{
-     private async Task<bool> IsTfaEnabled(TUser user) {}
+     public virtual async Task<bool> IsTwoFactorEnabledAsync(TUser user) {}
}

@halter73 halter73 added api-approved API was approved in API review, it can be implemented and removed api-ready-for-review API is ready for formal API review - https://github.com/dotnet/apireviews labels Jan 30, 2023
@HaoK HaoK modified the milestones: .NET 8 Planning, 8.0-preview2 Jan 30, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Mar 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@HaoK HaoK

Labels
api-approved API was approved in API review, it can be implemented area-identity Includes: Identity and providers help wanted Up for grabs. We would accept a PR to help resolve this issue
Projects
None yet
Milestone
8.0-preview2
Development

Successfully merging a pull request may close this issue.

Change IsTfaEnabled to IsTwoFactorEnabledAsync cheng93/aspnetcore
5 participants
@halter73 @Tratcher @captainsafia @HaoK @cheng93