feat: add mfa for non-browser

ory · Oct 19, 2021 · 4096fd3 · 4096fd3
1 parent 81da04d
commit 4096fd3
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 9 deletions.
diff --git a/driver/registry_default_settings.go b/driver/registry_default_settings.go
@@ -2,6 +2,7 @@ package driver
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/selfservice/flow/settings"
@@ -66,6 +67,7 @@ func (m *RegistryDefault) SettingsFlowErrorHandler() *settings.ErrorHandler {
 func (m *RegistryDefault) SettingsStrategies(ctx context.Context) (profileStrategies settings.Strategies) {
 	for _, strategy := range m.selfServiceStrategies() {
 		if s, ok := strategy.(settings.Strategy); ok {
+			fmt.Printf("Strategy %s is %v\n\n", s.SettingsStrategyID(), m.Config(ctx).SelfServiceStrategy(s.SettingsStrategyID()).Enabled)
 			if m.Config(ctx).SelfServiceStrategy(s.SettingsStrategyID()).Enabled {
 				profileStrategies = append(profileStrategies, s)
 			}

diff --git a/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.js b/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.js
@@ -0,0 +1,55 @@
+import {APP_URL, gen, MOBILE_URL, website} from '../../../../helpers'
+import { authenticator } from 'otplib'
+
+context('Mobile Profile', () => {
+  describe('TOTP 2FA Flow', () => {
+    before(() => {
+      cy.useConfigProfile('mobile')
+    })
+
+    describe('password', () => {
+      const email = gen.email()
+      const password = gen.password()
+
+      before(() => {
+        cy.registerApi({
+          email,
+          password,
+          fields: {'traits.website': website}
+        })
+      })
+
+      beforeEach(() => {
+        cy.loginMobile({email, password})
+        cy.visit(MOBILE_URL + '/Settings')
+      })
+
+      it('should be able to set up TOTP', () => {
+
+        cy.get('p[data-testid="text-totp_secret_key-content"]').should('exist')
+        cy.get('img[data-testid="text-totp_qr"]').should('exist')
+
+        // Set up TOTP
+        let secret
+        cy.get('p[data-testid="text-totp_secret_key-content"]').then(($e) => {
+          secret = $e.text().trim()
+        })
+        cy.get('input[name="totp_code"]').then(($e) => {
+          cy.wrap($e).type(authenticator.generate(secret))
+        })
+        cy.get('*[name="method"][value="totp"]').click()
+        cy.get('form .messages .message').should(
+          'contain.text',
+          'Your changes have been saved!'
+        )
+        cy.get('p[data-testid="text-totp_secret_key-content"]').should(
+          'not.exist'
+        )
+        cy.get('img[data-testid="text-totp_qr"]').should('not.exist')
+        cy.get('*[name="method"][value="totp"]').should('not.exist')
+        cy.get('*[name="totp_unlink"]').should('exist')
+
+      })
+    })
+  })
+})
diff --git a/test/e2e/profiles/kratos.base.yml b/test/e2e/profiles/kratos.base.yml
@@ -31,6 +31,12 @@ selfservice:
 serve:
   public:
     base_url: http://localhost:4455/
+    cors:
+      enabled: true
+      allowed_headers:
+        - Authorization
+        - Content-Type
+        - X-Session-Token
   admin:
     base_url: http://kratos:4434/
 

diff --git a/test/e2e/profiles/mobile/.kratos.yml b/test/e2e/profiles/mobile/.kratos.yml
@@ -1,12 +1,3 @@
-serve:
-  public:
-    cors:
-      enabled: true
-      allowed_headers:
-        - Authorization
-        - Content-Type
-        - X-Session-Token
-
 selfservice:
   flows:
     settings:
@@ -23,6 +14,21 @@ selfservice:
             -
               hook: session
 
+  methods:
+    totp:
+      enabled: true
+      config:
+        issuer: issuer.ory.sh
+    lookup_secret:
+      enabled: true
+    webauthn:
+      enabled: true
+      config:
+        rp:
+          id: localhost
+          origin: http://localhost:4455
+          display_name: Ory
+
 identity:
   default_schema_url: file://test/e2e/profiles/email/identity.traits.schema.json