feat: allow admin to create API code recovery flows

ory · May 29, 2024 · 550198b · 550198b
1 parent de8e59c
commit 550198b
Show file tree

Hide file tree

Showing 10 changed files with 194 additions and 74 deletions.
diff --git a/internal/client-go/model_create_recovery_code_for_identity_body.go b/internal/client-go/model_create_recovery_code_for_identity_body.go
diff --git a/internal/httpclient/model_create_recovery_code_for_identity_body.go b/internal/httpclient/model_create_recovery_code_for_identity_body.go
diff --git a/selfservice/flow/type.go b/selfservice/flow/type.go
@@ -22,3 +22,11 @@ func (t Type) IsBrowser() bool {
 func (t Type) IsAPI() bool {
 	return t == TypeAPI
 }
+
+func (t Type) Valid() bool {
+	switch t {
+	case TypeAPI, TypeBrowser:
+		return true
+	}
+	return false
+}
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
@@ -161,9 +161,8 @@ func (s *Strategy) Recover(w http.ResponseWriter, r *http.Request, f *recovery.F
 	}
 
 	switch recoveryFlow.State {
-	case flow.StateChooseMethod:
-		fallthrough
-	case flow.StateEmailSent:
+	case flow.StateChooseMethod,
+		flow.StateEmailSent:
 		return s.recoveryHandleFormSubmission(w, r, recoveryFlow, body)
 	case flow.StatePassedChallenge:
 		// was already handled, do not allow retry
@@ -237,9 +236,7 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
 
 	if s.deps.Config().UseContinueWithTransitions(ctx) {
 		switch {
-		case f.Type.IsAPI():
-			fallthrough
-		case x.IsJSONRequest(r):
+		case f.Type.IsAPI(), x.IsJSONRequest(r):
 			f.ContinueWith = append(f.ContinueWith, flow.NewContinueWithSettingsUI(sf))
 			s.deps.Writer().Write(w, r, f)
 		default:

diff --git a/selfservice/strategy/code/strategy_recovery_admin.go b/selfservice/strategy/code/strategy_recovery_admin.go
@@ -73,6 +73,13 @@ type createRecoveryCodeForIdentityBody struct {
 	//	- 1m
 	//	- 1s
 	ExpiresIn string `json:"expires_in"`
+
+	// Flow Type
+	//
+	// The flow type for the recovery flow. Defaults to browser.
+	//
+	// required: false
+	FlowType *flow.Type `json:"flow_type"`
 }
 
 // Recovery Code for Identity
@@ -149,12 +156,21 @@ func (s *Strategy) createRecoveryCodeForIdentity(w http.ResponseWriter, r *http.
 		}
 	}
 
-	if time.Now().Add(expiresIn).Before(time.Now()) {
-		s.deps.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Value from "expires_in" must result to a future time: %s`, p.ExpiresIn)))
+	if expiresIn <= 0 {
+		s.deps.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Value from "expires_in" must result to a future time: %s`, expiresIn)))
+		return
+	}
+
+	flowType := flow.TypeBrowser
+	if p.FlowType != nil {
+		flowType = *p.FlowType
+	}
+	if !flowType.Valid() {
+		s.deps.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Value from "flow_type" is not valid: %q`, flowType)))
 		return
 	}
 
-	recoveryFlow, err := recovery.NewFlow(config, expiresIn, s.deps.GenerateCSRFToken(r), r, s, flow.TypeBrowser)
+	recoveryFlow, err := recovery.NewFlow(config, expiresIn, s.deps.GenerateCSRFToken(r), r, s, flowType)
 	if err != nil {
 		s.deps.Writer().WriteError(w, r, err)
 		return