Merge branch 'hperl/glorious-passkeys' of ssh://github.com/ory/kratos…

… into hperl/glorious-passkeys
ory · Feb 13, 2024 · ee7cf27 · ee7cf27
2 parents f5eff53 + 83a23b0
commit ee7cf27
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 0 deletions.
diff --git a/contrib/quickstart/kratos/all-strategies/kratos.yml b/contrib/quickstart/kratos/all-strategies/kratos.yml
@@ -75,7 +75,11 @@ selfservice:
       lifespan: 10m
 
     registration:
+<<<<<<< Updated upstream
       two_steps: true
+=======
+      enable_legacy_flow: true
+>>>>>>> Stashed changes
       lifespan: 10m
       ui_url: http://localhost:4455/registration
       after:

diff --git a/driver/config/config.go b/driver/config/config.go
@@ -126,7 +126,14 @@ const (
 	ViperKeyURLsAllowedReturnToDomains                       = "selfservice.allowed_return_urls"
 	ViperKeySelfServiceRegistrationEnabled                   = "selfservice.flows.registration.enabled"
 	ViperKeySelfServiceRegistrationLoginHints                = "selfservice.flows.registration.login_hints"
+<<<<<<< Updated upstream
 	ViperKeySelfServiceRegistrationTwoSteps                  = "selfservice.flows.registration.two_steps"
+=======
+<<<<<<< Updated upstream
+=======
+	ViperKeySelfServiceRegistrationTwoSteps                  = "selfservice.flows.registration.enable_legacy_flow"
+>>>>>>> Stashed changes
+>>>>>>> Stashed changes
 	ViperKeySelfServiceRegistrationUI                        = "selfservice.flows.registration.ui_url"
 	ViperKeySelfServiceRegistrationRequestLifespan           = "selfservice.flows.registration.lifespan"
 	ViperKeySelfServiceRegistrationAfter                     = "selfservice.flows.registration.after"
@@ -670,10 +677,20 @@ func (p *Config) SelfServiceFlowRegistrationLoginHints(ctx context.Context) bool
 	return p.GetProvider(ctx).Bool(ViperKeySelfServiceRegistrationLoginHints)
 }
 
+<<<<<<< Updated upstream
 func (p *Config) SelfServiceFlowRegistrationTwoSteps(ctx context.Context) bool {
 	return p.GetProvider(ctx).BoolF(ViperKeySelfServiceRegistrationTwoSteps, false)
 }
 
+=======
+<<<<<<< Updated upstream
+=======
+func (p *Config) SelfServiceFlowRegistrationTwoSteps(ctx context.Context) bool {
+	return !p.GetProvider(ctx).BoolF(ViperKeySelfServiceRegistrationTwoSteps, false)
+}
+
+>>>>>>> Stashed changes
+>>>>>>> Stashed changes
 func (p *Config) SelfServiceFlowVerificationEnabled(ctx context.Context) bool {
 	return p.GetProvider(ctx).Bool(ViperKeySelfServiceVerificationEnabled)
 }

diff --git a/embedx/config.schema.json b/embedx/config.schema.json
@@ -1238,12 +1238,24 @@
                 },
                 "after": {
                   "$ref": "#/definitions/selfServiceAfterRegistration"
+<<<<<<< Updated upstream
                 },
                 "two_steps": {
                   "type": "boolean",
                   "title": "Two-step registration",
                   "description": "When set to true, the user first fills in the traits in the first screen and then chooses a credential to sign up with in the second screen.",
                   "default": false
+=======
+<<<<<<< Updated upstream
+=======
+                },
+                "enable_legacy_flow": {
+                  "type": "boolean",
+                  "title": "Disable two-step registration",
+                  "description": "Two-step registration is a significantly improved sign up flow and recommended when using more than one sign up methods. To revert to one-step registration, set this to `true`.",
+                  "default": true
+>>>>>>> Stashed changes
+>>>>>>> Stashed changes
                 }
               }
             },

diff --git a/identity/credentials_webauthn_test.go b/identity/credentials_webauthn_test.go
@@ -4,6 +4,7 @@
 package identity
 
 import (
+	"github.com/stretchr/testify/require"
 	"testing"
 
 	"github.com/go-webauthn/webauthn/webauthn"
@@ -47,3 +48,16 @@ func TestCredentialConversion(t *testing.T) {
 	fromWebAuthn = CredentialFromWebAuthn(expected, false)
 	assert.Equal(t, "Google Password Manager", fromWebAuthn.DisplayName)
 }
+
+func TestPasswordlessOnly(t *testing.T) {
+	a := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte("a")}, false)
+	b := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte("b")}, false)
+	c := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte("c")}, true)
+	d := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte("d")}, false)
+	e := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte("e")}, true)
+	expected := CredentialsWebAuthn{a, b, c, d, e}
+
+	actual := expected.PasswordlessOnly()
+	require.Len(t, actual, 2)
+	assert.Equal(t, []webauthn.Credential{*c.ToWebAuthn(), *e.ToWebAuthn()}, actual)
+}
diff --git a/test/e2e/profiles/passkey/identity.traits.schema.json b/test/e2e/profiles/passkey/identity.traits.schema.json
@@ -17,6 +17,12 @@
               "password": {
                 "identifier": true
               },
+<<<<<<< Updated upstream
+=======
+              "webauthn": {
+                "identifier": true
+              },
+>>>>>>> Stashed changes
               "passkey": {
                 "display_name": true
               }
@@ -30,7 +36,11 @@
           "minLength": 10
         }
       },
+<<<<<<< Updated upstream
       "required": ["email", "website"],
+=======
+      "required": ["email"],
+>>>>>>> Stashed changes
       "additionalProperties": false
     }
   }

diff --git a/test/e2e/profiles/two-steps/.kratos.yml b/test/e2e/profiles/two-steps/.kratos.yml
@@ -10,7 +10,11 @@ selfservice:
         default_browser_return_url: http://localhost:4455/login
 
     registration:
+<<<<<<< Updated upstream
       two_steps: true
+=======
+      enable_legacy_flow: false
+>>>>>>> Stashed changes
       ui_url: http://localhost:4455/registration
       after:
         password: