Feat/fe testing infrastructure#143
Conversation
feat(2fa): add migration for 2FA schema foundation (Phase I) feat(2fa): add UserTrustedDevice entity feat(2fa): add TwoFactorAuditLog entity feat(2fa): add UserRecoveryCode entity feat(2fa): add repository interfaces for 2FA entities feat(2fa): add Doctrine implementations for 2FA repositories feat(2fa): register 2FA repositories in service container test(2fa): add repository round-trip tests for 2FA entities
… migration for user_recovery_codes
- test: cover canLogin()=false branch in validateCredentials() unit tests - docs: document known double-query cost in validateCredentials() - fix: use consistent error message in validateCredentials()
Add tests changes with suggestion
… Audit Wiring, and 2FA Rate Limiting
Signed-off-by: romanetar <roman_ag@hotmail.com>
Signed-off-by: romanetar <roman_ag@hotmail.com>
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (96)
📝 WalkthroughWalkthroughThis PR implements Phase I two-factor authentication (email OTP) for OpenStack ID. It adds Doctrine domain models for trusted devices, recovery codes, and audit logs; Doctrine repositories; DeviceTrustService, TwoFactorAuditService, and MFAGateService; an email-OTP challenge strategy pattern; a refactored UserController MFA flow; a TwoFactorRateLimitMiddleware; a React login refactor with extracted MFA/recovery UI subcomponents; Playwright E2E tests; and Jest unit tests with a GitHub Actions CI workflow. ChangesPhase I MFA Backend
MFA Frontend Login Refactor
Test and CI Infrastructure
Sequence DiagramsequenceDiagram
participant Browser
participant UserController
participant AuthService
participant MFAGateService
participant DeviceTrustService
participant EmailOTPMFAChallengeStrategy
participant TwoFactorAuditService
Browser->>UserController: POST /auth/login (password)
UserController->>AuthService: validateCredentials(email, password)
AuthService-->>UserController: User (no session created)
UserController->>MFAGateService: requiresChallenge(user, cookieToken)
MFAGateService->>DeviceTrustService: isDeviceTrusted(user, cookieToken)
DeviceTrustService-->>MFAGateService: false
MFAGateService-->>UserController: true
UserController->>AuthService: issueMFAChallenge(user, EmailOTPStrategy)
AuthService->>EmailOTPMFAChallengeStrategy: issueChallenge(user, client, remember)
EmailOTPMFAChallengeStrategy-->>AuthService: {otp_length, otp_lifetime}
UserController->>TwoFactorAuditService: log(EventChallengeIssued)
UserController-->>Browser: 200 {error_code: mfa_required, otp_length, otp_lifetime}
Browser->>UserController: POST /auth/login/2fa/verify (otp_value, trust_device)
UserController->>AuthService: verifyMFAChallenge(user, strategy, otp_value)
AuthService->>EmailOTPMFAChallengeStrategy: verifyChallenge(user, otp_value, client)
EmailOTPMFAChallengeStrategy-->>AuthService: void (redeems OTP, revokes siblings)
UserController->>AuthService: loginUser(user, remember)
UserController->>DeviceTrustService: trustDevice(user, userAgent, ip)
DeviceTrustService-->>UserController: rawToken
UserController->>TwoFactorAuditService: log(EventChallengeSucceeded + EventDeviceTrusted)
UserController-->>Browser: redirect via login_strategy.postLogin()
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120 minutes Possibly related PRs
Suggested reviewers
Poem
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 PHPStan (2.2.2)Composer install failed: this project depends on private packages that require authentication (e.g. GitLab/GitHub, Laravel Nova, etc.). Instead, run PHPStan in a CI/CD pipeline where you can use custom packages — our pipeline remediation tool can use the PHPStan output from your CI/CD pipeline. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
📘 OpenAPI / Swagger preview ➡️ https://OpenStackweb.github.io/openstackid/openapi/pr-143/ This page is automatically updated on each push to this PR. |
ref https://app.clickup.com/t/9014802374/86bak2ur6
Summary by CodeRabbit
New Features
Bug Fixes
Documentation