feat: add support for recovery on native flows (ory#3273)

---------

Co-authored-by: Henning Perl <[email protected]>
Co-authored-by: Alano Terblanche <[email protected]>
Co-authored-by: aeneasr <[email protected]>

.github/workflows/ci.yaml

@@ -246,6 +246,7 @@ jobs:
       TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true"
       TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable"
     strategy:
+      fail-fast: false
       matrix:
         database: ["postgres", "cockroach", "sqlite", "mysql"]
     steps:
@@ -323,6 +324,13 @@ jobs:
         with:
           name: logs
           path: test/e2e/*.e2e.log
+      - if: failure()
+        uses: actions/upload-artifact@v2
+        with:
+          name: playwright-test-results-${{ github.sha }}
+          path: |
+            test/e2e/test-results/
+            test/e2e/playwright-report/
 
   docs-cli:
     runs-on: ubuntu-latest

.github/workflows/format.yml

@@ -2,7 +2,7 @@ name: Format
 
 on:
   pull_request:
-  push:
+  merge_group:
 
 jobs:
   format:

.schema/openapi/patches/schema.yaml

@@ -41,9 +41,13 @@
     mapping:
       show_verification_ui: "#/components/schemas/continueWithVerificationUi"
       set_ory_session_token: "#/components/schemas/continueWithSetOrySessionToken"
+      show_settings_ui: "#/components/schemas/continueWithSettingsUi"
+      show_recovery_ui: "#/components/schemas/continueWithRecoveryUi"
 
 - op: add
   path: /components/schemas/continueWith/oneOf
   value:
     - "$ref": "#/components/schemas/continueWithVerificationUi"
     - "$ref": "#/components/schemas/continueWithSetOrySessionToken"
+    - "$ref": "#/components/schemas/continueWithSettingsUi"
+    - "$ref": "#/components/schemas/continueWithRecoveryUi"

contrib/quickstart/kratos/email-password/kratos.yml

@@ -14,6 +14,8 @@ selfservice:
   default_browser_return_url: http://127.0.0.1:4455/
   allowed_return_urls:
     - http://127.0.0.1:4455
+    - http://localhost:19006/Callback
+    - exp://localhost:8081/--/Callback
 
   methods:
     password:

driver/config/config.go

@@ -113,6 +113,7 @@ const (
 	ViperKeySessionTokenizerTemplates                        = "session.whoami.tokenizer.templates"
 	ViperKeySessionWhoAmIAAL                                 = "session.whoami.required_aal"
 	ViperKeySessionWhoAmICaching                             = "feature_flags.cacheable_sessions"
+	ViperKeyUseContinueWithTransitions                       = "feature_flags.use_continue_with_transitions"
 	ViperKeySessionRefreshMinTimeLeft                        = "session.earliest_possible_extend"
 	ViperKeyCookieSameSite                                   = "cookies.same_site"
 	ViperKeyCookieDomain                                     = "cookies.domain"
@@ -594,7 +595,7 @@ func (p *Config) PublicSocketPermission(ctx context.Context) *configx.UnixPermis
 	return &configx.UnixPermission{
 		Owner: pp.String(ViperKeyPublicSocketOwner),
 		Group: pp.String(ViperKeyPublicSocketGroup),
-		Mode:  os.FileMode(pp.IntF(ViperKeyPublicSocketMode, 0755)),
+		Mode:  os.FileMode(pp.IntF(ViperKeyPublicSocketMode, 0o755)),
 	}
 }
 
@@ -603,7 +604,7 @@ func (p *Config) AdminSocketPermission(ctx context.Context) *configx.UnixPermiss
 	return &configx.UnixPermission{
 		Owner: pp.String(ViperKeyAdminSocketOwner),
 		Group: pp.String(ViperKeyAdminSocketGroup),
-		Mode:  os.FileMode(pp.IntF(ViperKeyAdminSocketMode, 0755)),
+		Mode:  os.FileMode(pp.IntF(ViperKeyAdminSocketMode, 0o755)),
 	}
 }
 
@@ -1309,6 +1310,10 @@ func (p *Config) SessionWhoAmICaching(ctx context.Context) bool {
 	return p.GetProvider(ctx).Bool(ViperKeySessionWhoAmICaching)
 }
 
+func (p *Config) UseContinueWithTransitions(ctx context.Context) bool {
+	return p.GetProvider(ctx).Bool(ViperKeyUseContinueWithTransitions)
+}
+
 func (p *Config) SessionRefreshMinTimeLeft(ctx context.Context) time.Duration {
 	return p.GetProvider(ctx).DurationF(ViperKeySessionRefreshMinTimeLeft, p.SessionLifespan(ctx))
 }

driver/registry_default_recovery.go

@@ -48,7 +48,7 @@ func (m *RegistryDefault) GetActiveRecoveryStrategy(ctx context.Context) (recove
 	s, err := m.RecoveryStrategies(ctx).Strategy(as)
 	if err != nil {
 		return nil, errors.WithStack(herodot.ErrBadRequest.
-			WithReasonf("The active recovery strategy %s is not enabled. Please enable it in the configuration.", as))
+			WithReasonf("You attempted recovery using %s, which is not enabled or does not exist. An administrator needs to enable this recovery method.", as))
 	}
 	return s, nil
 }

embedx/config.schema.json

@@ -2647,6 +2647,12 @@
           "title": "Enable Ory Sessions caching",
           "description": "If enabled allows Ory Sessions to be cached. Only effective in the Ory Network.",
           "default": false
+        },
+        "use_continue_with_transitions": {
+          "type": "boolean",
+          "title": "Enable new flow transitions using `continue_with` items",
+          "description": "If enabled allows new flow transitions using `continue_with` items.",
+          "default": false
         }
       },
       "additionalProperties": false

internal/client-go/.openapi-generator/FILES

@@ -13,7 +13,11 @@ docs/AuthenticatorAssuranceLevel.md
 docs/BatchPatchIdentitiesResponse.md
 docs/ConsistencyRequestParameters.md
 docs/ContinueWith.md
+docs/ContinueWithRecoveryUi.md
+docs/ContinueWithRecoveryUiFlow.md
 docs/ContinueWithSetOrySessionToken.md
+docs/ContinueWithSettingsUi.md
+docs/ContinueWithSettingsUiFlow.md
 docs/ContinueWithVerificationUi.md
 docs/ContinueWithVerificationUiFlow.md
 docs/CourierApi.md
@@ -131,7 +135,11 @@ model_authenticator_assurance_level.go
 model_batch_patch_identities_response.go
 model_consistency_request_parameters.go
 model_continue_with.go
+model_continue_with_recovery_ui.go
+model_continue_with_recovery_ui_flow.go
 model_continue_with_set_ory_session_token.go
+model_continue_with_settings_ui.go
+model_continue_with_settings_ui_flow.go
 model_continue_with_verification_ui.go
 model_continue_with_verification_ui_flow.go
 model_courier_message_status.go

internal/client-go/README.md

@@ -107,7 +107,7 @@ Class | Method | HTTP request | Description
 *FrontendApi* | [**ToSession**](docs/FrontendApi.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To
 *FrontendApi* | [**UpdateLoginFlow**](docs/FrontendApi.md#updateloginflow) | **Post** /self-service/login | Submit a Login Flow
 *FrontendApi* | [**UpdateLogoutFlow**](docs/FrontendApi.md#updatelogoutflow) | **Get** /self-service/logout | Update Logout Flow
-*FrontendApi* | [**UpdateRecoveryFlow**](docs/FrontendApi.md#updaterecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow
+*FrontendApi* | [**UpdateRecoveryFlow**](docs/FrontendApi.md#updaterecoveryflow) | **Post** /self-service/recovery | Update Recovery Flow
 *FrontendApi* | [**UpdateRegistrationFlow**](docs/FrontendApi.md#updateregistrationflow) | **Post** /self-service/registration | Update Registration Flow
 *FrontendApi* | [**UpdateSettingsFlow**](docs/FrontendApi.md#updatesettingsflow) | **Post** /self-service/settings | Complete Settings Flow
 *FrontendApi* | [**UpdateVerificationFlow**](docs/FrontendApi.md#updateverificationflow) | **Post** /self-service/verification | Complete Verification Flow
@@ -140,7 +140,11 @@ Class | Method | HTTP request | Description
  - [BatchPatchIdentitiesResponse](docs/BatchPatchIdentitiesResponse.md)
  - [ConsistencyRequestParameters](docs/ConsistencyRequestParameters.md)
  - [ContinueWith](docs/ContinueWith.md)
+ - [ContinueWithRecoveryUi](docs/ContinueWithRecoveryUi.md)
+ - [ContinueWithRecoveryUiFlow](docs/ContinueWithRecoveryUiFlow.md)
  - [ContinueWithSetOrySessionToken](docs/ContinueWithSetOrySessionToken.md)
+ - [ContinueWithSettingsUi](docs/ContinueWithSettingsUi.md)
+ - [ContinueWithSettingsUiFlow](docs/ContinueWithSettingsUiFlow.md)
  - [ContinueWithVerificationUi](docs/ContinueWithVerificationUi.md)
  - [ContinueWithVerificationUiFlow](docs/ContinueWithVerificationUiFlow.md)
  - [CourierMessageStatus](docs/CourierMessageStatus.md)