chore: re-add WithIdentifier (#3992)

ory · Jul 10, 2024 · 0da0c9b · 0da0c9b
1 parent e070b27
commit 0da0c9b
Show file tree

Hide file tree

Showing 9 changed files with 102 additions and 3 deletions.
diff --git a/selfservice/flow/login/strategy_form_hydrator.go b/selfservice/flow/login/strategy_form_hydrator.go
@@ -41,6 +41,7 @@ var ErrBreakLoginPopulate = errors.New("skip rest of login form population")
 
 type FormHydratorOptions struct {
 	IdentityHint *identity.Identity
+	Identifier   string
 }
 
 type FormHydratorModifier func(o *FormHydratorOptions)
@@ -51,6 +52,12 @@ func WithIdentityHint(i *identity.Identity) FormHydratorModifier {
 	}
 }
 
+func WithIdentifier(i string) FormHydratorModifier {
+	return func(o *FormHydratorOptions) {
+		o.Identifier = i
+	}
+}
+
 func NewFormHydratorOptions(modifiers []FormHydratorModifier) *FormHydratorOptions {
 	o := new(FormHydratorOptions)
 	for _, m := range modifiers {

diff --git a/selfservice/flow/login/strategy_form_hydrator_test.go b/selfservice/flow/login/strategy_form_hydrator_test.go
@@ -16,3 +16,9 @@ func TestWithIdentityHint(t *testing.T) {
 	opts := NewFormHydratorOptions([]FormHydratorModifier{WithIdentityHint(expected)})
 	assert.Equal(t, expected, opts.IdentityHint)
 }
+
+func TestWithIdentifier(t *testing.T) {
+	expected := "identifier"
+	opts := NewFormHydratorOptions([]FormHydratorModifier{WithIdentifier(expected)})
+	assert.Equal(t, expected, opts.Identifier)
+}
diff --git a/selfservice/strategy/code/strategy_login_test.go b/selfservice/strategy/code/strategy_login_test.go
@@ -922,7 +922,7 @@ func TestFormHydration(t *testing.T) {
 						configtesthelpers.WithConfigValue(mfaEnabled, config.ViperKeySecurityAccountEnumerationMitigate, true),
 						t,
 					)
-					require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f), idfirst.ErrNoCredentialsFound)
+					require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
 					toSnapshot(t, f)
 				})
 
@@ -931,7 +931,7 @@ func TestFormHydration(t *testing.T) {
 						configtesthelpers.WithConfigValue(passwordlessEnabled, config.ViperKeySecurityAccountEnumerationMitigate, true),
 						t,
 					)
-					require.NoError(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f))
+					require.NoError(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")))
 					toSnapshot(t, f)
 				})
 			})

diff --git a/selfservice/strategy/idfirst/strategy_login.go b/selfservice/strategy/idfirst/strategy_login.go
@@ -87,6 +87,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow,
 
 	// Add identity hint
 	opts = append(opts, login.WithIdentityHint(identityHint))
+	opts = append(opts, login.WithIdentifier(p.Identifier))
 
 	didPopulate := false
 	for _, ls := range s.d.LoginStrategies(r.Context()) {

diff --git a/selfservice/strategy/idfirst/strategy_login_test.go b/selfservice/strategy/idfirst/strategy_login_test.go
@@ -549,6 +549,12 @@ func TestFormHydration(t *testing.T) {
 			toSnapshot(t, f)
 		})
 
+		t.Run("case=WithIdentifier", func(t *testing.T) {
+			r, f := newFlow(ctx, t)
+			require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+			toSnapshot(t, f)
+		})
+
 		t.Run("case=WithIdentityHint", func(t *testing.T) {
 			t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
 				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, true)

diff --git a/selfservice/strategy/oidc/strategy_login_test.go b/selfservice/strategy/oidc/strategy_login_test.go
@@ -120,6 +120,12 @@ func TestFormHydration(t *testing.T) {
 			toSnapshot(t, f)
 		})
 
+		t.Run("case=WithIdentifier", func(t *testing.T) {
+			r, f := newFlow(ctx, t)
+			require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+			toSnapshot(t, f)
+		})
+
 		t.Run("case=WithIdentityHint", func(t *testing.T) {
 			t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
 				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, true)

diff --git a/selfservice/strategy/passkey/passkey_login_test.go b/selfservice/strategy/passkey/passkey_login_test.go
@@ -415,6 +415,22 @@ func TestFormHydration(t *testing.T) {
 			})
 		})
 
+		t.Run("case=WithIdentifier", func(t *testing.T) {
+			t.Run("case=account enumeration mitigation disabled", func(t *testing.T) {
+				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, false)
+				r, f := newFlow(ctx, t)
+				require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+				toSnapshot(t, f)
+			})
+
+			t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
+				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, true)
+				r, f := newFlow(ctx, t)
+				require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+				toSnapshot(t, f)
+			})
+		})
+
 		t.Run("case=WithIdentityHint", func(t *testing.T) {
 			t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
 				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, true)

diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go
@@ -1019,7 +1019,6 @@ func TestCompleteLogin(t *testing.T) {
 			},
 			expectSuccess: false,
 		}} {
-
 			t.Run("case="+tc.name, func(t *testing.T) {
 				if tc.setupFn != nil {
 					cleanup := tc.setupFn()
@@ -1172,6 +1171,22 @@ func TestFormHydration(t *testing.T) {
 			})
 		})
 
+		t.Run("case=WithIdentifier", func(t *testing.T) {
+			t.Run("case=account enumeration mitigation disabled", func(t *testing.T) {
+				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, false)
+				r, f := newFlow(ctx, t)
+				require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+				toSnapshot(t, f)
+			})
+
+			t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
+				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, true)
+				r, f := newFlow(ctx, t)
+				require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+				toSnapshot(t, f)
+			})
+		})
+
 		t.Run("case=WithIdentityHint", func(t *testing.T) {
 			t.Run("case=account enumeration mitigation enabled and identity has no password", func(t *testing.T) {
 				ctx := configtesthelpers.WithConfigValue(ctx, config.ViperKeySecurityAccountEnumerationMitigate, true)

diff --git a/selfservice/strategy/webauthn/login_test.go b/selfservice/strategy/webauthn/login_test.go
@@ -810,6 +810,48 @@ func TestFormHydration(t *testing.T) {
 			})
 		})
 
+		t.Run("case=WithIdentifier", func(t *testing.T) {
+			t.Run("case=passwordless enabled", func(t *testing.T) {
+				t.Run("case=account enumeration mitigation disabled", func(t *testing.T) {
+					r, f := newFlow(
+						configtesthelpers.WithConfigValue(passwordlessEnabled, config.ViperKeySecurityAccountEnumerationMitigate, false),
+						t,
+					)
+					require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+					toSnapshot(t, f)
+				})
+
+				t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
+					r, f := newFlow(
+						configtesthelpers.WithConfigValue(passwordlessEnabled, config.ViperKeySecurityAccountEnumerationMitigate, true),
+						t,
+					)
+					require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+					toSnapshot(t, f)
+				})
+			})
+
+			t.Run("case=mfa enabled", func(t *testing.T) {
+				t.Run("case=account enumeration mitigation disabled", func(t *testing.T) {
+					r, f := newFlow(
+						configtesthelpers.WithConfigValue(mfaEnabled, config.ViperKeySecurityAccountEnumerationMitigate, false),
+						t,
+					)
+					require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+					toSnapshot(t, f)
+				})
+
+				t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
+					r, f := newFlow(
+						configtesthelpers.WithConfigValue(mfaEnabled, config.ViperKeySecurityAccountEnumerationMitigate, true),
+						t,
+					)
+					require.ErrorIs(t, fh.PopulateLoginMethodIdentifierFirstCredentials(r, f, login.WithIdentifier("[email protected]")), idfirst.ErrNoCredentialsFound)
+					toSnapshot(t, f)
+				})
+			})
+		})
+
 		t.Run("case=WithIdentityHint", func(t *testing.T) {
 			t.Run("case=account enumeration mitigation enabled", func(t *testing.T) {
 				mfaEnabled := configtesthelpers.WithConfigValue(mfaEnabled, config.ViperKeySecurityAccountEnumerationMitigate, true)