-
Notifications
You must be signed in to change notification settings - Fork 514
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Make TOTP a paid feature and report stats #589
Merged
rishabhpoddar
merged 4 commits into
feat/totp-inmemory
from
feat/totp-ee-feature-and-stats
Mar 23, 2023
Merged
feat: Make TOTP a paid feature and report stats #589
rishabhpoddar
merged 4 commits into
feat/totp-inmemory
from
feat/totp-ee-feature-and-stats
Mar 23, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KShivendu
force-pushed
the
feat/totp-ee-feature-and-stats
branch
from
March 22, 2023 14:17
bdf72d0
to
3d50c06
Compare
rishabhpoddar
requested changes
Mar 22, 2023
KShivendu
commented
Mar 23, 2023
9 tasks
* refactor: Use internal supertokens user id in TOTP APIs * test: Add test for user id mapping in TOTP APIs
rishabhpoddar
added a commit
that referenced
this pull request
Mar 27, 2023
* feat: Implement TOTP inmemory classes * feat: Create tables and indexes for TOTP * refactor: Remove comments and unused code * feat: Throws expected exceptions from totp in memory implementation with tests * feat: Fix TOTP.java and inmemory implementation * feat: Improvemnts in TOTP in memory implementation * feat: Improve tests and used code handling logic * feat: Improve TOTP inmemorydb queries * refactor: Use compound foreign key in totp_used_codes table and fix order of init params in TOTPDevice * fix: Remove related used codes when a user device is being deleted * feat(totp): Add cron to remove expired codes and improve tests * feat: Add java-otp as a dependency * feat: Introduce totp_users to keep track of users who have more than one TOTP device * test: Use equals function for cleaner code * feat: Improve TOTP recipe - Add created_time_ms - Run cron to delete expired used tokens - Add feature to delete all TOTP data on user deletion - Simulate foreign key constraint in totp_used_codes for inmemorydb - Refactor and clean TOTP.java code - Use java-totp to generate secret key and verify code - Add and update tests * feat: Improve TOTP recipe - Add config for totp_rate_limit_window_size - Improve function names and return types - Use `is_valid` for totp_used_code - Expose function to generate TOTP code for tests to use * refactor: Remove device_name from totp_used_codes table Every used code is only linked to the user now. No concept of code to device linking. So removed device_name. * feat: Improve TOTP recipe - Improve rate limiting and device removal logic - Add config for TOTP rate limting - Properly use transactions - Add/update tests * feat: Improve TOTP recipe - Use device period in totp generation and validation - Add tests to cover most edge cases of Totp.java - Fix overriding of totp_rate_limit_cooldown_sec - Add tests for TOTP cron - Add comments for edge cases and readability - Introduce totp_invalid_code_expiry_sec config * feat: Improve TOTP rate limiting - Query all codes instead of only expired ones - Remove redundant deleteAllDataForUser from TOTPQueries - Move TOTP code generation to tests - Add logging to DeleteExpriedTotoTokens cron * refactor: Remove redundant method deleteAllTotpDataForUser * feat: Add APIs for TOTP recipe - Add APIs with input validation and error handling - Refactor LimitReachedException to store Retry-After header * feat: Improve TOTP recipe - Remove unused code and improve var names - Use lock for getDevicesCount Txn - Clearly explain rate limiting logic - Add test for invalid totp core config - Merge create and update TOTP device API functions - Bubble up error from removeUserTxn on deleteUser * refactor: Remove created_time index from totp_used_codes table * refactor: Remove foreign key constraint emulation in TOTP We have now enabled foreign key constraints in inmemory db * feat: Improve TOTP recipe - Set totp code column size to 8 in DB - Introduce UsedCodeAlreadyExistsException - Improve comments - Improve input parsing API layer - Only remove expired totp codes after cooldown - Add primary key to TOTP used codes table - Use max expiry instead of totp_invalid_code_expiry_time - Use BadRequestException in TOTP API layer * feat: Improve TOTP recipe - Fix totp cron - Update tests - Use base32 - Use transaction for check and store code * feat: Improve TOTP implementation - Use locks while verifying and storing code - Improve var names - Retry checkAndStore code on failure due to primary key - Update tests * refactor: Adjust order of columns in totp_used_codes table * feat: Improve TOTP implementation - Add CHECK constraints in totp used codes table - Supress InterruptedException error and retry - Send 200 with retryAfter in body instead of 429 - Seperate test for CHECK constraint only for inmemorydb * test: Add API layer test for TOTP recipe - Fixed get devices, verify TOTP, and verify device API - Add tests for all the APIs covering all exceptions * feat: Finish totp implementation * refactor: Update TOTP recipe vars and comments * chores: Mention API and DB changes for TOTP recipe in CHANGELOG * feat: Add support for active users stats (#585) * feat: Add support for active users stats * feat: Monitor active users for all auth recipes and session recipe * test: Add tests for active users update across different API calls (#586) * test: Add tests for active users update across different API calls * fix: Suppress usermapping exceptions for active users monitoring (#587) * feat: Make TOTP a paid feature and report stats (#589) * feat: Make TOTP a paid feature and report stats * test: Add test for TOTP usage stats * refactor: MAU should be sent irrespective of TOTP * refactor: Use internal supertokens user id in TOTP APIs (#591) * refactor: Use internal supertokens user id in TOTP APIs * test: Add test for user id mapping in TOTP APIs * feat: Check TOTP feature flag in TOTP recipe functions (#592) * feat: Check TOTP feature flag in TOTP recipe functions * feat: Test feature flag error is handled by APIs * updates CDI version info * test: Fix failing tests (#598) * test: Fix failing tests * fixes tests --------- Co-authored-by: rishabhpoddar <rishabh.poddar@gmail.com> * feat: Add new API and tests for counting active users (#596) * feat: Add new API and tests for counting active users * chores: Update CHANGELOG to mention new active user count API * test: Add bad input tests for active users count API * chores: Update the http method for active user count API in CHANGELOG * fixes tests and review comments --------- Co-authored-by: Rishabh Poddar <rishabh.poddar@gmail.com> Co-authored-by: Joel Coutinho <joelsteve97@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of change
feat: Make TOTP a paid feature and report stats
Related issues
Checklist for important updates
coreDriverInterfaceSupported.json
file has been updated (if needed)pluginInterfaceSupported.json
file has been updated (if needed)build.gradle
getPaidFeatureStats
function in FeatureFlag.java filebuild.gradle
, please make sure to add themin
implementationDependencies.json
.git tag
) in the formatvX.Y.Z
, and then find thelatest branch (
git branch --all
) whoseX.Y
is greater than the latest released tag.