Mfa multitenancy

coreDriverInterfaceSupported.json

@@ -17,6 +17,7 @@
     "2.20",
     "2.21",
     "3.0",
-    "4.0"
+    "4.0",
+    "4.1"
   ]
 }

ee/src/test/java/io/supertokens/ee/test/TestMultitenancyStats.java

@@ -78,6 +78,7 @@ public void testPaidStatsIsSentForAllAppsInMultitenancy() throws Exception {
                     new EmailPasswordConfig(true),
                     new ThirdPartyConfig(true, null),
                     new PasswordlessConfig(true),
+                    new TotpConfig(false), new MfaConfig(null, null),
                     config
             ), false);
 
@@ -86,6 +87,7 @@ public void testPaidStatsIsSentForAllAppsInMultitenancy() throws Exception {
                     new EmailPasswordConfig(true),
                     new ThirdPartyConfig(true, null),
                     new PasswordlessConfig(true),
+                    new TotpConfig(false), new MfaConfig(null, null),
                     config
             ), false);
 
@@ -94,6 +96,7 @@ public void testPaidStatsIsSentForAllAppsInMultitenancy() throws Exception {
                     new EmailPasswordConfig(true),
                     new ThirdPartyConfig(true, null),
                     new PasswordlessConfig(true),
+                    new TotpConfig(false), new MfaConfig(null, null),
                     config
             ), false);
         }

src/main/java/io/supertokens/inmemorydb/queries/multitenancy/TenantConfigSQLHelper.java

@@ -53,6 +53,8 @@ public TenantConfig map(ResultSet result) throws StorageQueryException {
                         new EmailPasswordConfig(result.getBoolean("email_password_enabled")),
                         new ThirdPartyConfig(result.getBoolean("third_party_enabled"), this.providers),
                         new PasswordlessConfig(result.getBoolean("passwordless_enabled")),
+                        new TotpConfig(false), // TODO
+                        new MfaConfig(new String[0], new String[0]), // TODO
                         JsonUtils.stringToJsonObject(result.getString("core_config"))
                 );
             } catch (Exception e) {

src/main/java/io/supertokens/multitenancy/MultitenancyHelper.java

@@ -75,7 +75,8 @@ public static void init(Main main) throws StorageQueryException, IOException {
                         new TenantConfig(
                                 new TenantIdentifier(null, null, null),
                                 new EmailPasswordConfig(true), new ThirdPartyConfig(true, null),
-                                new PasswordlessConfig(true), new JsonObject()), false, false, false);
+                                new PasswordlessConfig(true), new TotpConfig(false), new MfaConfig(null, null),
+                                new JsonObject()), false, false, false);
                 // Not force reloading all resources here (the last boolean in the function above)
                 // because the ucl for the FeatureFlag is not yet loaded and results in an empty
                 // instance of eeFeatureFlag. This is applicable only when the core is starting on
@@ -95,6 +96,8 @@ private TenantConfig[] getAllTenantsFromDb() throws StorageQueryException {
                             new EmailPasswordConfig(true),
                             new ThirdPartyConfig(true, null),
                             new PasswordlessConfig(true),
+                            new TotpConfig(false),
+                            new MfaConfig(null, null),
                             new JsonObject()
                     )
             };

src/main/java/io/supertokens/utils/SemVer.java

@@ -34,6 +34,7 @@ public class SemVer implements Comparable<SemVer> {
     public static final SemVer v2_21 = new SemVer("2.21");
     public static final SemVer v3_0 = new SemVer("3.0");
     public static final SemVer v4_0 = new SemVer("4.0");
+    public static final SemVer v4_1 = new SemVer("4.1");
 
     final private String version;
 

src/main/java/io/supertokens/webserver/InputParser.java

@@ -144,6 +144,25 @@ public static String parseStringOrThrowError(JsonObject element, String fieldNam
         }
     }
 
+    public static String[] parseStringArrayOrThrowError(JsonObject element, String fieldName, boolean nullable)
+            throws ServletException {
+        try {
+            if (nullable && element.get(fieldName) == null) {
+                return null;
+            }
+            JsonArray strings = element.get(fieldName).getAsJsonArray();
+            String[] result = new String[strings.size()];
+            for (int i = 0; i < strings.size(); i++) {
+                result[i] = strings.get(i).getAsString();
+            }
+
+            return result;
+        } catch (Exception e) {
+            throw new ServletException(
+                    new WebserverAPI.BadRequestException("Field name '" + fieldName + "' is invalid in JSON input"));
+        }
+    }
+
     public static String parseStringFromElementOrThrowError(JsonElement element, String parentFieldName,
             boolean nullable) throws ServletException {
         try {

src/main/java/io/supertokens/webserver/WebserverAPI.java

@@ -76,10 +76,11 @@ public abstract class WebserverAPI extends HttpServlet {
         supportedVersions.add(SemVer.v2_21);
         supportedVersions.add(SemVer.v3_0);
         supportedVersions.add(SemVer.v4_0);
+        supportedVersions.add(SemVer.v4_1);
     }
 
     public static SemVer getLatestCDIVersion() {
-        return SemVer.v4_0;
+        return SemVer.v4_1;
     }
 
     public SemVer getLatestCDIVersionForRequest(HttpServletRequest req)

src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java

@@ -45,8 +45,10 @@ public BaseCreateOrUpdate(Main main) {
 
     protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdentifier,
                           TenantIdentifier targetTenantIdentifier, Boolean emailPasswordEnabled,
-                          Boolean thirdPartyEnabled, Boolean passwordlessEnabled, JsonObject coreConfig,
-                          HttpServletResponse resp)
+                          Boolean thirdPartyEnabled, Boolean passwordlessEnabled, Boolean totpEnabled,
+                          boolean hasFirstFactors, String[] firstFactors,
+                          boolean hasDefaultRequiredFactorIds, String[] defaultRequiredFactorIds,
+                          JsonObject coreConfig, HttpServletResponse resp)
             throws ServletException, IOException {
 
         TenantConfig tenantConfig = Multitenancy.getTenantInfo(main,
@@ -63,6 +65,8 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
                         new EmailPasswordConfig(true),
                         new ThirdPartyConfig(true, null),
                         new PasswordlessConfig(true),
+                        new TotpConfig(false),
+                        new MfaConfig(null, null),
                         new JsonObject()
                 );
             } else {
@@ -72,6 +76,8 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
                         new EmailPasswordConfig(false),
                         new ThirdPartyConfig(false, null),
                         new PasswordlessConfig(false),
+                        new TotpConfig(false),
+                        new MfaConfig(null, null),
                         new JsonObject()
                 );
             }
@@ -84,6 +90,8 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
                     new EmailPasswordConfig(emailPasswordEnabled),
                     tenantConfig.thirdPartyConfig,
                     tenantConfig.passwordlessConfig,
+                    tenantConfig.totpConfig,
+                    tenantConfig.mfaConfig,
                     tenantConfig.coreConfig
             );
         }
@@ -94,6 +102,8 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
                     tenantConfig.emailPasswordConfig,
                     new ThirdPartyConfig(thirdPartyEnabled, tenantConfig.thirdPartyConfig.providers),
                     tenantConfig.passwordlessConfig,
+                    tenantConfig.totpConfig,
+                    tenantConfig.mfaConfig,
                     tenantConfig.coreConfig
             );
         }
@@ -104,6 +114,44 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
                     tenantConfig.emailPasswordConfig,
                     tenantConfig.thirdPartyConfig,
                     new PasswordlessConfig(passwordlessEnabled),
+                    tenantConfig.totpConfig,
+                    tenantConfig.mfaConfig,
+                    tenantConfig.coreConfig
+            );
+        }
+
+        if (totpEnabled != null) {
+            tenantConfig = new TenantConfig(
+                    tenantConfig.tenantIdentifier,
+                    tenantConfig.emailPasswordConfig,
+                    tenantConfig.thirdPartyConfig,
+                    tenantConfig.passwordlessConfig,
+                    new TotpConfig(totpEnabled),
+                    tenantConfig.mfaConfig,
+                    tenantConfig.coreConfig
+            );
+        }
+
+        if (hasFirstFactors) {
+            tenantConfig = new TenantConfig(
+                    tenantConfig.tenantIdentifier,
+                    tenantConfig.emailPasswordConfig,
+                    tenantConfig.thirdPartyConfig,
+                    tenantConfig.passwordlessConfig,
+                    tenantConfig.totpConfig,
+                    new MfaConfig(firstFactors, tenantConfig.mfaConfig.defaultRequiredFactorIds),
+                    tenantConfig.coreConfig
+            );
+        }
+
+        if (hasDefaultRequiredFactorIds) {
+            tenantConfig = new TenantConfig(
+                    tenantConfig.tenantIdentifier,
+                    tenantConfig.emailPasswordConfig,
+                    tenantConfig.thirdPartyConfig,
+                    tenantConfig.passwordlessConfig,
+                    tenantConfig.totpConfig,
+                    new MfaConfig(tenantConfig.mfaConfig.firstFactors, defaultRequiredFactorIds),
                     tenantConfig.coreConfig
             );
         }
@@ -115,6 +163,8 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
                     tenantConfig.emailPasswordConfig,
                     tenantConfig.thirdPartyConfig,
                     tenantConfig.passwordlessConfig,
+                    tenantConfig.totpConfig,
+                    tenantConfig.mfaConfig,
                     coreConfig
             );
         }

src/main/java/io/supertokens/webserver/api/multitenancy/CreateOrUpdateAppAPI.java

@@ -18,12 +18,11 @@
 
 import com.google.gson.JsonObject;
 import io.supertokens.Main;
-import io.supertokens.multitenancy.exception.BadPermissionException;
 import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
+import io.supertokens.utils.SemVer;
 import io.supertokens.webserver.InputParser;
 import io.supertokens.webserver.Utils;
-import io.supertokens.webserver.api.multitenancy.BaseCreateOrUpdate;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -56,6 +55,24 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
         Boolean passwordlessEnabled = InputParser.parseBooleanOrThrowError(input, "passwordlessEnabled", true);
         JsonObject coreConfig = InputParser.parseJsonObjectOrThrowError(input, "coreConfig", true);
 
+        Boolean totpEnabled = null;
+        String[] firstFactors = null;
+        boolean hasFirstFactors = false;
+        String[] defaultRequiredFactorIds = null;
+        boolean hasDefaultRequiredFactorIds = false;
+
+        if (getVersionFromRequest(req).greaterThanOrEqualTo(SemVer.v4_1)) {
+            totpEnabled = InputParser.parseBooleanOrThrowError(input, "totpEnabled", true);
+            hasFirstFactors = input.has("firstFactors");
+            if (hasFirstFactors && !input.get("firstFactors").isJsonNull()) {
+                firstFactors = InputParser.parseStringArrayOrThrowError(input, "firstFactors", true);
+            }
+            hasDefaultRequiredFactorIds = input.has("defaultRequiredFactorIds");
+            if (hasDefaultRequiredFactorIds && !input.get("defaultRequiredFactorIds").isJsonNull()) {
+                defaultRequiredFactorIds = InputParser.parseStringArrayOrThrowError(input, "defaultRequiredFactorIds", true);
+            }
+        }
+
         TenantIdentifier sourceTenantIdentifier;
         try {
             sourceTenantIdentifier = this.getTenantIdentifierWithStorageFromRequest(req);
@@ -66,7 +83,9 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
         super.handle(
                 req, sourceTenantIdentifier,
                 new TenantIdentifier(sourceTenantIdentifier.getConnectionUriDomain(), appId, null),
-                emailPasswordEnabled, thirdPartyEnabled, passwordlessEnabled, coreConfig, resp);
+                emailPasswordEnabled, thirdPartyEnabled, passwordlessEnabled,
+                totpEnabled, hasFirstFactors, firstFactors, hasDefaultRequiredFactorIds, defaultRequiredFactorIds,
+                coreConfig, resp);
 
     }
 }

src/main/java/io/supertokens/webserver/api/multitenancy/CreateOrUpdateConnectionUriDomainAPI.java

@@ -20,6 +20,7 @@
 import io.supertokens.Main;
 import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
+import io.supertokens.utils.SemVer;
 import io.supertokens.webserver.InputParser;
 import io.supertokens.webserver.Utils;
 import jakarta.servlet.ServletException;
@@ -54,6 +55,24 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
         Boolean passwordlessEnabled = InputParser.parseBooleanOrThrowError(input, "passwordlessEnabled", true);
         JsonObject coreConfig = InputParser.parseJsonObjectOrThrowError(input, "coreConfig", true);
 
+        Boolean totpEnabled = null;
+        String[] firstFactors = null;
+        boolean hasFirstFactors = false;
+        String[] defaultRequiredFactorIds = null;
+        boolean hasDefaultRequiredFactorIds = false;
+
+        if (getVersionFromRequest(req).greaterThanOrEqualTo(SemVer.v4_1)) {
+            totpEnabled = InputParser.parseBooleanOrThrowError(input, "totpEnabled", true);
+            hasFirstFactors = input.has("firstFactors");
+            if (hasFirstFactors && !input.get("firstFactors").isJsonNull()) {
+                firstFactors = InputParser.parseStringArrayOrThrowError(input, "firstFactors", true);
+            }
+            hasDefaultRequiredFactorIds = input.has("defaultRequiredFactorIds");
+            if (hasDefaultRequiredFactorIds && !input.get("defaultRequiredFactorIds").isJsonNull()) {
+                defaultRequiredFactorIds = InputParser.parseStringArrayOrThrowError(input, "defaultRequiredFactorIds", true);
+            }
+        }
+
         TenantIdentifier sourceTenantIdentifier;
         try {
             sourceTenantIdentifier = this.getTenantIdentifierWithStorageFromRequest(req);
@@ -64,7 +83,9 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
         super.handle(
                 req, sourceTenantIdentifier,
                 new TenantIdentifier(connectionUriDomain, null, null),
-                emailPasswordEnabled, thirdPartyEnabled, passwordlessEnabled, coreConfig, resp);
+                emailPasswordEnabled, thirdPartyEnabled, passwordlessEnabled,
+                totpEnabled, hasFirstFactors, firstFactors, hasDefaultRequiredFactorIds, defaultRequiredFactorIds,
+                coreConfig, resp);
 
     }
 }

src/main/java/io/supertokens/webserver/api/multitenancy/CreateOrUpdateTenantOrGetTenantAPI.java

@@ -22,6 +22,7 @@
 import io.supertokens.multitenancy.Multitenancy;
 import io.supertokens.pluginInterface.multitenancy.*;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
+import io.supertokens.utils.SemVer;
 import io.supertokens.webserver.InputParser;
 import io.supertokens.webserver.Utils;
 import jakarta.servlet.ServletException;
@@ -57,6 +58,24 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
         Boolean passwordlessEnabled = InputParser.parseBooleanOrThrowError(input, "passwordlessEnabled", true);
         JsonObject coreConfig = InputParser.parseJsonObjectOrThrowError(input, "coreConfig", true);
 
+        Boolean totpEnabled = null;
+        String[] firstFactors = null;
+        boolean hasFirstFactors = false;
+        String[] defaultRequiredFactorIds = null;
+        boolean hasDefaultRequiredFactorIds = false;
+
+        if (getVersionFromRequest(req).greaterThanOrEqualTo(SemVer.v4_1)) {
+            totpEnabled = InputParser.parseBooleanOrThrowError(input, "totpEnabled", true);
+            hasFirstFactors = input.has("firstFactors");
+            if (hasFirstFactors && !input.get("firstFactors").isJsonNull()) {
+                firstFactors = InputParser.parseStringArrayOrThrowError(input, "firstFactors", true);
+            }
+            hasDefaultRequiredFactorIds = input.has("defaultRequiredFactorIds");
+            if (hasDefaultRequiredFactorIds && !input.get("defaultRequiredFactorIds").isJsonNull()) {
+                defaultRequiredFactorIds = InputParser.parseStringArrayOrThrowError(input, "defaultRequiredFactorIds", true);
+            }
+        }
+
         TenantIdentifier sourceTenantIdentifier;
         try {
             sourceTenantIdentifier = this.getTenantIdentifierWithStorageFromRequest(req);
@@ -67,8 +86,9 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
         super.handle(
                 req, sourceTenantIdentifier,
                 new TenantIdentifier(sourceTenantIdentifier.getConnectionUriDomain(), sourceTenantIdentifier.getAppId(), tenantId),
-                emailPasswordEnabled, thirdPartyEnabled, passwordlessEnabled, coreConfig, resp);
-
+                emailPasswordEnabled, thirdPartyEnabled, passwordlessEnabled,
+                totpEnabled, hasFirstFactors, firstFactors, hasDefaultRequiredFactorIds, defaultRequiredFactorIds,
+                coreConfig, resp);
     }
 
     @Override
@@ -83,6 +103,11 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
             JsonObject result = config.toJson(shouldProtect, tenantIdentifier.getStorage(), CoreConfig.PROTECTED_CONFIGS);
             result.addProperty("status", "OK");
 
+            if (getVersionFromRequest(req).lesserThan(SemVer.v4_1)) {
+                result.remove("totp");
+                result.remove("mfa");
+            }
+
             super.sendJsonResponse(200, result, resp);
         } catch (TenantOrAppNotFoundException e) {
             JsonObject result = new JsonObject();

src/main/java/io/supertokens/webserver/api/multitenancy/thirdparty/CreateOrUpdateThirdPartyConfigAPI.java

@@ -114,6 +114,8 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
                             tenantConfig.thirdPartyConfig.enabled,
                             newProviders.toArray(new ThirdPartyConfig.Provider[0])),
                     tenantConfig.passwordlessConfig,
+                    tenantConfig.totpConfig,
+                    tenantConfig.mfaConfig,
                     tenantConfig.coreConfig);
 
             Multitenancy.addNewOrUpdateAppOrTenant(main, updatedConfig, shouldProtectProtectedConfig(req),

src/main/java/io/supertokens/webserver/api/multitenancy/thirdparty/RemoveThirdPartyConfigAPI.java

@@ -82,6 +82,8 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
                     new ThirdPartyConfig(
                             config.thirdPartyConfig.enabled, newProviders.toArray(new ThirdPartyConfig.Provider[0])),
                     config.passwordlessConfig,
+                    config.totpConfig,
+                    config.mfaConfig,
                     config.coreConfig);
 
             Multitenancy.addNewOrUpdateAppOrTenant(main, updatedConfig, shouldProtectProtectedConfig(req), false, true);

src/test/java/io/supertokens/test/CDIVersionTest.java

@@ -274,13 +274,15 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
                 new EmailPasswordConfig(true),
                 new ThirdPartyConfig(true, null),
                 new PasswordlessConfig(true),
+                new TotpConfig(false), new MfaConfig(null, null),
                 config
         ), false);
         Multitenancy.addNewOrUpdateAppOrTenant(process.getProcess(), new TenantConfig(
                 new TenantIdentifier(null, "a1", "t1"),
                 new EmailPasswordConfig(true),
                 new ThirdPartyConfig(true, null),
                 new PasswordlessConfig(true),
+                new TotpConfig(false), new MfaConfig(null, null),
                 new JsonObject()
         ), false);