-
-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core,schemas): add mandatory password guard on register #6368
Merged
simeng-li
merged 4 commits into
master
from
simeng-log-9558-core-review-interaction-api-vs-experience-api-review
Aug 1, 2024
Merged
feat(core,schemas): add mandatory password guard on register #6368
simeng-li
merged 4 commits into
master
from
simeng-log-9558-core-review-interaction-api-vs-experience-api-review
Aug 1, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
COMPARE TO
|
Name | Diff |
---|---|
packages/core/src/routes/experience/classes/experience-interaction.ts | 📈 +1.26 KB |
packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.test.ts | 📈 +3.72 KB |
packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.ts | 📈 +622 Bytes |
packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts | 📈 +70 Bytes |
packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts | 📈 +22 Bytes |
packages/integration-tests/src/client/experience/index.ts | 📈 +66 Bytes |
packages/integration-tests/src/helpers/experience/index.ts | 📈 +148 Bytes |
packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts | 📈 +1.92 KB |
packages/integration-tests/src/tests/api/experience-api/verifications/new-password-identity-verification.test.ts | 📈 +870 Bytes |
packages/phrases/src/locales/en/errors/session.ts | 📈 +191 Bytes |
packages/schemas/src/types/interactions.ts | 📈 +762 Bytes |
simeng-li
force-pushed
the
simeng-log-9098-interaction-logs-check
branch
from
July 31, 2024 05:46
b0f5405
to
85956a7
Compare
simeng-li
force-pushed
the
simeng-log-9558-core-review-interaction-api-vs-experience-api-review
branch
from
July 31, 2024 05:46
55d0e9b
to
9eb68aa
Compare
wangsijie
approved these changes
Jul 31, 2024
simeng-li
force-pushed
the
simeng-log-9098-interaction-logs-check
branch
from
July 31, 2024 06:22
85956a7
to
b0ce434
Compare
simeng-li
force-pushed
the
simeng-log-9558-core-review-interaction-api-vs-experience-api-review
branch
from
July 31, 2024 06:23
9eb68aa
to
2ca0749
Compare
Base automatically changed from
simeng-log-9098-interaction-logs-check
to
master
July 31, 2024 10:38
refactor backup code generate flow
fix api payload
fix rebase issue
add mandatory password guard on register
simeng-li
force-pushed
the
simeng-log-9558-core-review-interaction-api-vs-experience-api-review
branch
from
July 31, 2024 10:44
2ca0749
to
c5f86be
Compare
simeng-li
deleted the
simeng-log-9558-core-review-interaction-api-vs-experience-api-review
branch
August 1, 2024 02:20
nnorbert
added a commit
to ogcio/logto
that referenced
this pull request
Aug 27, 2024
* refactor(console): check mermaid by integration test env (logto-io#6183) * feat(core): implement new experience API routes (logto-io#5992) * feat(core): implement new interaction-session management flow implement a new interaction-session management flow for experience api use * feat(core): implement password sign-in flow implement password sign-in flow * test(core,schemas): add sign-in password tests add sign-in password tests * chore(core): update comments update comments * refactor(core): rename the password input value key rename the password input value key * refactor(core,schemas): refactor the experience API refactor the exerpience API structure * chore(test): add devFeature test add devFeature test * refactor(core): rename the path rename the path * refactor(core,schemas): refactor using the latest API design refactor using the latest API design * chore(test): replace using devFeature test statement replace using devFeature test statement * fix(core): fix lint error fix lint error * refactor(core): refactor experience API implementations refactor experience API implementations * refactor(core): replace with switch replace object map with switch * refactor: apply suggestions from code review * refactor(core): refactor the interaction class refactor the interaction class * refactor(core): update the user identification logic update the user identification logic --------- Co-authored-by: Gao Sun <gao@silverhand.io> * feat(core): implement verification code verification API (logto-io#6001) * feat(core,schemas): implement the verification code flow implement the verification code flow * chore(core): fix rebase issue fix rebase issue * refactor(console): add chrome extension guide (logto-io#6178) * feat(core,schemas): implement social verification experience API endpoints (logto-io#6150) feat(core,schemas): implement the social verification flow implement the social verificaiton flow * release: version packages (logto-io#5987) * fix(deps): update dependency p-limit to v6 (logto-io#6182) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor: correct phrases and translate some untranslate phrases for zh-cn (logto-io#6190) * refactor: correct zh-cn translations * refactor: translate some untranslate phrases for zh-cn * feat: organization logo * refactor(experience): cache user input identifier for a better sign-in experience (logto-io#6164) * refactor(core, experience): remove `no_cache` param * refactor(experience): add hidden identifier input for browser password manager (logto-io#6165) * refactor(core): refactor identifyUser method (logto-io#6154) refactor(core): refactor the user identification flow refactor the user identification flow * refactor(experience,phrases): update phrases for link identities page (logto-io#6104) * refactor: remove unused patches (logto-io#6179) * chore(deps): update dependency superstruct to v2 (logto-io#6173) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(core): actor token (logto-io#6171) * feat(console,schemas): add grant context to custom jwt (logto-io#6184) * feat(core): add subject token context to jwt customizer (logto-io#6185) * feat: support app-level branding * fix(deps): update dependency lru-cache to v11 (logto-io#6203) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor(core): refactor the sso interaction handlers (logto-io#6186) refactor(core): revert the sso utils input refactor revert the sso utils input refactor * feat(core): implement enterprise sso verification flow (logto-io#6198) implement the enterprise sso verification flow * refactor(console): reorg logo uploads * refactor(experience): add label for input field (logto-io#6200) * feat(core): add quota guard for subject tokens (logto-io#6205) * style(experience): update floating label position (logto-io#6211) * refactor(core): update cache key * refactor(console): rename file * refactor(console): update all logo uploaders (logto-io#6209) * refactor(experience): show dark favicon (logto-io#6210) * feat(core): implement TOTP verification routes (logto-io#6201) * feat(core): implmenent totp verification routes implement totp verification routes * fix(core): update comments update comments * feat(core,schemas): implement backup codes verification (logto-io#6207) implement the backup code verification flow * refactor: fix experience branding fallback * fix(experience): use forgot password identifier in related flow (logto-io#6221) * refactor(console): improve branding experience * feat(core): handle dpop and client certificate for token exchange (logto-io#6199) * refactor: fix third-party app experience branding (logto-io#6223) * refactor(core): refactor organizations in grants (logto-io#6208) * test: add resource test cases for token exchange (logto-io#6216) * feat(core): handle dpop and client certificate for token exchange * refactor(core): refactor organizations in grants * test: add resource test cases for token exchange * feat(core,schemas): introduce new PUT experience API (logto-io#6212) * feat(core,schemas): introduce new PUT experience API introduce new PUT experience API * fix(core): fix some comments fix some comments * refactor: experience ssr (logto-io#6229) * refactor: experience ssr * refactor: fix parameter issue * chore(deps): upgrade packages * chore(deps): upgrade zod * feat(experience): support loading state for buttons (logto-io#6232) * refactor: patch type issues * chore: add changesets (logto-io#6239) * chore(deps): update vitest monorepo to v2 (major) (logto-io#6202) * chore(deps): update vitest monorepo to v2 * refactor: remove unused lint ignorings --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Gao Sun <gao@silverhand.io> * feat(core,schemas): implement the sie settings guard (logto-io#6215) * feat(core,schemas): implement the sie settings guard implement the sie settings guard * fix(test): fix integration test fix integration test * test(core): add sie guard ut add sie guard ut * chore(core): add some comment add some comment * refactor(core): rename the sign-in-experience-settings class rename the sign-in-experience-settings class * feat: init elements * refactor(core): remove subject token api prefix (logto-io#6235) * feat(core): add get available sso connectors endpoint (logto-io#6224) feat(core): implement get sso connectors implement get sso connectors endpoint * feat(elements): init i18n * feat(core,schemas): implement the register flow (logto-io#6237) * feat(core,schemas): implement the register flow implement the register flow * refactor(core,schemas): relocate the profile type defs relocate the profile type defs * fix(core): fix the validation guard logic fix the validation guard logic * fix(core): fix social and sso identity not created bug fix social and sso identity not created bug * fix(core): fix social identities profile key fix social identities profile key * fix(core): fix sso query method fix sso query method * feat(core,schemas): add post custom ui assets api (logto-io#6118) * feat(core,schemas): add post custom ui assets api * test(core): add register integration tests (logto-io#6248) * test(core): add register integration tests add register integration tests * test: add enterprise sso integration tests add enterprise sso integration tests * feat(elements): add components * feat(core,schemas): implement the username password registration flow (logto-io#6249) * feat(core,schemas): implement the username password registration flow implement the username password registration flow * chore(core): update some comments update some comments * fix(test): fix integration tests fix integration tests * fix(test): fix lint fix lint * fix(experience): correct active state for input field (logto-io#6255) * refactor(console): use button loading in experience flow if possible (logto-io#6234) * refactor(experience): support and apply modal loading state (logto-io#6236) * refactor(experience): support and apply modal loading state * feat(experience): support cancel loading for modal * chore(elements): update readme * feat(core): add the new user provision (logto-io#6253) add the new user provision * feat(connector): enable custom headers for SMTP connector (logto-io#6256) * fix(console): fix Google connector `scope` field can not be unset bug (logto-io#6254) * style(experience): improve input filed style (logto-io#6260) * feat(core): set up proxy to host custom ui assets if available (logto-io#6214) * feat(core): set up proxy to host custom ui assets if available * refactor: use object param for koa spa proxy middleware * refactor: make queries param mandatory * style(experience): remove autofill style from input component (logto-io#6261) * fix(console): fix image upload in onboarding process (logto-io#6266) * fix(console): fix grant data card height (logto-io#6264) * fix(console): fix passwordless connector tester send failed bug (logto-io#6268) * feat(console): implement custom ui assets upload component (logto-io#6217) * ci: always set conclusion for alteration tests (logto-io#6276) * style(experience): add transition for notched border (logto-io#6265) * refactor(experience): avoid disabled button for continue button (logto-io#6271) * feat(core): add api quota guard for bring your ui feature (logto-io#6273) * fix(console): should not toast invitation sent message when creating tenant w/o invitee (logto-io#6270) fix(console): should not toast invitation sent message when creating tenant without invitee * feat(console): add impersonation price item (logto-io#6269) * fix(experience): shrink input field when autofilled by the browser (logto-io#6280) * feat(console): add impersonation tag to audit log (logto-io#6267) * feat(core,schemas): implement social/sso link and sync logic (logto-io#6257) * feat(core,schemas): implement social/sso link and sync logic implement social/sso link and sync logic * test(core): add intergration tests add integration tests * feat(core): add mfa verification guard (logto-io#6262) add mfa verification guard * chore: remove feature guard for token exchange (logto-io#6246) * chore: add changeset for impersonation (logto-io#6251) * chore(elements): move check to build * chore(deps): upgrade typescript * chore(elements): add locale changes * chore(deps): upgrade react * chore(elements): check git existence * feat(schemas): init app_secrets table * feat(core): multiple app secrets * refactor(core,schemas): refactor `CodeVerification` (logto-io#6277) * refactor(core,schemas): refactor the CodeVerification class split the CodeVerification class into EmailCodeVerification and PhoneCodeVerification * refactor(core,schemas): split CodeVerification type split CodeVerification type * fix(core): code review updates code review updates * feat: add content schema to HTTP 201 CREATED messages (logto-io#6244) feat: add content schema to 201 messages * feat(console,phrases): add bring your ui quota item to pricing table (logto-io#6274) * refactor(console,phrases,schemas): increase file upload size limit to 10mb (logto-io#6258) refactor(console,phrases,schemas): increase file upload size limit to 10 mb * feat(elements): init modal and input * refactor: fix phrases * feat(elements): init user provider * feat(elements): update name * feat(console,phrases): add bring your UI feature paywall (logto-io#6275) feat(console,phrases): add bring your ui feature paywall * chore: update README.md (logto-io#6297) * chore: update README.md * chore: add awesome list * style(experience): improve notched border animation (logto-io#6296) * fix(console): sidebar width should not be shrunk (logto-io#6299) * refactor(core): extract password-validator (logto-io#6282) * refactor(core): extract password-validator extract password validator * fix(core): update comments and rename method name update comment and rename method name * refactor(console): update file uploader component to 80px fixed height * fix(core): should not sync registered identifier from social (logto-io#6283) should not sync registered identifier from social * style(experience): use brand loading color for buttons (logto-io#6302) * chore(console): remove dev feature guard (logto-io#6303) * refactor(core): extract helpers and provision methods (logto-io#6285) extract helpers and provision methods * feat(console): support multiple app secrets * refactor(phrases): improve bring your ui field description * fix(console): add cloud guard to bring your ui form field * refactor(schemas): increase max upload file size limit to 20MB * fix(core): disable bring your ui feature for admin tenant (logto-io#6300) * fix(console): should be able to remove the zip on upload error (logto-io#6306) * refactor: generate application secret on creation * fix(console): fix loading and error handling for org details page (logto-io#6313) * refactor(console): keep button loading before redirecting to sign-in success page (logto-io#6305) * refactor: use vite for demo app * refactor(core): log app secret name * chore(phrases): sync keys and translate (logto-io#6315) * refactor(core): implement verification records map (logto-io#6289) * refactor(core): implement verificaiton records map implement verification records map * fix(core): fix invalid verification type error fix invalid verificaiton type error * fix(core): update the verification record map update the verification record map * fix(core): update some comments update some comments * refactor(core): polish promise dependency polish promise dependency * fix(core): fix the social/sso syncing profile logic fix the social/sso syncing profile logic * refactor(core): optimize the verification records map optimize the verification records map * fix(core): fix set method of VerificationRecord map fix set method of VerificationRecord map * refactor(experience): use button loading for social sign-in (logto-io#6316) * chore: add comment * chore: add comment * refactor(console): use vite * refactor(experience): use vite * refactor(console): use local mermaid import * fix(console): use correct public url (logto-io#6325) * refactor(console, experience): optimize bundling (logto-io#6326) * refactor(console, experience): optimize bundling * fix: use correct favicon paths * chore: use dynamic react dependency checking in bundling * refactor(core): rename some file names and methods (logto-io#6321) * refactor(core): rename some files name and methods rename some files name and methods, fix some comments * chore: update comments update comments * chore: update comments update comments * chore: polish the words polish the words * fix(console): check scope only when data is ready (logto-io#6329) * feat(core,schemas): implement profile fulfillment flow (logto-io#6293) * feat(core,schemas): implement profile fulfillment flow implement profile fulfillment flow * fix(test): fix integration tests fix integration tests * fix(core): fix rebase issue fix rebase issue * refactor(core): refactor the interaction set profile flow refactor the interaction set profile flow * test(core): add profile fulfillment integration tests (logto-io#6294) * test(core): add profile fufillment integration tests add profile fufillment integration tests * fix: fix integration tests fix integration tests * refactor(test): rebase and update the latest profile api rebase and update the latest profile api * fix(console): css loaded svg should be rendered properly (logto-io#6333) * fix(core): fix some webhook api body status 404 bug (logto-io#6311) * fix(core): fix some webhook api body status 404 bug fix some webhook api body status 404 bug * fix(core): improve the webhook trigger logic improve the webhook trigger logic * chore: add changeset add changeset * chore: update the changeset update the changeset * feat(core): implement the WebAuthn verification (logto-io#6308) feat(core): implement the webauthn verification implement the webauthn verification * feat(schemas): add custom data to application (logto-io#6309) * feat(core,schemas): add application custom data add application custom data * test(core): add update application with new custom data test add update application with new custom data test * refactor(console): increase custom ui assets upload timeout to 5 mins (logto-io#6319) refactor(console): increase custom ui assets upload timeout to 5mins * refactor: update logto/core cloud API usage * refactor: update code according to CR * refactor(console): update admin console using new pricing model (logto-io#6295) * refactor(console): update cloud API calls * refactor: update code according to CR * refactor: correct component usage * refactor(console): safely lazy load pages (logto-io#6332) * refactor(console): safely lazy load pages * chore(console): use react-safe-lazy * feat(core): implement the missing mfa bind and guard flow (logto-io#6320) * feat(core): implement the mfa binding flow implment the mfa binding flow * fix(test): fix integration tests fix integration tests * fix(core): fix the wrong status code fix the wrong status code * refactor(core): refactor bind backup codes refactor bind backup codes * refactor(core): extract isNewMfaVerification property (logto-io#6338) extract isNewMfaVerifrication property * refactor(core): refactor backup code generates flow (logto-io#6339) refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(console): dragging anchor in the color picker on application branding page (logto-io#6340) * test(core): add the mfa binding integration tests (logto-io#6330) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * test(core): implement the mfa binding integration tests implement the mfa binding integration tests * test(core): rebase backup code refactor rebase backup code refactor * style(console): fix custom jwt guide card style (logto-io#6343) * refactor(console): block page navigation when uploading custom ui assets (logto-io#6342) * chore(console): update bring your ui documentation link (logto-io#6317) chore(console): add bring your ui documentation link * fix(elements): fix user context tag name (logto-io#6346) * chore: launch multiple app secrets * chore: launch multiple app secrets * refactor(core): use tsup for building * refactor: use tsup for building * refactor(console): improve ux * chore: fix failed tests * refactor(connector): use tsup for building * ci: add check job * feat(console): remove beta tag for protected app (logto-io#6341) * feat(console): add passport.js guide (logto-io#6344) * chore: update plausible urls (logto-io#6349) * refactor(console, experience): solve sass deprecations (logto-io#6356) * fix(console): fix the plan title for subscription plan selector (logto-io#6348) * refactor(core): refactor openapi docs for protected app (logto-io#6331) * refactor: update per review * feat: allow app secret edit (logto-io#6352) * fix(console): add dev guard on new pricing model subscription hooks (logto-io#6363) * feat(core): migrate register flow affiliate report logic (logto-io#6334) Migrate the new user affiliate flow from interaction API. - `postAffiliateLogs` is forked from `routes/interaction/actions/helpers.ts` * refactor(core): extract verified interaction guard middleware (logto-io#6336) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * refactor(core): extract verified interaction guard middleware extract verified interaction guard middleware * refactor(console): fix text overflow issue (logto-io#6366) * refactor(core): make the interaction event mandatory (logto-io#6337) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * refactor(core): make the interaction event mandatory make the interaction event mandatory * test: update integration tests update integration tests * fix(core): fix the middleware apply bug fix the koaExperienceInteraction middleware apply bug * feat(core): add webhooks middleware to experience api (logto-io#6357) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core): add hooks middleware to experience APIs add interaction hooks to experience APIs * refactor(core): refactor experience API context type refactor experience API context type * feat(connector): added postmark connector * chore: remove unused deps (logto-io#6372) * chore: remove unused deps * chore: fix version * refactor(core): improve swagger auth description (logto-io#6367) * feat(core,schemas): add auditLogs to experience API (logto-io#6361) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core,schemas): add auditLogs to experience API add auditLogs to experience API * refactor(core): allow cloudflare insights origin in csp (logto-io#6375) refactor(core): allow cloudflare csp * feat(core,schemas): add mandatory password guard on register (logto-io#6368) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core,schemas): add mandatory password guard on register add mandatory password guard on register * feat: add advanced search params to all supported endpoints (logto-io#6358) * feat: add search params to list users endpoint * feat: implement advanced search for all supported endpoints * chore(deps): update dependency nock to v14.0.0-beta.9 (logto-io#6243) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(cli): add cli command to setup custom ui local debugging proxy (logto-io#6365) * feat(cli): add proxy * refactor(cli): polish code per comments * refactor(cli): polish code * refactor(cli): support serving static files * chore: add changeset * refactor: polish code * refactor(cli): polish code * refactor(cli): make json parse safer * feat(core,console,phrases): add custom data editor to application details page (logto-io#6370) * feat(core,console,phrases): add custom data editor to application details page add custom data editor to application details page * chore: add changeset add changeset * fix(core): fix input params bug fix input params bug * fix(test): fix the integration tests fix the integration tests * fix(console): use the form controller element use the form controller element * fix(core,console): remove deepPartial statement remove deepPartial statement from the patch application API payload guard * fix(test): fix backchannel integration test fix backchannel integration test * fix(core): allow non-json body type when parsing (logto-io#6379) * refactor(core): make password optional in NewPasswordIdentity (logto-io#6377) refactor(core): make password optional in NewPasswordIdentity verification make password optioanl in NewPasswordIdentity verification * refactor(console): get and check `skuId` from checkout session (logto-io#6369) * refactor(console): get and check skuId from checkout session * chore: update @logto/cloud dependency * refactor: add tests for content-type in oidc apis (logto-io#6380) * refactor(console): delay module loading suspense component display by 500ms (logto-io#6345) * chore(console): remove redunant login hint usage for invitation (logto-io#6385) * fix(core): error data bug fixing (logto-io#6382) fix(core): error code bug fixing error code bug fixing * refactor(console): update billing info showed in subscription details page (logto-io#6384) * fix(console): add in-line error message (logto-io#6386) * fix(console): add in-line error message add in-line error message * refactor(console): remove old validation logic remove old validation logic * fix(console): create tenant button should stretch to full width (logto-io#6381) * fix(console): manual update subscription data when add/delete resources (logto-io#6360) * fix(console): add post response hook to update subscription info for useApi hook * refactor: wrap sync subscription data method * chore(phrases): update content (logto-io#6392) chore: update content * fix(console): fix the subscription plan display in tenant dropdown (logto-io#6393) * refactor(core): should not guard sso authentication flow (logto-io#6394) should not guard mfa and profile fulfillment for the sso authentication flow * fix(core): should not throw when not adding any new roles to a user (logto-io#6387) * fix(console): should not call cloud API when tenant ID is not valid (logto-io#6399) * refactor(console): improve guide logo and contact us logo display (logto-io#6391) * feat(core,schemas): add support for argon2d and argon2id (logto-io#6404) * feat(console): support next auth v5 (logto-io#6397) * feat: add add-on feature notice/tag * chore: define add on unit price temporarily * refactor: produce br outputs (logto-io#6376) * refactor: produce br outputs * refactor: fix favicon url * refactor: add `report:subscription:updates` Cloud scope (logto-io#6403) * Revert "refactor: add `report:subscription:updates` Cloud scope" (logto-io#6412) Revert "refactor: add `report:subscription:updates` Cloud scope (logto-io#6403)" This reverts commit e1922e9. * fix(console): fix unexpected 401 error toast (logto-io#6416) * feat(core): add Sentinel guard (logto-io#6374) feat(core): add sentinel protection add sentinel protection * feat(core): support google one tap (logto-io#6395) * feat(core): support google one tap support google one tap verification * fix(core): fix google one tap verification error fix google one tap verification error * fix(test): optimize social verification test optimize social verificaiton tests * fix(test): update social verification ut update social verification util unit test * refactor(core,schemas): refactor the register flow (logto-io#6401) * refactor(core,schemas): refactor the registration flow refactor the registraction flow * fix(core): remove unused method remove unused method * fix(test): remove legacy test remove legacy test * fix(core): fix webauthn verificaiton api fix webauthn verification api * feat(console): add new usage display for pro subscription plan (logto-io#6413) * release: version packages (logto-io#6197) * Fixing missing variables. --------- Co-authored-by: Gao Sun <gao@silverhand.io> Co-authored-by: simeng-li <simeng@silverhand.io> Co-authored-by: silverhand-bot <107667382+silverhand-bot@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Misaka_L <lipww1234@foxmail.com> Co-authored-by: Xiao Yijun <xiaoyijun@silverhand.io> Co-authored-by: wangsijie <wangsijie@silverhand.io> Co-authored-by: Charles Zhao <charleszhao@silverhand.io> Co-authored-by: Darcy Ye <darcyye@silverhand.io> Co-authored-by: Mostafa Moradian <mstfmoradian@gmail.com> Co-authored-by: Sten Roger Sandvik <sten.sandvik@fieldnode.com>
SamSalvatico
added a commit
to ogcio/logto
that referenced
this pull request
Sep 3, 2024
* refactor(console): reorg logo uploads * refactor(experience): add label for input field (logto-io#6200) * feat(core): add quota guard for subject tokens (logto-io#6205) * style(experience): update floating label position (logto-io#6211) * refactor(core): update cache key * refactor(console): rename file * refactor(console): update all logo uploaders (logto-io#6209) * refactor(experience): show dark favicon (logto-io#6210) * feat(core): implement TOTP verification routes (logto-io#6201) * feat(core): implmenent totp verification routes implement totp verification routes * fix(core): update comments update comments * feat(core,schemas): implement backup codes verification (logto-io#6207) implement the backup code verification flow * refactor: fix experience branding fallback * fix(experience): use forgot password identifier in related flow (logto-io#6221) * refactor(console): improve branding experience * feat(core): handle dpop and client certificate for token exchange (logto-io#6199) * refactor: fix third-party app experience branding (logto-io#6223) * refactor(core): refactor organizations in grants (logto-io#6208) * test: add resource test cases for token exchange (logto-io#6216) * feat(core): handle dpop and client certificate for token exchange * refactor(core): refactor organizations in grants * test: add resource test cases for token exchange * feat(core,schemas): introduce new PUT experience API (logto-io#6212) * feat(core,schemas): introduce new PUT experience API introduce new PUT experience API * fix(core): fix some comments fix some comments * refactor: experience ssr (logto-io#6229) * refactor: experience ssr * refactor: fix parameter issue * chore(deps): upgrade packages * chore(deps): upgrade zod * feat(experience): support loading state for buttons (logto-io#6232) * refactor: patch type issues * chore: add changesets (logto-io#6239) * chore(deps): update vitest monorepo to v2 (major) (logto-io#6202) * chore(deps): update vitest monorepo to v2 * refactor: remove unused lint ignorings --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Gao Sun <gao@silverhand.io> * feat(core,schemas): implement the sie settings guard (logto-io#6215) * feat(core,schemas): implement the sie settings guard implement the sie settings guard * fix(test): fix integration test fix integration test * test(core): add sie guard ut add sie guard ut * chore(core): add some comment add some comment * refactor(core): rename the sign-in-experience-settings class rename the sign-in-experience-settings class * feat: init elements * refactor(core): remove subject token api prefix (logto-io#6235) * feat(core): add get available sso connectors endpoint (logto-io#6224) feat(core): implement get sso connectors implement get sso connectors endpoint * feat(elements): init i18n * feat(core,schemas): implement the register flow (logto-io#6237) * feat(core,schemas): implement the register flow implement the register flow * refactor(core,schemas): relocate the profile type defs relocate the profile type defs * fix(core): fix the validation guard logic fix the validation guard logic * fix(core): fix social and sso identity not created bug fix social and sso identity not created bug * fix(core): fix social identities profile key fix social identities profile key * fix(core): fix sso query method fix sso query method * feat(core,schemas): add post custom ui assets api (logto-io#6118) * feat(core,schemas): add post custom ui assets api * test(core): add register integration tests (logto-io#6248) * test(core): add register integration tests add register integration tests * test: add enterprise sso integration tests add enterprise sso integration tests * feat(elements): add components * feat(core,schemas): implement the username password registration flow (logto-io#6249) * feat(core,schemas): implement the username password registration flow implement the username password registration flow * chore(core): update some comments update some comments * fix(test): fix integration tests fix integration tests * fix(test): fix lint fix lint * fix(experience): correct active state for input field (logto-io#6255) * refactor(console): use button loading in experience flow if possible (logto-io#6234) * refactor(experience): support and apply modal loading state (logto-io#6236) * refactor(experience): support and apply modal loading state * feat(experience): support cancel loading for modal * chore(elements): update readme * feat(core): add the new user provision (logto-io#6253) add the new user provision * feat(connector): enable custom headers for SMTP connector (logto-io#6256) * fix(console): fix Google connector `scope` field can not be unset bug (logto-io#6254) * style(experience): improve input filed style (logto-io#6260) * feat(core): set up proxy to host custom ui assets if available (logto-io#6214) * feat(core): set up proxy to host custom ui assets if available * refactor: use object param for koa spa proxy middleware * refactor: make queries param mandatory * style(experience): remove autofill style from input component (logto-io#6261) * fix(console): fix image upload in onboarding process (logto-io#6266) * fix(console): fix grant data card height (logto-io#6264) * fix(console): fix passwordless connector tester send failed bug (logto-io#6268) * feat(console): implement custom ui assets upload component (logto-io#6217) * ci: always set conclusion for alteration tests (logto-io#6276) * style(experience): add transition for notched border (logto-io#6265) * refactor(experience): avoid disabled button for continue button (logto-io#6271) * feat(core): add api quota guard for bring your ui feature (logto-io#6273) * fix(console): should not toast invitation sent message when creating tenant w/o invitee (logto-io#6270) fix(console): should not toast invitation sent message when creating tenant without invitee * feat(console): add impersonation price item (logto-io#6269) * fix(experience): shrink input field when autofilled by the browser (logto-io#6280) * feat(console): add impersonation tag to audit log (logto-io#6267) * feat(core,schemas): implement social/sso link and sync logic (logto-io#6257) * feat(core,schemas): implement social/sso link and sync logic implement social/sso link and sync logic * test(core): add intergration tests add integration tests * feat(core): add mfa verification guard (logto-io#6262) add mfa verification guard * chore: remove feature guard for token exchange (logto-io#6246) * chore: add changeset for impersonation (logto-io#6251) * chore(elements): move check to build * chore(deps): upgrade typescript * chore(elements): add locale changes * chore(deps): upgrade react * chore(elements): check git existence * feat(schemas): init app_secrets table * feat(core): multiple app secrets * refactor(core,schemas): refactor `CodeVerification` (logto-io#6277) * refactor(core,schemas): refactor the CodeVerification class split the CodeVerification class into EmailCodeVerification and PhoneCodeVerification * refactor(core,schemas): split CodeVerification type split CodeVerification type * fix(core): code review updates code review updates * feat: add content schema to HTTP 201 CREATED messages (logto-io#6244) feat: add content schema to 201 messages * feat(console,phrases): add bring your ui quota item to pricing table (logto-io#6274) * refactor(console,phrases,schemas): increase file upload size limit to 10mb (logto-io#6258) refactor(console,phrases,schemas): increase file upload size limit to 10 mb * feat(elements): init modal and input * refactor: fix phrases * feat(elements): init user provider * feat(elements): update name * feat(console,phrases): add bring your UI feature paywall (logto-io#6275) feat(console,phrases): add bring your ui feature paywall * chore: update README.md (logto-io#6297) * chore: update README.md * chore: add awesome list * style(experience): improve notched border animation (logto-io#6296) * fix(console): sidebar width should not be shrunk (logto-io#6299) * refactor(core): extract password-validator (logto-io#6282) * refactor(core): extract password-validator extract password validator * fix(core): update comments and rename method name update comment and rename method name * refactor(console): update file uploader component to 80px fixed height * fix(core): should not sync registered identifier from social (logto-io#6283) should not sync registered identifier from social * style(experience): use brand loading color for buttons (logto-io#6302) * chore(console): remove dev feature guard (logto-io#6303) * refactor(core): extract helpers and provision methods (logto-io#6285) extract helpers and provision methods * feat(console): support multiple app secrets * refactor(phrases): improve bring your ui field description * fix(console): add cloud guard to bring your ui form field * refactor(schemas): increase max upload file size limit to 20MB * fix(core): disable bring your ui feature for admin tenant (logto-io#6300) * fix(console): should be able to remove the zip on upload error (logto-io#6306) * refactor: generate application secret on creation * fix(console): fix loading and error handling for org details page (logto-io#6313) * refactor(console): keep button loading before redirecting to sign-in success page (logto-io#6305) * refactor: use vite for demo app * refactor(core): log app secret name * chore(phrases): sync keys and translate (logto-io#6315) * refactor(core): implement verification records map (logto-io#6289) * refactor(core): implement verificaiton records map implement verification records map * fix(core): fix invalid verification type error fix invalid verificaiton type error * fix(core): update the verification record map update the verification record map * fix(core): update some comments update some comments * refactor(core): polish promise dependency polish promise dependency * fix(core): fix the social/sso syncing profile logic fix the social/sso syncing profile logic * refactor(core): optimize the verification records map optimize the verification records map * fix(core): fix set method of VerificationRecord map fix set method of VerificationRecord map * refactor(experience): use button loading for social sign-in (logto-io#6316) * chore: add comment * chore: add comment * refactor(console): use vite * refactor(experience): use vite * refactor(console): use local mermaid import * fix(console): use correct public url (logto-io#6325) * refactor(console, experience): optimize bundling (logto-io#6326) * refactor(console, experience): optimize bundling * fix: use correct favicon paths * chore: use dynamic react dependency checking in bundling * refactor(core): rename some file names and methods (logto-io#6321) * refactor(core): rename some files name and methods rename some files name and methods, fix some comments * chore: update comments update comments * chore: update comments update comments * chore: polish the words polish the words * fix(console): check scope only when data is ready (logto-io#6329) * feat(core,schemas): implement profile fulfillment flow (logto-io#6293) * feat(core,schemas): implement profile fulfillment flow implement profile fulfillment flow * fix(test): fix integration tests fix integration tests * fix(core): fix rebase issue fix rebase issue * refactor(core): refactor the interaction set profile flow refactor the interaction set profile flow * test(core): add profile fulfillment integration tests (logto-io#6294) * test(core): add profile fufillment integration tests add profile fufillment integration tests * fix: fix integration tests fix integration tests * refactor(test): rebase and update the latest profile api rebase and update the latest profile api * fix(console): css loaded svg should be rendered properly (logto-io#6333) * fix(core): fix some webhook api body status 404 bug (logto-io#6311) * fix(core): fix some webhook api body status 404 bug fix some webhook api body status 404 bug * fix(core): improve the webhook trigger logic improve the webhook trigger logic * chore: add changeset add changeset * chore: update the changeset update the changeset * feat(core): implement the WebAuthn verification (logto-io#6308) feat(core): implement the webauthn verification implement the webauthn verification * feat(schemas): add custom data to application (logto-io#6309) * feat(core,schemas): add application custom data add application custom data * test(core): add update application with new custom data test add update application with new custom data test * refactor(console): increase custom ui assets upload timeout to 5 mins (logto-io#6319) refactor(console): increase custom ui assets upload timeout to 5mins * refactor: update logto/core cloud API usage * refactor: update code according to CR * refactor(console): update admin console using new pricing model (logto-io#6295) * refactor(console): update cloud API calls * refactor: update code according to CR * refactor: correct component usage * refactor(console): safely lazy load pages (logto-io#6332) * refactor(console): safely lazy load pages * chore(console): use react-safe-lazy * feat(core): implement the missing mfa bind and guard flow (logto-io#6320) * feat(core): implement the mfa binding flow implment the mfa binding flow * fix(test): fix integration tests fix integration tests * fix(core): fix the wrong status code fix the wrong status code * refactor(core): refactor bind backup codes refactor bind backup codes * refactor(core): extract isNewMfaVerification property (logto-io#6338) extract isNewMfaVerifrication property * refactor(core): refactor backup code generates flow (logto-io#6339) refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(console): dragging anchor in the color picker on application branding page (logto-io#6340) * test(core): add the mfa binding integration tests (logto-io#6330) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * test(core): implement the mfa binding integration tests implement the mfa binding integration tests * test(core): rebase backup code refactor rebase backup code refactor * style(console): fix custom jwt guide card style (logto-io#6343) * refactor(console): block page navigation when uploading custom ui assets (logto-io#6342) * chore(console): update bring your ui documentation link (logto-io#6317) chore(console): add bring your ui documentation link * fix(elements): fix user context tag name (logto-io#6346) * chore: launch multiple app secrets * chore: launch multiple app secrets * refactor(core): use tsup for building * refactor: use tsup for building * refactor(console): improve ux * chore: fix failed tests * refactor(connector): use tsup for building * ci: add check job * feat(console): remove beta tag for protected app (logto-io#6341) * feat(console): add passport.js guide (logto-io#6344) * chore: update plausible urls (logto-io#6349) * refactor(console, experience): solve sass deprecations (logto-io#6356) * fix(console): fix the plan title for subscription plan selector (logto-io#6348) * refactor(core): refactor openapi docs for protected app (logto-io#6331) * refactor: update per review * feat: allow app secret edit (logto-io#6352) * fix(console): add dev guard on new pricing model subscription hooks (logto-io#6363) * feat(core): migrate register flow affiliate report logic (logto-io#6334) Migrate the new user affiliate flow from interaction API. - `postAffiliateLogs` is forked from `routes/interaction/actions/helpers.ts` * refactor(core): extract verified interaction guard middleware (logto-io#6336) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * refactor(core): extract verified interaction guard middleware extract verified interaction guard middleware * refactor(console): fix text overflow issue (logto-io#6366) * refactor(core): make the interaction event mandatory (logto-io#6337) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * refactor(core): make the interaction event mandatory make the interaction event mandatory * test: update integration tests update integration tests * fix(core): fix the middleware apply bug fix the koaExperienceInteraction middleware apply bug * feat(core): add webhooks middleware to experience api (logto-io#6357) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core): add hooks middleware to experience APIs add interaction hooks to experience APIs * refactor(core): refactor experience API context type refactor experience API context type * feat(connector): added postmark connector * chore: remove unused deps (logto-io#6372) * chore: remove unused deps * chore: fix version * refactor(core): improve swagger auth description (logto-io#6367) * feat(core,schemas): add auditLogs to experience API (logto-io#6361) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core,schemas): add auditLogs to experience API add auditLogs to experience API * refactor(core): allow cloudflare insights origin in csp (logto-io#6375) refactor(core): allow cloudflare csp * feat(core,schemas): add mandatory password guard on register (logto-io#6368) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core,schemas): add mandatory password guard on register add mandatory password guard on register * feat: add advanced search params to all supported endpoints (logto-io#6358) * feat: add search params to list users endpoint * feat: implement advanced search for all supported endpoints * chore(deps): update dependency nock to v14.0.0-beta.9 (logto-io#6243) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(cli): add cli command to setup custom ui local debugging proxy (logto-io#6365) * feat(cli): add proxy * refactor(cli): polish code per comments * refactor(cli): polish code * refactor(cli): support serving static files * chore: add changeset * refactor: polish code * refactor(cli): polish code * refactor(cli): make json parse safer * feat(core,console,phrases): add custom data editor to application details page (logto-io#6370) * feat(core,console,phrases): add custom data editor to application details page add custom data editor to application details page * chore: add changeset add changeset * fix(core): fix input params bug fix input params bug * fix(test): fix the integration tests fix the integration tests * fix(console): use the form controller element use the form controller element * fix(core,console): remove deepPartial statement remove deepPartial statement from the patch application API payload guard * fix(test): fix backchannel integration test fix backchannel integration test * fix(core): allow non-json body type when parsing (logto-io#6379) * refactor(core): make password optional in NewPasswordIdentity (logto-io#6377) refactor(core): make password optional in NewPasswordIdentity verification make password optioanl in NewPasswordIdentity verification * refactor(console): get and check `skuId` from checkout session (logto-io#6369) * refactor(console): get and check skuId from checkout session * chore: update @logto/cloud dependency * refactor: add tests for content-type in oidc apis (logto-io#6380) * refactor(console): delay module loading suspense component display by 500ms (logto-io#6345) * chore(console): remove redunant login hint usage for invitation (logto-io#6385) * fix(core): error data bug fixing (logto-io#6382) fix(core): error code bug fixing error code bug fixing * refactor(console): update billing info showed in subscription details page (logto-io#6384) * fix(console): add in-line error message (logto-io#6386) * fix(console): add in-line error message add in-line error message * refactor(console): remove old validation logic remove old validation logic * fix(console): create tenant button should stretch to full width (logto-io#6381) * fix(console): manual update subscription data when add/delete resources (logto-io#6360) * fix(console): add post response hook to update subscription info for useApi hook * refactor: wrap sync subscription data method * chore(phrases): update content (logto-io#6392) chore: update content * fix(console): fix the subscription plan display in tenant dropdown (logto-io#6393) * refactor(core): should not guard sso authentication flow (logto-io#6394) should not guard mfa and profile fulfillment for the sso authentication flow * fix(core): should not throw when not adding any new roles to a user (logto-io#6387) * fix(console): should not call cloud API when tenant ID is not valid (logto-io#6399) * refactor(console): improve guide logo and contact us logo display (logto-io#6391) * feat(core,schemas): add support for argon2d and argon2id (logto-io#6404) * feat(console): support next auth v5 (logto-io#6397) * feat: add add-on feature notice/tag * chore: define add on unit price temporarily * refactor: produce br outputs (logto-io#6376) * refactor: produce br outputs * refactor: fix favicon url * refactor: add `report:subscription:updates` Cloud scope (logto-io#6403) * Revert "refactor: add `report:subscription:updates` Cloud scope" (logto-io#6412) Revert "refactor: add `report:subscription:updates` Cloud scope (logto-io#6403)" This reverts commit e1922e9. * fix(console): fix unexpected 401 error toast (logto-io#6416) * feat(core): add Sentinel guard (logto-io#6374) feat(core): add sentinel protection add sentinel protection * feat(core): support google one tap (logto-io#6395) * feat(core): support google one tap support google one tap verification * fix(core): fix google one tap verification error fix google one tap verification error * fix(test): optimize social verification test optimize social verificaiton tests * fix(test): update social verification ut update social verification util unit test * refactor(core,schemas): refactor the register flow (logto-io#6401) * refactor(core,schemas): refactor the registration flow refactor the registraction flow * fix(core): remove unused method remove unused method * fix(test): remove legacy test remove legacy test * fix(core): fix webauthn verificaiton api fix webauthn verification api * feat(console): add new usage display for pro subscription plan (logto-io#6413) * release: version packages (logto-io#6197) * feat(cli): added ogcio folder * chore(cli): added ref to ogcio command * feat(core): added env sample * chore(cli): added port collision fix * chore(core): updated docker compose * chore(cli): fixed dockerfile * chore(cli): added makefile * chore(core): updated package json * chore(core): updated run logto remote * chore(core): updated pr request template * chore(cli): ogcio connectors * chore(phrases): updated errors * chore(core): added lot of stuffs * fix(cli): fixed port * workflow main * dockerignore * readme * basics * basics * basics * basics * eof * eof * eof * chore(core): synced --------- Co-authored-by: Gao Sun <gao@silverhand.io> Co-authored-by: Xiao Yijun <xiaoyijun@silverhand.io> Co-authored-by: wangsijie <wangsijie@silverhand.io> Co-authored-by: simeng-li <simeng@silverhand.io> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Charles Zhao <charleszhao@silverhand.io> Co-authored-by: Darcy Ye <darcyye@silverhand.io> Co-authored-by: Mostafa Moradian <mstfmoradian@gmail.com> Co-authored-by: Sten Roger Sandvik <sten.sandvik@fieldnode.com> Co-authored-by: silverhand-bot <107667382+silverhand-bot@users.noreply.github.com>
SamSalvatico
added a commit
to ogcio/logto
that referenced
this pull request
Oct 7, 2024
* refactor(experience): use vite * refactor(console): use local mermaid import * fix(console): use correct public url (logto-io#6325) * refactor(console, experience): optimize bundling (logto-io#6326) * refactor(console, experience): optimize bundling * fix: use correct favicon paths * chore: use dynamic react dependency checking in bundling * refactor(core): rename some file names and methods (logto-io#6321) * refactor(core): rename some files name and methods rename some files name and methods, fix some comments * chore: update comments update comments * chore: update comments update comments * chore: polish the words polish the words * fix(console): check scope only when data is ready (logto-io#6329) * feat(core,schemas): implement profile fulfillment flow (logto-io#6293) * feat(core,schemas): implement profile fulfillment flow implement profile fulfillment flow * fix(test): fix integration tests fix integration tests * fix(core): fix rebase issue fix rebase issue * refactor(core): refactor the interaction set profile flow refactor the interaction set profile flow * test(core): add profile fulfillment integration tests (logto-io#6294) * test(core): add profile fufillment integration tests add profile fufillment integration tests * fix: fix integration tests fix integration tests * refactor(test): rebase and update the latest profile api rebase and update the latest profile api * fix(console): css loaded svg should be rendered properly (logto-io#6333) * fix(core): fix some webhook api body status 404 bug (logto-io#6311) * fix(core): fix some webhook api body status 404 bug fix some webhook api body status 404 bug * fix(core): improve the webhook trigger logic improve the webhook trigger logic * chore: add changeset add changeset * chore: update the changeset update the changeset * feat(core): implement the WebAuthn verification (logto-io#6308) feat(core): implement the webauthn verification implement the webauthn verification * feat(schemas): add custom data to application (logto-io#6309) * feat(core,schemas): add application custom data add application custom data * test(core): add update application with new custom data test add update application with new custom data test * refactor(console): increase custom ui assets upload timeout to 5 mins (logto-io#6319) refactor(console): increase custom ui assets upload timeout to 5mins * refactor: update logto/core cloud API usage * refactor: update code according to CR * refactor(console): update admin console using new pricing model (logto-io#6295) * refactor(console): update cloud API calls * refactor: update code according to CR * refactor: correct component usage * refactor(console): safely lazy load pages (logto-io#6332) * refactor(console): safely lazy load pages * chore(console): use react-safe-lazy * feat(core): implement the missing mfa bind and guard flow (logto-io#6320) * feat(core): implement the mfa binding flow implment the mfa binding flow * fix(test): fix integration tests fix integration tests * fix(core): fix the wrong status code fix the wrong status code * refactor(core): refactor bind backup codes refactor bind backup codes * refactor(core): extract isNewMfaVerification property (logto-io#6338) extract isNewMfaVerifrication property * refactor(core): refactor backup code generates flow (logto-io#6339) refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(console): dragging anchor in the color picker on application branding page (logto-io#6340) * test(core): add the mfa binding integration tests (logto-io#6330) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * test(core): implement the mfa binding integration tests implement the mfa binding integration tests * test(core): rebase backup code refactor rebase backup code refactor * style(console): fix custom jwt guide card style (logto-io#6343) * refactor(console): block page navigation when uploading custom ui assets (logto-io#6342) * chore(console): update bring your ui documentation link (logto-io#6317) chore(console): add bring your ui documentation link * fix(elements): fix user context tag name (logto-io#6346) * chore: launch multiple app secrets * chore: launch multiple app secrets * refactor(core): use tsup for building * refactor: use tsup for building * refactor(console): improve ux * chore: fix failed tests * refactor(connector): use tsup for building * ci: add check job * feat(console): remove beta tag for protected app (logto-io#6341) * feat(console): add passport.js guide (logto-io#6344) * chore: update plausible urls (logto-io#6349) * refactor(console, experience): solve sass deprecations (logto-io#6356) * fix(console): fix the plan title for subscription plan selector (logto-io#6348) * refactor(core): refactor openapi docs for protected app (logto-io#6331) * refactor: update per review * feat: allow app secret edit (logto-io#6352) * fix(console): add dev guard on new pricing model subscription hooks (logto-io#6363) * feat(core): migrate register flow affiliate report logic (logto-io#6334) Migrate the new user affiliate flow from interaction API. - `postAffiliateLogs` is forked from `routes/interaction/actions/helpers.ts` * refactor(core): extract verified interaction guard middleware (logto-io#6336) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * refactor(core): extract verified interaction guard middleware extract verified interaction guard middleware * refactor(console): fix text overflow issue (logto-io#6366) * refactor(core): make the interaction event mandatory (logto-io#6337) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * refactor(core): make the interaction event mandatory make the interaction event mandatory * test: update integration tests update integration tests * fix(core): fix the middleware apply bug fix the koaExperienceInteraction middleware apply bug * feat(core): add webhooks middleware to experience api (logto-io#6357) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core): add hooks middleware to experience APIs add interaction hooks to experience APIs * refactor(core): refactor experience API context type refactor experience API context type * feat(connector): added postmark connector * chore: remove unused deps (logto-io#6372) * chore: remove unused deps * chore: fix version * refactor(core): improve swagger auth description (logto-io#6367) * feat(core,schemas): add auditLogs to experience API (logto-io#6361) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core,schemas): add auditLogs to experience API add auditLogs to experience API * refactor(core): allow cloudflare insights origin in csp (logto-io#6375) refactor(core): allow cloudflare csp * feat(core,schemas): add mandatory password guard on register (logto-io#6368) * refactor(core): refactor backup code generate flow refactor backup code generate flow * fix(core): fix api payload fix api payload * fix(core): fix rebase issue fix rebase issue * feat(core,schemas): add mandatory password guard on register add mandatory password guard on register * feat: add advanced search params to all supported endpoints (logto-io#6358) * feat: add search params to list users endpoint * feat: implement advanced search for all supported endpoints * chore(deps): update dependency nock to v14.0.0-beta.9 (logto-io#6243) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(cli): add cli command to setup custom ui local debugging proxy (logto-io#6365) * feat(cli): add proxy * refactor(cli): polish code per comments * refactor(cli): polish code * refactor(cli): support serving static files * chore: add changeset * refactor: polish code * refactor(cli): polish code * refactor(cli): make json parse safer * feat(core,console,phrases): add custom data editor to application details page (logto-io#6370) * feat(core,console,phrases): add custom data editor to application details page add custom data editor to application details page * chore: add changeset add changeset * fix(core): fix input params bug fix input params bug * fix(test): fix the integration tests fix the integration tests * fix(console): use the form controller element use the form controller element * fix(core,console): remove deepPartial statement remove deepPartial statement from the patch application API payload guard * fix(test): fix backchannel integration test fix backchannel integration test * fix(core): allow non-json body type when parsing (logto-io#6379) * refactor(core): make password optional in NewPasswordIdentity (logto-io#6377) refactor(core): make password optional in NewPasswordIdentity verification make password optioanl in NewPasswordIdentity verification * refactor(console): get and check `skuId` from checkout session (logto-io#6369) * refactor(console): get and check skuId from checkout session * chore: update @logto/cloud dependency * refactor: add tests for content-type in oidc apis (logto-io#6380) * refactor(console): delay module loading suspense component display by 500ms (logto-io#6345) * chore(console): remove redunant login hint usage for invitation (logto-io#6385) * fix(core): error data bug fixing (logto-io#6382) fix(core): error code bug fixing error code bug fixing * refactor(console): update billing info showed in subscription details page (logto-io#6384) * fix(console): add in-line error message (logto-io#6386) * fix(console): add in-line error message add in-line error message * refactor(console): remove old validation logic remove old validation logic * fix(console): create tenant button should stretch to full width (logto-io#6381) * fix(console): manual update subscription data when add/delete resources (logto-io#6360) * fix(console): add post response hook to update subscription info for useApi hook * refactor: wrap sync subscription data method * chore(phrases): update content (logto-io#6392) chore: update content * fix(console): fix the subscription plan display in tenant dropdown (logto-io#6393) * refactor(core): should not guard sso authentication flow (logto-io#6394) should not guard mfa and profile fulfillment for the sso authentication flow * fix(core): should not throw when not adding any new roles to a user (logto-io#6387) * fix(console): should not call cloud API when tenant ID is not valid (logto-io#6399) * refactor(console): improve guide logo and contact us logo display (logto-io#6391) * feat(core,schemas): add support for argon2d and argon2id (logto-io#6404) * feat(console): support next auth v5 (logto-io#6397) * feat: add add-on feature notice/tag * chore: define add on unit price temporarily * refactor: produce br outputs (logto-io#6376) * refactor: produce br outputs * refactor: fix favicon url * refactor: add `report:subscription:updates` Cloud scope (logto-io#6403) * Revert "refactor: add `report:subscription:updates` Cloud scope" (logto-io#6412) Revert "refactor: add `report:subscription:updates` Cloud scope (logto-io#6403)" This reverts commit e1922e9. * fix(console): fix unexpected 401 error toast (logto-io#6416) * feat(core): add Sentinel guard (logto-io#6374) feat(core): add sentinel protection add sentinel protection * feat(core): support google one tap (logto-io#6395) * feat(core): support google one tap support google one tap verification * fix(core): fix google one tap verification error fix google one tap verification error * fix(test): optimize social verification test optimize social verificaiton tests * fix(test): update social verification ut update social verification util unit test * refactor(core,schemas): refactor the register flow (logto-io#6401) * refactor(core,schemas): refactor the registration flow refactor the registraction flow * fix(core): remove unused method remove unused method * fix(test): remove legacy test remove legacy test * fix(core): fix webauthn verificaiton api fix webauthn verification api * feat(console): add new usage display for pro subscription plan (logto-io#6413) * release: version packages (logto-io#6197) * feat: report subscription usage updates (logto-io#6419) * feat: report subscription usage updates * refactor: refactor code according to CR * feat: support `login_hint` params for sign-in url (logto-io#6400) * refactor(console): avoid getSubscription call before authentication (logto-io#6426) avoid getSubscription call before authentication * feat(connector): add kook connector (logto-io#6227) * feat(connector): add kook connector * docs: remove some lines to align with other connectors * chore(connector): migrate kook-connector to tsup logto-io#6355 * fix(connector): type error in kook-connector * chore: fix pnpm-lock * chore: add changeset --------- Co-authored-by: wangsijie <wangsijie@silverhand.io> * fix(console): catch timeout error when submitting form (logto-io#6431) * refactor(core): merge subscription usage API request (logto-io#6427) * refactor(core): merge subscription usage API request merge subscription usage API request * fix(core): fix type issue fix type issue * fix(experience): prevent errors from applying unsupported cached identifier types (logto-io#6425) * fix(experience): prevent errors from applying unsupported cached identifier types * test(experience): add integration tests for cached input value * refactor(experience): rename `getIdentifierInputValue` to `getIdentifierInputValueByTypes` * refactor(experience): add `identifierInputValue` back * refactor(experience): update implementation * feat(schemas): init personal access tokens table (logto-io#6383) * chore: fix alteration timestamp (logto-io#6433) * refactor: stop using GET /:tenantId/usage API and GET /tenants usage field (logto-io#6434) * feat(core): create PAT (logto-io#6388) * feat(core): list PATs (logto-io#6389) * feat(core): modify and delete PATs (logto-io#6390) * fix: update tenant selector dropdown data source (logto-io#6438) * feat(experience): add identifier sign-in page (logto-io#6435) * feat(experience): add identifier register page (logto-io#6437) * fix(console): should not block custom JWT creation for OSS user (logto-io#6441) * refactor(cli): rename proxy cli to tunnel (logto-io#6442) * feat(core): add experience APIs openapi docs (logto-io#6436) * feat(core): add experience APIs openapi docs add experience APIs openapi docs * fix(core): adjust the format adjust the format * chore: update experience API description update experience API description * fix(core): fix integration tests fix integration tests * chore(core): add devFeature tag in openapi doc add devFeature tag in openapi doc * fix(core): fix the integration test remove the redundent path paramter def * refactor(console): separate subscription based usage (logto-io#6448) * refactor(console): separate subscription based usage * refactor: add periodic usage fallback to avoid breaking changes * fix: fix mock tenant data * fix(console): should be able to edit password and email in profile (logto-io#6447) * fix: fix console issues for add-on (logto-io#6443) * fix: fix console issues for add-on * refactor: refactor code * refactor: update * fix: fix method use case * fix(console): fix add-on console issues * fix(console): fix add-on console issues * chore: fix org footer copy * chore: open Stripe payment management page in new tab * chore: fix MFA banner copy * chore: fix add on notice footer * refactor(core): redesign get sso connectors endpoint (logto-io#6454) * refactor(core): redesign get sso connectors endpoint redesign get sso conenctors endpoint * chore(core): fix import format fix import format * fix(console): fix enterprise SSO creation model button status * fix(console): fix code * fix(core): fix google one tap validation error (logto-io#6455) fix google one tap validation error * refactor(console): refactor tag component (logto-io#6453) * feat(experience): add identifier sso-only landing page (logto-io#6440) * feat(core,experience,schemas): support identifier page related params for sign-in url (logto-io#6446) * chore(console): add display pricing change notice and update plan comparison table (logto-io#6456) * chore: add pricing change notice * chore: update plan comparison table * chore(experience): move shared form components into components file (logto-io#6457) * feat(core): implement wellknown swagger endpoints (logto-io#6445) * feat(core): implement wellknown swagger endpoints implement wellknown swagger endpoints * chore(core): rename rename * refactor(core): extract common util methods extract common util methods * fix(core): fix lint error fix lint error * refactor(core): shared code optimization shared code optimization * chore(core): remove type assertion remove type assertion * chore(console): update add on tag CSS (logto-io#6459) * fix(console): fix impersonation tag in audit log (logto-io#6463) * fix(cli): should proxy google social callback url properly to exp ui (logto-io#6458) * fix(cli): should proxy google social callback url properly to exp ui * test(cli): add unit tests for tunnel util * refactor: split translate cmd from logto cli (logto-io#6451) * refactor: split translate cmd from logto cli * chore: add changeset * refactor(cli): remove translate command from cli package * chore(core): remove devFeature guard (logto-io#6462) * chore(core): should not trigger profile update log should not trigger profile update log if the synced profile is empty * chore(core): add userId to experience audit log add userId to the experience audit log * chore(core): remove devFeature guard remove devFeature guard * feat(test): remove devFeature guard in test remove devFeature guard in test * chore(console, core): remove dev features guard for bring your ui feature (logto-io#6465) * refactor(console,core): remove add on dev feature guard (logto-io#6466) * fix(experience): update dev features flag env handling (logto-io#6467) * fix(console): bring back accidentally deleted css file (logto-io#6468) * test(experience): add integration tests for first screen feature (logto-io#6464) * feat(console): add label for new experience API logs (logto-io#6469) add label for new experience API logs * feat(core): token exchange by pat (logto-io#6450) * chore(console): fix add-on issues (logto-io#6470) * feat(console): user personal access tokens (logto-io#6444) * fix(console): add add-on display issues and refactor component PlanName (logto-io#6471) * fix(console): manually trigger usage api updates (logto-io#6473) * fix(experience): correct first screen fallbacks (logto-io#6472) * fix(experience): smart input field should have correct initial type (logto-io#6477) * fix(console): fix next auth guide typo (logto-io#6478) * fix(console,core,connector): fix display issues and `POST /connectors` API code guard (logto-io#6481) * fix(console,core,connector): fix display issues * chore: add changeset * fix: translate cli workspace dependency reference (logto-io#6474) * fix(console): manually trigger usage api updates on org member deletion (logto-io#6475) * chore(console): add beta tag to bring your ui feature (logto-io#6484) * fix(console): fix console z index issue on modals and banners (logto-io#6483) * fix(experience): add sso form mode context provider for identifier sign-in/register pages (logto-io#6482) * refactor(console): remove protected app promotion (logto-io#6479) * chore(console): remove beta tag from 3rd party app (logto-io#6485) * Revert "Revert "refactor: add `report:subscription:updates` Cloud scope"" (logto-io#6415) * Revert "Revert "refactor: add `report:subscription:updates` Cloud scope" (logto-io#6412)" This reverts commit ebc04a2. * chore: update alteration script ts * chore: rebase and update alteration timestamp * fix(core,console): disable quota guard and unblock resource creation for pro tenants (logto-io#6487) * fix: fix alteration script dependency (logto-io#6488) fix: alteration script dependency * style(experience): add missing brand-60 color token (logto-io#6490) * fix: make alteration script compatible for core DB in all regions (logto-io#6494) * feat(console): add doc link of pat (logto-io#6496) * feat(console): edit personal access token name (logto-io#6491) * fix(core): remove grant id of token exchange (logto-io#6497) * refactor(cli): show more info and add port in-use detection (logto-io#6495) * refactor(cli): show more info and add port in-use detection * refactor(cli): update per review comments * refactor(cli): add social redirect uri update reminder * fix(console): always show upsell notice for custom JWT (logto-io#6500) * fix(core): remove the requirement of secured app for PAT (logto-io#6493) * chore(core): add openapi operationId to experience APIs (logto-io#6486) * chore(core): add openapi operationId to experience APIs add openapi operationId to experience APIs * chore: update content update content * feat(core): add swagger operationId guard add swagger operationId guard * fix: update some content update some content * test: add integration tests for pat token introspection (logto-io#6501) * feat(experience): add reset password first screen (logto-io#6498) * fix(core): add grant record for token exchange (logto-io#6502) * fix(console): use safeLazy to dynamically import guide mdx (logto-io#6503) * fix(console): change PAT and app secrets phrases (logto-io#6504) * fix(console): remove legacy charge notification components (logto-io#6505) * chore: remove optimize deps config for local dev (logto-io#6506) * fix(core,schemas): check email verification status in me api (logto-io#6507) * chore: add changeset (logto-io#6492) * chore: remove dev feature guard of PAT (logto-io#6499) * fix(phrases): fix pl and ru i18n phrases (logto-io#6510) fix pl and ru i18n phrases * fix(core): should be able to update password in profile if verified via email (logto-io#6511) * refactor(tunnel): split tunnel cli and make it a standalone package (logto-io#6512) * release: @logto/tunnel:0.1.0 (logto-io#6513) * refactor(experience): improve identifier prefilling (logto-io#6508) * chore: add Arabic translation (logto-io#6422) * chore: add Arabic translation * chore: add arabic to phrases-experience * chore: use `ar-AR` as language code * chore: sync keys * chore: add changeset and update elements --------- Co-authored-by: Gao Sun <gao@silverhand.io> * fix(core): avoid unexpected 500 error (logto-io#6515) * fix(core): avoid unexpected 500 error avoid unexpected 500 error * fix(core): fix ut fix ut * refactor(experience): remove redundant `defaultType` prop for `SmartInputField` (logto-io#6517) * refactor(experience): cache input identifier for reset password first screen (logto-io#6516) * chore(experience): upgrade react-hook-form (logto-io#6520) * fix(experience): apply form default value to smart input filed (logto-io#6521) * feat(core): add `error_code_key` query string param (logto-io#6519) * feat(core): add error_key query string param feat(core): add error_key query string param add error_key query string param Please enter the commit message for your changes. Lines starting * chore(core): rename rename the query param name * fix(core): safe parse safe parse * chore: add changeset add changeset * refactor: update language code to ar-SA (logto-io#6518) * chore: remove dev feature guard for first screens (logto-io#6522) * chore: remove dev feature guard for new first screens * chore: add changeset * chore(experience): add comments for identifier sign-in and register page * refactor(core): refactor oidc error response query param (logto-io#6525) refactor oidc error reponse query param * feat: add Patreon connector (logto-io#6514) * fix(experience): avoid carring identifer from reset password page to sign-in page (logto-io#6526) * refactor(console): support entering name while creating a user (logto-io#6523) * refactor(core,toolkit): relocate customJwt local vm handler (logto-io#6524) relocate customJwt local vm handler * chore(console): should use SKU to filter tenant dropdown and add display of dev/admin plan (logto-io#6509) * chore(schemas): bump withtyped version (logto-io#6537) * chore(schemas): bump withtyped version bump withtyped version * chore: update changeset update changeset * feat: add GitLab connector (logto-io#6529) * feat(tunnel): support cli deploy custom ui assets to cloud (logto-io#6530) * refactor: flatten `UserSettings` component file structure (logto-io#6539) * fix(deps): update withtyped and cloud dependency version (logto-io#6538) * fix(deps): update withtyped and cloud dependency version update withtyped and cloud dependency version * chore: update cloud dependency * chore(core): update cloud client utils type --------- Co-authored-by: Darcy Ye <darcyye@silverhand.io> * feat(core): add denyAccess api context to customJwt script (logto-io#6532) * feat(schemas,core): add denyAccess api conext to custom jwt add denyAccess api context to the custom jwt * fix(test): fix integration test fix integration test * chore(schemas): update type name update api context type name * chore(schemas): fix typo fix typo * feat(core): add dev feature guard add dev feature guard * feat(console): add api context type declarations (logto-io#6533) * feat(console): add api context type declarations add api context type declarations * chore(console): update type name update custom jwt api context type name * feat(console): update the cutsom JWT editor update the custom JWT editor * fix(core): add `hasPassword` field to user API response (logto-io#6543) * feat(tunnel): support zip option in deploy command (logto-io#6541) * feat(tunnel): support zip option in deploy command * chore: update changeset * refactor(tunnel): improve error handling in deploy command * refactor(tunnel): improve cli error message per review comments Co-authored-by: Gao Sun <gao@silverhand.io> --------- Co-authored-by: Gao Sun <gao@silverhand.io> * release: @logto/tunnel:0.2.0 (logto-io#6547) * feat: add support for nested attribute profile mapping (logto-io#6534) * feat: add support for nested attribute profile mapping * chore: undo version change Undo version change since it’s handled by changeset Co-authored-by: Darcy Ye <darcyye@silverhand.io> * chore: remove new implementation and use essentials Updated implementation to use essentials, throwing exception when not found * fix: should use getSafe() and do not throw error when mapping profile --------- Co-authored-by: Darcy Ye <darcyye@silverhand.io> * feat(console): display user password information on user details page (logto-io#6544) * style(console): adjust sample code editor height (logto-io#6548) bug bash fix. adjust sample code editor height, and phrases * refactor(experience): experience api migration (logto-io#6407) * refactor(experience): migrate the password register and sign-in migrate the password register and sign-in flow * fix(experience): update some namings update some namings * refactor(experience): refactor the verification code flow (migration-2) (logto-io#6408) * refactor(experience): refactor the verificaiton code flow refactor the verification code flow * refactor(experience): migrate the social and sso flow (migration-3) (logto-io#6406) * refactor(experience): migrate the social and sso flow migrate the social and sso flow * refactor(experience): migrate profile fulfillment flow (migration-4) (logto-io#6414) * refactor(experience): migrate profile fulfillment flow migrate the profile fulfillment flow * refactor(experience): remove unused hook remove unused hook * fix(experience): fix password policy checker fix password policy checker error display * fix(experience): fix the api name fix the api name * refactor(experience): migrate mfa flow (migration-5) (logto-io#6417) * refactor(experience): migrate mfa binding flow migrate mfa binding flow * test(experience): update unit tests (migration-6) (logto-io#6420) * test(experience): update unit tests update unit tests * chore(experience): remove legacy APIs remove legacy APIs * refactor(experience): revert api prefix revert api prefix * fix(experience): update the sso connectors endpoint update the sso connectors endpoint * chore: add changeset add changeset * fix(experience): comments fix comments fix * refactor(experience): refactor the code verificatin api refactor the code verification api * refactor(experience): code refactor refactor some implementation logic * feat(experience, core): add experience legacy package (logto-io#6527) add experience legacy package * chore(console,phrases): update custom JWT phrases (logto-io#6551) * chore(console,phrases): update cusotm jwt phrases update custom jwt phrase in console * chore(console): update the comments update the comments * feat(console,core): remove custom token claims api context dev guard (logto-io#6553) * feat(console,core): remove custom jwt api context dev guard remove custom jwt api context dev guard * fix(console,schemas,phrases): fix custom jwt token request phrases fix custom jwt token request phrases * chore: return denyAccess return denyAccess * refactor: set `lang` attribute for html tag (logto-io#6536) * refactor: set `lang` attribute for html tag * refactor: use shared i18next instance * refactor: align html attr usage * refactor(console,core,demo-app,elements,experience): improve rtl support (logto-io#6549) * refactor(console,experience): improve rtl support * chore: add changeset * fix(core): fix custom UI not triggered bug (logto-io#6563) fix custom UI not triggered on legacy-experience bug * fix: fix object comparison util method used in DB alteration CI (logto-io#6562) * fix(experience): allow link social account on sign-in only mode (logto-io#6560) * fix(experience): allow link social account on sign-in only mode allow link social account, when registration is disabled; * chore: add changeset add changeset * chore: fix typos fix typos * feat(core): add koa oidc auth for profile API (logto-io#6559) * feat(core): password checking api (logto-io#6567) * feat(core): password checking api * refactor(core): improve API response * refactor: update display, quota guard and usage report logic for enterprise users (logto-io#6565) * refactor: update display, quota guard and usage report logic for enterprise users * chore: undo logto email connector dependency update * chore: use contact us button for pro plan when currently on enterprise plan * fix(console): fix log label typo (logto-io#6569) fix log label typo * refactor(console,experience): improve RTL support (logto-io#6568) * refactor(console,experience): improve RTL support * test: add ui test cases for console language switcher * refactor: update css * fix(core): allow no password user to set password in console profile (logto-io#6572) * refactor: use orgsLimit instead of orgsEnabled as org quota key (logto-io#6570) * refactor: use orgsLimit instead of orgsEnabled as org quota key * refactor: implement getUsageByKey method * chore: undo logto email connector dependency update * fix(experience-legacy): add html attribute dir to better support RTL (logto-io#6575) * fix(core): avoid duplicate operationId (logto-io#6574) avoid duplication operationId * fix: fix enterprise console issues (logto-io#6578) * fix: fix enterprise console issues * fix: exclude 0 quota in plan usage card * fix: fix skuName and do not show sku ID for enterprise plan * feat(schemas): add verification record table (logto-io#6566) * fix(experience-legacy): update text alignment for RTL support (logto-io#6583) * refactor: refactor SkuName component to make isEnterprisePlan as input (logto-io#6580) * test: add integration test for no password user setting password (logto-io#6579) * test: add integration test for no password user setting password * refactor(test): polish content Co-authored-by: Gao Sun <gao@silverhand.io> --------- Co-authored-by: Gao Sun <gao@silverhand.io> * test: add ui integration test for lang and dir html attributes in experience (logto-io#6581) * fix(experience-legacy): flip arrow icons on rtl (logto-io#6584) * fix(core): add sso only email guard (logto-io#6576) * fix(core): add sso only email guard add sso only email guard to registration and profile fulfilling flow * chore: update changeset update changeset * chore(core): update content update content * fix(core): update content update content * release: version packages (logto-io#6424) * removed some * updated * chore(cli): update --------- Co-authored-by: Gao Sun <gao@silverhand.io> Co-authored-by: simeng-li <simeng@silverhand.io> Co-authored-by: Charles Zhao <charleszhao@silverhand.io> Co-authored-by: Darcy Ye <darcyye@silverhand.io> Co-authored-by: Xiao Yijun <xiaoyijun@silverhand.io> Co-authored-by: wangsijie <wangsijie@silverhand.io> Co-authored-by: Sten Roger Sandvik <sten.sandvik@fieldnode.com> Co-authored-by: Mostafa Moradian <mstfmoradian@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: silverhand-bot <107667382+silverhand-bot@users.noreply.github.com> Co-authored-by: Misaka_L <lipww1234@foxmail.com> Co-authored-by: Zakher Masri <46135573+zaaakher@users.noreply.github.com> Co-authored-by: DevTekVE <devtekve@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements a mandatory password guard and fulfillment flow on the user register using a verified email or phone.
Context
In the latest experience API design, we decoupled the new user creation (insert DB) and profile fulfillment (including bind MFA) into two separate steps. A user account will be created as long as a valid unique identifier is provided:
A new user account will be created and the user will be identified when sending the
POST /experience/identifier
request.The user may, later on, provide additional profile and MFA registrations after the account is created.
At the submit interaction step, we will guard the mandatory profile and MFA fulfillment status.
In short, a missing profile won't block the creation of a new user account.
Issue
For password enabled user registration using email or phone as an identifier, the user may drop the registration process after the account has been successfully created in Logto, but password still not provided.
In such a case, if the password is the only enabled sign-in method, that user can never access the new created account.
Solution
Treat the identifier with password regisrtaction as a special case. If the password is enabled, a
NewPasswordIdentity
verification record is required for new user registration using a verified email or phone.NewPasswordIdentity
verification record to accept all types ofInteractionIdentifier
, username, email and phone.isIdentifierVerified
guard in thecreateNewUser
method. If theNewPasswordIdentity
record's identider type is email of phone, a relatedCodeVerification
record must be created and provided.guardMandatoryPasswordOnRegister
guard in thecreateNewUser
method. If theCodeVerification
record is being used to create a new user account check against the sign-in experience settings. If password is required, throws a missing password error. ANewPasswordIdentity
verification record must be created and provided for password enabled identifier registration.Testing
UT and integration test added
Checklist
.changeset