zitadel
Team
zitadel/zitadel
Sign in / Sign up
Open main menu
zitadel/zitadel
GitHub
Overview
Runs
Analytics
Loading workspace stats
Loading workspace insights...
Statistics interval
7 days
30 days
Latest CI Pipeline Executions
Status
Fix filter
Filter
Fuzzy
Filter range
Sort by
Sort by
Start time
Sort ascending
Sort descending
Failed
nx-release
a2418296 @nx/docker
2 months ago
by eliobischof
e
Succeeded
login-v2-system-user
c75d16ad todos
2 months ago
by eliobischof
e
Succeeded
login-v2-system-user
c75d16ad Merge ff9c49ef4f902b6bc4235f270af7aa5369ea832f into 207095f7c1f96c75cbd9c888cd0b9b45de78cc9c
2 months ago
by eliobischof
e
Failed
nx-release
a2418296 @nx/docker
2 months ago
by eliobischof
e
Succeeded
nx-release
a2418296 Merge 779197203de9c98a4de8d81c8a46a1ffebcd80a6 into 207095f7c1f96c75cbd9c888cd0b9b45de78cc9c
2 months ago
by eliobischof
e
Succeeded
main
5beeb573 feat: Add recovery code MFA support (#9954) <!-- Please inform yourself about the contribution guidelines on submitting a PR here: https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr. Take note of how PR/commit titles should be written and replace the template texts in the sections below. Don't remove any of the sections. It is important that the commit history clearly shows what is changed and why. Important: By submitting a contribution you agree to the terms from our Licensing Policy as described here: https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions. --> One-time recovery codes are a common multi-factor authentication (MFA) backup method, letting users access their account if they lose other MFA devices. Support for recovery codes can also reduce support burden for users locked out of their accounts and provide a more secure and reliable form of verification than security questions. # Which Problems Are Solved Zitadel currently lacks support for recovery codes. # How the Problems Are Solved This PR partially addresses recovery code support in Zitadel. Importantly, it adds recovery codes as a new 2FA `Factor` and an additional `Check` type for the Session API. ``` Example recovery code flow: 1. User generates N new recovery codes using `POST /v2/users/{user_id}/recovery_codes` 2. Zitadel hashes and stores these codes and returns the un-hashed codes in the response 3. User creates new session with an additional check: `recoveryCode` 4. Code is checked against hash and, if valid, cannot be used again 5. User attempts to adds N more codes using the same endpoint 6. If `remaining_codes + N <= RecoveryCodes->MaxCount` config value, then recovery codes are added in addition to original codes 7. User can remove all recovery codes using `DEL /v2/users/:userId/recovery_codes` ``` This PR adds: - [x] Session recovery_code check support on `POST+PATCH /v2/sessions` endpoints - [x] Adds `mfa_recovery_code_checked_at` column (default null) to `projections.sessions8` table - [x] Support for `SECOND_FACTOR_TYPE_RECOVERY_CODES` as available 2FA method on login policy - [x] Support for importing recovery codes in /import code Missing, will _not_ implement in this PR: - [ ] Admin console support for displaying Recovery Code settings for user(s) - [ ] Zitadel Typescript login support for recovery codes TODO: - [x] Additional unit and integration tests - [x] Error translations # Additional Changes None # Additional Context - Closes #6898 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2 months ago
by eliobischof
e
Failed
nx-release
a56e19a7 cleanup
2 months ago
by eliobischof
e
Succeeded
nx-release
a56e19a7 Merge aadff7ebf84482c5d81626a9b21b8003267fb3ba into 5beeb5738a9be3cedb64e7820c6bad75ab624c2e
2 months ago
by eliobischof
e
Failed
nx-release
1a89861c replace Bake by nx-container
2 months ago
by eliobischof
e
Succeeded
nx-release
1a89861c Merge 9c8165e80eb28b419585aed3373249e55514297a into 5beeb5738a9be3cedb64e7820c6bad75ab624c2e
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
2ab33ec9 configure login acceptance tests
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
2ab33ec9 Merge 530399975970153c18e08584aeb09d34e8b5c0c0 into 5beeb5738a9be3cedb64e7820c6bad75ab624c2e
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
e90ed0a2 exit on failed tests
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
e90ed0a2 Merge e442da6a694afe8d8e669b83cd52b1fa4be76cee into 0f1b7c6eaa74fdcf827015946462b560be9c23e1
2 months ago
by eliobischof
e
Succeeded
feat/10444-instance-domain-apis-with-rel-tables-CP
0f30707f fix api cache inputs
2 months ago
by eliobischof
e
Succeeded
feat/10444-instance-domain-apis-with-rel-tables-CP
0f30707f Merge 9373acdcc4bc22fc83c45158a013ddd594c4a300 into 0f1b7c6eaa74fdcf827015946462b560be9c23e1
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
42d4f91c add continuous login-acceptance:test-local
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
42d4f91c Merge 4dfbd36f15992251a62810dff2a5af39b13682e7 into 9274e008fe1b632b75dd2c359b052c97160721b0
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
10e95f85 fix verify email flakiness
2 months ago
by eliobischof
e
Succeeded
fix-login-acceptance
10e95f85 Merge 6d1437d8a61c37f4d107950aa13eb393e5699751 into 6051ce591d85fdd1b753a5f7d0cd57ab318b3dcc
2 months ago
by eliobischof
e
Previous page
Previous
Next
Next page