[PM-5216] User and Organization Duo Request and Response Model refactor (#4126)

* inital changes * add provider GatewayType migrations * db provider migrations * removed duo migrations added v2 metadata to duo response * removed helper scripts * remove signature from org duo * added backward compatibility for Duo v2 * added tests for duo request + response models * refactors to TwoFactorController * updated test methods to be compartmentalized by usage * fix organization add duo * Assert.Empty() fix for validator
2025-07-04 01:22:50 -05:00 · 2024-06-05 11:42:02 -07:00
parent a0a7654077
commit 97b3f3e7ee
19 changed files with 8504 additions and 55 deletions
--- a/src/Identity/IdentityServer/BaseRequestValidator.cs
+++ b/src/Identity/IdentityServer/BaseRequestValidator.cs
@ -483,7 +483,7 @@ public abstract class BaseRequestValidator<T> where T : class
            case TwoFactorProviderType.WebAuthn:
            case TwoFactorProviderType.Email:
            case TwoFactorProviderType.YubiKey:
-                if (!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
+                if (!await _userService.TwoFactorProviderIsEnabledAsync(type, user))
                {
                    return null;
                }
@ -495,15 +495,9 @@ public abstract class BaseRequestValidator<T> where T : class
                    var duoResponse = new Dictionary<string, object>
                    {
                        ["Host"] = provider.MetaData["Host"],
-                        ["Signature"] = token
+                        ["AuthUrl"] = await _duoWebV4SDKService.GenerateAsync(provider, user),
                    };

-                    // DUO SDK v4 Update: Duo-Redirect
-                    if (FeatureService.IsEnabled(FeatureFlagKeys.DuoRedirect))
-                    {
-                        // Generate AuthUrl from DUO SDK v4 token provider
-                        duoResponse.Add("AuthUrl", await _duoWebV4SDKService.GenerateAsync(provider, user));
-                    }
                    return duoResponse;
                }
                else if (type == TwoFactorProviderType.WebAuthn)
@ -531,14 +525,9 @@ public abstract class BaseRequestValidator<T> where T : class
                    var duoResponse = new Dictionary<string, object>
                    {
                        ["Host"] = provider.MetaData["Host"],
-                        ["Signature"] = await _organizationDuoWebTokenProvider.GenerateAsync(organization, user)
+                        ["AuthUrl"] = await _duoWebV4SDKService.GenerateAsync(provider, user),
                    };
-                    // DUO SDK v4 Update: DUO-Redirect
-                    if (FeatureService.IsEnabled(FeatureFlagKeys.DuoRedirect))
-                    {
-                        // Generate AuthUrl from DUO SDK v4 token provider
-                        duoResponse.Add("AuthUrl", await _duoWebV4SDKService.GenerateAsync(provider, user));
-                    }
+
                    return duoResponse;
                }
                return null;