SMusatov
/
sentry
зеркало из https://github.com/getsentry/sentry


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
							import type u2f from 'u2f-api';

import type {Field} from 'sentry/components/forms/types';
import type {ControlSiloOrganization} from 'sentry/types/control_silo_organization';

export type AuthenticatorDevice = {
  authId: string;
  key_handle: string;
  name: string;
  timestamp?: string;
};

interface BaseAuthenticator extends Partial<Omit<EnrolledAuthenticator, 'createdAt'>> {
  /**
   * Allows multiple enrollments to authenticator
   */
  allowMultiEnrollment: boolean;
  /**
   * Allows authenticator's secret to be rotated without disabling
   */
  allowRotationInPlace: boolean;
  canValidateOtp: boolean;
  codes: string[];
  /**
   * String to display on button for additional information about authenticator
   */
  configureButton: string;
  createdAt: string | null;

  /**
   * Description of the authenticator
   */
  description: string;
  devices: AuthenticatorDevice[];
  /**
   * New enrollments of this 2FA interface are not allowed
   */
  disallowNewEnrollment: boolean;
  /**
   * String used to display on button for user as CTA to enroll
   */
  enrollButton: string;
  /**
   * Is this used as a backup interface?
   */
  isBackupInterface: boolean;
  /**
   * Is user enrolled to this authenticator
   */
  isEnrolled: boolean;
  lastUsedAt: string | null;
  /**
   * Display name for the authenticator
   */
  name: string;
  /**
   * String to display on button for user to remove authenticator
   */
  removeButton: string | null;
  rotationWarning: string | null;
  status: string;
  /**
   * The form configuration for the authenticator is present during enrollment
   */
  form?: Field[];
  phone?: string;
  secret?: string;
}

export interface TotpAuthenticator extends BaseAuthenticator {
  id: 'totp';
  qrcode: string;
}

export interface SmsAuthenticator extends BaseAuthenticator {
  id: 'sms';
}

export interface U2fAuthenticator extends BaseAuthenticator {
  challenge: ChallengeData;
  id: 'u2f';
  // This may not be set depending on the option 'u2f.skip-session-cookie-allowlist'
  state?: StateData;
}
export interface RecoveryAuthenticator extends BaseAuthenticator {
  id: 'recovery';
}

export type Authenticator =
  | TotpAuthenticator
  | SmsAuthenticator
  | U2fAuthenticator
  | RecoveryAuthenticator;

export type ChallengeData = {
  // will have only authenticateRequest or registerRequest
  authenticateRequests: u2f.SignRequest;
  registerRequests: u2f.RegisterRequest;
  registeredKeys: u2f.RegisteredKey[];
  webAuthnAuthenticationData: string;
  // for WebAuthn register
  webAuthnRegisterData: string;
};

export type StateData = {
  challenge: string;
  user_verification: 'required' | 'preferred' | 'discouraged' | null;
};

export type EnrolledAuthenticator = {
  authId: string;
  createdAt: string;
  lastUsedAt: string | null;
  name: string;
};

/**
 * This is an authenticator that a user is enrolled in
 */
export type UserEnrolledAuthenticator = {
  dateCreated: EnrolledAuthenticator['createdAt'];
  dateUsed: EnrolledAuthenticator['lastUsedAt'];
  id: EnrolledAuthenticator['authId'];
  name: EnrolledAuthenticator['name'];
  type: Authenticator['id'];
};

/**
 * XXX(ts): This actually all comes from getsentry. We should definitely
 * refactor this into a more proper 'hook' mechanism in the future
 */
export type AuthConfig = {
  canRegister: boolean;
  githubLoginLink: string;
  googleLoginLink: string;
  hasNewsletter: boolean;
  serverHostname: string;
  vstsLoginLink: string;
};

// Users can have SSO providers of their own (social login with github)
// and organizations can have SSO configuration for SAML/google domain/okta.
// https://github.com/getsentry/sentry/pull/52469#discussion_r1258387880
export type AuthProvider = {
  key: string;
  name: string;
  requiredFeature: string;
};

export type OrganizationAuthProvider = {
  default_role: string;
  id: string;
  login_url: string;
  pending_links_count: number;
  provider_name: string;
  require_link: boolean;
  scim_enabled: boolean;
};

export enum UserIdentityCategory {
  SOCIAL_IDENTITY = 'social-identity',
  GLOBAL_IDENTITY = 'global-identity',
  ORG_IDENTITY = 'org-identity',
}

export enum UserIdentityStatus {
  CAN_DISCONNECT = 'can_disconnect',
  NEEDED_FOR_GLOBAL_AUTH = 'needed_for_global_auth',
  NEEDED_FOR_ORG_AUTH = 'needed_for_org_auth',
}

export type UserIdentityProvider = {
  key: string;
  name: string;
};

/**
 * UserIdentityConfig is used in Account Identities
 */
export type UserIdentityConfig = {
  category: UserIdentityCategory;
  dateAdded: string | null;
  dateSynced: string | null;
  dateVerified: string | null;
  id: string;
  isLogin: boolean;
  name: string;
  organization: ControlSiloOrganization | null;
  provider: UserIdentityProvider;
  status: UserIdentityStatus;
};