auth.tsx 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
  1. import type u2f from 'u2f-api';
  2. import type {Field} from 'sentry/components/forms/types';
  3. import type {ControlSiloOrganization} from './controlSiloOrganization';
  4. export type AuthenticatorDevice = {
  5. authId: string;
  6. key_handle: string;
  7. name: string;
  8. timestamp?: string;
  9. };
  10. interface BaseAuthenticator extends Partial<Omit<EnrolledAuthenticator, 'createdAt'>> {
  11. /**
  12. * Allows multiple enrollments to authenticator
  13. */
  14. allowMultiEnrollment: boolean;
  15. /**
  16. * Allows authenticator's secret to be rotated without disabling
  17. */
  18. allowRotationInPlace: boolean;
  19. canValidateOtp: boolean;
  20. codes: string[];
  21. /**
  22. * String to display on button for additional information about authenticator
  23. */
  24. configureButton: string;
  25. createdAt: string | null;
  26. /**
  27. * Description of the authenticator
  28. */
  29. description: string;
  30. devices: AuthenticatorDevice[];
  31. /**
  32. * New enrollments of this 2FA interface are not allowed
  33. */
  34. disallowNewEnrollment: boolean;
  35. /**
  36. * String used to display on button for user as CTA to enroll
  37. */
  38. enrollButton: string;
  39. /**
  40. * Is this used as a backup interface?
  41. */
  42. isBackupInterface: boolean;
  43. /**
  44. * Is user enrolled to this authenticator
  45. */
  46. isEnrolled: boolean;
  47. lastUsedAt: string | null;
  48. /**
  49. * Display name for the authenticator
  50. */
  51. name: string;
  52. /**
  53. * String to display on button for user to remove authenticator
  54. */
  55. removeButton: string | null;
  56. rotationWarning: string | null;
  57. status: string;
  58. /**
  59. * The form configuration for the authenticator is present during enrollment
  60. */
  61. form?: Field[];
  62. phone?: string;
  63. secret?: string;
  64. }
  65. export interface TotpAuthenticator extends BaseAuthenticator {
  66. id: 'totp';
  67. qrcode: string;
  68. }
  69. export interface SmsAuthenticator extends BaseAuthenticator {
  70. id: 'sms';
  71. }
  72. export interface U2fAuthenticator extends BaseAuthenticator {
  73. challenge: ChallengeData;
  74. id: 'u2f';
  75. }
  76. export interface RecoveryAuthenticator extends BaseAuthenticator {
  77. id: 'recovery';
  78. }
  79. export type Authenticator =
  80. | TotpAuthenticator
  81. | SmsAuthenticator
  82. | U2fAuthenticator
  83. | RecoveryAuthenticator;
  84. export type ChallengeData = {
  85. // will have only authenticateRequest or registerRequest
  86. authenticateRequests: u2f.SignRequest;
  87. registerRequests: u2f.RegisterRequest;
  88. registeredKeys: u2f.RegisteredKey[];
  89. webAuthnAuthenticationData: string;
  90. // for WebAuthn register
  91. webAuthnRegisterData: string;
  92. };
  93. export type EnrolledAuthenticator = {
  94. authId: string;
  95. createdAt: string;
  96. lastUsedAt: string | null;
  97. name: string;
  98. };
  99. /**
  100. * This is an authenticator that a user is enrolled in
  101. */
  102. export type UserEnrolledAuthenticator = {
  103. dateCreated: EnrolledAuthenticator['createdAt'];
  104. dateUsed: EnrolledAuthenticator['lastUsedAt'];
  105. id: EnrolledAuthenticator['authId'];
  106. name: EnrolledAuthenticator['name'];
  107. type: Authenticator['id'];
  108. };
  109. /**
  110. * XXX(ts): This actually all comes from getsentry. We should definitely
  111. * refactor this into a more proper 'hook' mechanism in the future
  112. */
  113. export type AuthConfig = {
  114. canRegister: boolean;
  115. githubLoginLink: string;
  116. googleLoginLink: string;
  117. hasNewsletter: boolean;
  118. serverHostname: string;
  119. vstsLoginLink: string;
  120. };
  121. // Users can have SSO providers of their own (social login with github)
  122. // and organizations can have SSO configuration for SAML/google domain/okta.
  123. // https://github.com/getsentry/sentry/pull/52469#discussion_r1258387880
  124. export type AuthProvider = {
  125. key: string;
  126. name: string;
  127. requiredFeature: string;
  128. };
  129. export type OrganizationAuthProvider = {
  130. default_role: string;
  131. id: string;
  132. login_url: string;
  133. pending_links_count: number;
  134. provider_name: string;
  135. require_link: boolean;
  136. scim_enabled: boolean;
  137. };
  138. export enum UserIdentityCategory {
  139. SOCIAL_IDENTITY = 'social-identity',
  140. GLOBAL_IDENTITY = 'global-identity',
  141. ORG_IDENTITY = 'org-identity',
  142. }
  143. export enum UserIdentityStatus {
  144. CAN_DISCONNECT = 'can_disconnect',
  145. NEEDED_FOR_GLOBAL_AUTH = 'needed_for_global_auth',
  146. NEEDED_FOR_ORG_AUTH = 'needed_for_org_auth',
  147. }
  148. export type UserIdentityProvider = {
  149. key: string;
  150. name: string;
  151. };
  152. /**
  153. * UserIdentityConfig is used in Account Identities
  154. */
  155. export type UserIdentityConfig = {
  156. category: UserIdentityCategory;
  157. dateAdded: string | null;
  158. dateSynced: string | null;
  159. dateVerified: string | null;
  160. id: string;
  161. isLogin: boolean;
  162. name: string;
  163. organization: ControlSiloOrganization | null;
  164. provider: UserIdentityProvider;
  165. status: UserIdentityStatus;
  166. };