auth.tsx 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. import type u2f from 'u2f-api';
  2. import type {Field} from 'sentry/components/forms/types';
  3. import {ControlSiloOrganization} from 'sentry/types/control_silo_organization';
  4. export type AuthenticatorDevice = {
  5. authId: string;
  6. key_handle: string;
  7. name: string;
  8. timestamp?: string;
  9. };
  10. export type Authenticator = {
  11. /**
  12. * Allows multiple enrollments to authenticator
  13. */
  14. allowMultiEnrollment: boolean;
  15. /**
  16. * Allows authenticator's secret to be rotated without disabling
  17. */
  18. allowRotationInPlace: boolean;
  19. canValidateOtp: boolean;
  20. codes: string[];
  21. /**
  22. * String to display on button for additional information about authenticator
  23. */
  24. configureButton: string;
  25. createdAt: string | null;
  26. /**
  27. * Description of the authenticator
  28. */
  29. description: string;
  30. devices: AuthenticatorDevice[];
  31. /**
  32. * New enrollments of this 2FA interface are not allowed
  33. */
  34. disallowNewEnrollment: boolean;
  35. /**
  36. * String used to display on button for user as CTA to enroll
  37. */
  38. enrollButton: string;
  39. /**
  40. * Is this used as a backup interface?
  41. */
  42. isBackupInterface: boolean;
  43. /**
  44. * Is user enrolled to this authenticator
  45. */
  46. isEnrolled: boolean;
  47. lastUsedAt: string | null;
  48. /**
  49. * Display name for the authenticator
  50. */
  51. name: string;
  52. /**
  53. * String to display on button for user to remove authenticator
  54. */
  55. removeButton: string | null;
  56. rotationWarning: string | null;
  57. status: string;
  58. /**
  59. * The form configuration for the authenticator is present during enrollment
  60. */
  61. form?: Field[];
  62. phone?: string;
  63. secret?: string;
  64. } & Partial<EnrolledAuthenticator> &
  65. (
  66. | {
  67. id: 'sms';
  68. }
  69. | {
  70. id: 'totp';
  71. qrcode: string;
  72. }
  73. | {
  74. challenge: ChallengeData;
  75. id: 'u2f';
  76. }
  77. );
  78. export type ChallengeData = {
  79. // will have only authenticateRequest or registerRequest
  80. authenticateRequests: u2f.SignRequest;
  81. registerRequests: u2f.RegisterRequest;
  82. registeredKeys: u2f.RegisteredKey[];
  83. webAuthnAuthenticationData: string;
  84. // for WebAuthn register
  85. webAuthnRegisterData: string;
  86. };
  87. export type EnrolledAuthenticator = {
  88. authId: string;
  89. createdAt: string;
  90. lastUsedAt: string | null;
  91. name: string;
  92. };
  93. /**
  94. * This is an authenticator that a user is enrolled in
  95. */
  96. export type UserEnrolledAuthenticator = {
  97. dateCreated: EnrolledAuthenticator['createdAt'];
  98. dateUsed: EnrolledAuthenticator['lastUsedAt'];
  99. id: EnrolledAuthenticator['authId'];
  100. name: EnrolledAuthenticator['name'];
  101. type: Authenticator['id'];
  102. };
  103. /**
  104. * XXX(ts): This actually all comes from getsentry. We should definitely
  105. * refactor this into a more proper 'hook' mechanism in the future
  106. */
  107. export type AuthConfig = {
  108. canRegister: boolean;
  109. githubLoginLink: string;
  110. googleLoginLink: string;
  111. hasNewsletter: boolean;
  112. serverHostname: string;
  113. vstsLoginLink: string;
  114. };
  115. export type AuthProvider = {
  116. disables2FA: boolean;
  117. key: string;
  118. name: string;
  119. requiredFeature: string;
  120. };
  121. export enum UserIdentityCategory {
  122. SOCIAL_IDENTITY = 'social-identity',
  123. GLOBAL_IDENTITY = 'global-identity',
  124. ORG_IDENTITY = 'org-identity',
  125. }
  126. export enum UserIdentityStatus {
  127. CAN_DISCONNECT = 'can_disconnect',
  128. NEEDED_FOR_GLOBAL_AUTH = 'needed_for_global_auth',
  129. NEEDED_FOR_ORG_AUTH = 'needed_for_org_auth',
  130. }
  131. export type UserIdentityProvider = {
  132. key: string;
  133. name: string;
  134. };
  135. /**
  136. * UserIdentityConfig is used in Account Identities
  137. */
  138. export type UserIdentityConfig = {
  139. category: UserIdentityCategory;
  140. dateAdded: string | null;
  141. dateSynced: string | null;
  142. dateVerified: string | null;
  143. id: string;
  144. isLogin: boolean;
  145. name: string;
  146. organization: ControlSiloOrganization | null;
  147. provider: UserIdentityProvider;
  148. status: UserIdentityStatus;
  149. };