diff --git a/internal/api/mfa.go b/internal/api/mfa.go index 6a69bd690..04024829a 100644 --- a/internal/api/mfa.go +++ b/internal/api/mfa.go @@ -187,9 +187,8 @@ func (a *API) enrollTOTPFactor(w http.ResponseWriter, r *http.Request, params *E } if err := db.Load(user, "Factors"); err != nil { - return fmt.Errorf("failed to reload user factors: %w", err) + return err } - if err := validateFactors(user, params.FriendlyName, config, session); err != nil { return err } @@ -222,8 +221,8 @@ func (a *API) enrollTOTPFactor(w http.ResponseWriter, r *http.Request, params *E err = db.Transaction(func(tx *storage.Connection) error { if terr := tx.Create(factor); terr != nil { return terr - } + if terr := models.NewAuditLogEntry(r, tx, user, models.EnrollFactorAction, r.RemoteAddr, map[string]interface{}{ "factor_id": factor.ID, }); terr != nil { diff --git a/internal/api/mfa_test.go b/internal/api/mfa_test.go index 711b4c78c..2c46420b0 100644 --- a/internal/api/mfa_test.go +++ b/internal/api/mfa_test.go @@ -377,7 +377,7 @@ func (ts *MFATestSuite) TestMultipleEnrollsCleanupExpiredFactors() { _ = performChallengeFlow(ts, enrollResp.ID, token) // Enroll another Factor (Factor 3) - _ = performEnrollFlow(ts, token, "", models.TOTP, "https://issuer.com", "", http.StatusOK) + _ = performEnrollFlow(ts, token, "non-empty-names", models.TOTP, "https://issuer.com", "", http.StatusOK) require.NoError(ts.T(), ts.API.db.Eager("Factors").Find(ts.TestUser, ts.TestUser.ID)) require.Equal(ts.T(), 3, len(ts.TestUser.Factors)) } diff --git a/internal/models/factor.go b/internal/models/factor.go index 8c37d5d8f..eae5617cb 100644 --- a/internal/models/factor.go +++ b/internal/models/factor.go @@ -118,6 +118,7 @@ func ParseAuthenticationMethod(authMethod string) (AuthenticationMethod, error) type Factor struct { ID uuid.UUID `json:"id" db:"id"` + User User `json:"-" belongs_to:"user"` UserID uuid.UUID `json:"-" db:"user_id"` CreatedAt time.Time `json:"created_at" db:"created_at"` UpdatedAt time.Time `json:"updated_at" db:"updated_at"`