lowered the default mfa duration and reorganized internal record pre/post handling

2026-04-26 16:32:07 +03:00
parent 37b258810a
commit 555a4f1a1e
10 changed files with 107 additions and 69 deletions
--- a/core/external_auth_model.go
+++ b/core/external_auth_model.go
@@ -137,4 +137,42 @@ func (app *BaseApp) registerExternalAuthHooks() {
 		},
 		Priority: 99,
 	})
+
+	// delete all pre-existing external auths on verified upgrade
+	app.OnRecordUpdateExecute().Bind(&hook.Handler[*RecordEvent]{
+		Func: func(e *RecordEvent) error {
+			if !e.Record.Collection().IsAuth() {
+				return e.Next()
+			}
+
+			hasUpgradedVerified := !e.Record.Original().IsNew() && !e.Record.Original().Verified() && e.Record.Verified()
+
+			if !hasUpgradedVerified {
+				return e.Next()
+			}
+
+			originalApp := e.App
+			return e.App.RunInTransaction(func(txApp App) error {
+				e.App = txApp
+				defer func() { e.App = originalApp }()
+
+				externalAuths, err := txApp.FindAllExternalAuthsByRecord(e.Record)
+				if err != nil {
+					return err
+				}
+				if len(externalAuths) > 0 {
+					// delete all pre-existing external auths
+					if err := txApp.DeleteAllExternalAuthsByRecord(e.Record); err != nil {
+						return err
+					}
+
+					// force refresh tokens reset (if not already)
+					e.Record.RefreshTokenKey()
+				}
+
+				return e.Next()
+			})
+		},
+		Priority: 99,
+	})
 }