feat(core): delete passkey (#7416)

wangsijie · web-flow · commit 5a6ed96071b7 · 2025-06-04T10:14:59.000+08:00
diff --git a/packages/core/src/routes/account/email-and-phone.ts b/packages/core/src/routes/account/email-and-phone.ts
@@ -42,7 +42,7 @@ export default function emailAndPhoneRoutes<T extends UserRouter>(...args: Route
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.email === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Email), 'auth.unauthorized');
@@ -87,7 +87,7 @@ export default function emailAndPhoneRoutes<T extends UserRouter>(...args: Route
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.email === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Email), 'auth.unauthorized');
@@ -131,7 +131,7 @@ export default function emailAndPhoneRoutes<T extends UserRouter>(...args: Route
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.phone === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Phone), 'auth.unauthorized');
@@ -172,7 +172,7 @@ export default function emailAndPhoneRoutes<T extends UserRouter>(...args: Route
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.phone === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Phone), 'auth.unauthorized');
diff --git a/packages/core/src/routes/account/identities.ts b/packages/core/src/routes/account/identities.ts
@@ -40,7 +40,7 @@ export default function identitiesRoutes<T extends UserRouter>(
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.social === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Identities), 'auth.unauthorized');
@@ -98,7 +98,7 @@ export default function identitiesRoutes<T extends UserRouter>(
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.social === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Identities), 'auth.unauthorized');
diff --git a/packages/core/src/routes/account/index.openapi.json b/packages/core/src/routes/account/index.openapi.json
@@ -322,6 +322,30 @@
           }
         }
       }
+    },
+    "/api/my-account/mfa-verifications/{verificationId}": {
+      "delete": {
+        "tags": ["Dev feature"],
+        "parameters": [
+          {
+            "name": "verificationId",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "string"
+            },
+            "description": "The ID of the MFA verification to delete."
+          }
+        ],
+        "operationId": "DeleteMfaVerification",
+        "summary": "Delete an MFA verification",
+        "description": "Delete an MFA verification, a logto-verification-id in header is required for checking sensitive permissions.",
+        "responses": {
+          "204": {
+            "description": "The MFA verification was deleted successfully."
+          }
+        }
+      }
     }
   }
 }
diff --git a/packages/core/src/routes/account/index.ts b/packages/core/src/routes/account/index.ts
@@ -69,15 +69,15 @@ export default function accountRoutes<T extends UserRouter>(...args: RouterInitA
 
       assertThat(
         name === undefined || fields.name === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
       assertThat(
         avatar === undefined || fields.avatar === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
       assertThat(
         username === undefined || fields.username === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
       assertThat(scopes.has(UserScope.Profile), 'auth.unauthorized');
 
@@ -122,7 +122,7 @@ export default function accountRoutes<T extends UserRouter>(...args: RouterInitA
 
       assertThat(
         fields.profile === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
       assertThat(scopes.has(UserScope.Profile), 'auth.unauthorized');
 
@@ -159,7 +159,7 @@ export default function accountRoutes<T extends UserRouter>(...args: RouterInitA
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.password === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       const user = await findUserById(userId);
diff --git a/packages/core/src/routes/account/mfa-verifications.ts b/packages/core/src/routes/account/mfa-verifications.ts
@@ -40,7 +40,7 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.mfa === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Identities), 'auth.unauthorized');
@@ -107,7 +107,7 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.mfa === AccountCenterControlValue.Edit,
-        'account_center.filed_not_editable'
+        'account_center.field_not_editable'
       );
 
       assertThat(scopes.has(UserScope.Identities), 'auth.unauthorized');
@@ -135,4 +135,45 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
       return next();
     }
   );
+
+  router.delete(
+    `${accountApiPrefix}/mfa-verifications/:verificationId`,
+    koaGuard({
+      params: z.object({
+        verificationId: z.string(),
+      }),
+      status: [204, 400, 401],
+    }),
+    async (ctx, next) => {
+      const { id: userId, scopes, identityVerified } = ctx.auth;
+      assertThat(
+        identityVerified,
+        new RequestError({ code: 'verification_record.permission_denied', status: 401 })
+      );
+      const { fields } = ctx.accountCenter;
+      assertThat(
+        fields.mfa === AccountCenterControlValue.Edit,
+        'account_center.field_not_editable'
+      );
+      assertThat(scopes.has(UserScope.Identities), 'auth.unauthorized');
+
+      const user = await findUserById(userId);
+      const mfaVerification = user.mfaVerifications.find(
+        (mfaVerification) => mfaVerification.id === ctx.guard.params.verificationId
+      );
+      assertThat(mfaVerification, 'verification_record.not_found');
+
+      const updatedUser = await updateUserById(userId, {
+        mfaVerifications: user.mfaVerifications.filter(
+          (mfaVerification) => mfaVerification.id !== ctx.guard.params.verificationId
+        ),
+      });
+
+      ctx.appendDataHookContext('User.Data.Updated', { user: updatedUser });
+
+      ctx.status = 204;
+
+      return next();
+    }
+  );
 }
diff --git a/packages/integration-tests/src/tests/api/account/account-center-reject.test.ts b/packages/integration-tests/src/tests/api/account/account-center-reject.test.ts
@@ -24,7 +24,7 @@ import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.
 import { generateEmail, generatePhone } from '#src/utils.js';
 
 const expectedError = {
-  code: 'account_center.filed_not_editable',
+  code: 'account_center.field_not_editable',
   status: 400,
 };
 
@@ -63,26 +63,26 @@ describe('account center fields disabled', () => {
     const api = await signInAndGetUserApi(username, password);
 
     await expectRejects(updateUser(api, { name: 'name' }), {
-      code: 'account_center.filed_not_editable',
+      code: 'account_center.field_not_editable',
       status: 400,
     });
     await expectRejects(updateUser(api, { avatar: 'https://example.com/avatar.png' }), {
-      code: 'account_center.filed_not_editable',
+      code: 'account_center.field_not_editable',
       status: 400,
     });
     await expectRejects(updateUser(api, { username: 'username' }), {
-      code: 'account_center.filed_not_editable',
+      code: 'account_center.field_not_editable',
       status: 400,
     });
 
     await expectRejects(updateOtherProfile(api, { profile: 'profile' }), {
-      code: 'account_center.filed_not_editable',
+      code: 'account_center.field_not_editable',
       status: 400,
     });
 
     const verificationRecordId = await createVerificationRecordByPassword(api, password);
     await expectRejects(updatePassword(api, verificationRecordId, 'new-password'), {
-      code: 'account_center.filed_not_editable',
+      code: 'account_center.field_not_editable',
       status: 400,
     });
 
diff --git a/packages/phrases/src/locales/ar/errors/account-center.ts b/packages/phrases/src/locales/ar/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'مركز الحسابات غير ممكّن.',
-  filed_not_editable: 'الحقل غير قابل للتعديل.',
+  field_not_editable: 'الحقل غير قابل للتعديل.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/de/errors/account-center.ts b/packages/phrases/src/locales/de/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'Account Center ist nicht aktiviert.',
-  filed_not_editable: 'Feld ist nicht bearbeitbar.',
+  field_not_editable: 'Feld ist nicht bearbeitbar.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/en/errors/account-center.ts b/packages/phrases/src/locales/en/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'Account center is not enabled.',
-  filed_not_editable: 'Field is not editable.',
+  field_not_editable: 'Field is not editable.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/es/errors/account-center.ts b/packages/phrases/src/locales/es/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'El centro de cuentas no está habilitado.',
-  filed_not_editable: 'El campo no es editable.',
+  field_not_editable: 'El campo no es editable.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/fr/errors/account-center.ts b/packages/phrases/src/locales/fr/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: "Le centre de compte n'est pas activé.",
-  filed_not_editable: "Le champ n'est pas modifiable.",
+  field_not_editable: "Le champ n'est pas modifiable.",
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/it/errors/account-center.ts b/packages/phrases/src/locales/it/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'Centro account non è abilitato.',
-  filed_not_editable: 'Il campo non è modificabile.',
+  field_not_editable: 'Il campo non è modificabile.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/ja/errors/account-center.ts b/packages/phrases/src/locales/ja/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'アカウントセンターが有効になっていません。',
-  filed_not_editable: 'フィールドは編集できません。',
+  field_not_editable: 'フィールドは編集できません。',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/ko/errors/account-center.ts b/packages/phrases/src/locales/ko/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: '계정 센터가 활성화되어 있지 않습니다.',
-  filed_not_editable: '필드를 편집할 수 없습니다.',
+  field_not_editable: '필드를 편집할 수 없습니다.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/pl-pl/errors/account-center.ts b/packages/phrases/src/locales/pl-pl/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'Centrum konta nie jest aktywowane.',
-  filed_not_editable: 'Pole nie jest edytowalne.',
+  field_not_editable: 'Pole nie jest edytowalne.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/pt-br/errors/account-center.ts b/packages/phrases/src/locales/pt-br/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'O centro de contas não está ativado.',
-  filed_not_editable: 'O campo não é editável.',
+  field_not_editable: 'O campo não é editável.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/pt-pt/errors/account-center.ts b/packages/phrases/src/locales/pt-pt/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'O centro de contas não está ativado.',
-  filed_not_editable: 'O campo não é editável.',
+  field_not_editable: 'O campo não é editável.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/ru/errors/account-center.ts b/packages/phrases/src/locales/ru/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'Центр аккаунта не включен.',
-  filed_not_editable: 'Поле не редактируется.',
+  field_not_editable: 'Поле не редактируется.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/tr-tr/errors/account-center.ts b/packages/phrases/src/locales/tr-tr/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: 'Hesap merkezi etkin değil.',
-  filed_not_editable: 'Alan düzenlenemez.',
+  field_not_editable: 'Alan düzenlenemez.',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/zh-cn/errors/account-center.ts b/packages/phrases/src/locales/zh-cn/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: '账户中心未启用。',
-  filed_not_editable: '字段不可编辑。',
+  field_not_editable: '字段不可编辑。',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/zh-hk/errors/account-center.ts b/packages/phrases/src/locales/zh-hk/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: '帳戶中心未啟用。',
-  filed_not_editable: '此欄位不可編輯。',
+  field_not_editable: '此欄位不可編輯。',
 };
 
 export default Object.freeze(account_center);
diff --git a/packages/phrases/src/locales/zh-tw/errors/account-center.ts b/packages/phrases/src/locales/zh-tw/errors/account-center.ts
@@ -1,6 +1,6 @@
 const account_center = {
   not_enabled: '帳戶中心尚未啟用。',
-  filed_not_editable: '欄位不可編輯。',
+  field_not_editable: '欄位不可編輯。',
 };
 
 export default Object.freeze(account_center);

Original file line number	Diff line number	Diff line change
`@@ -322,6 +322,30 @@`
`322`	`322`	`}`
`323`	`323`	`}`
`324`	`324`	`}`
	`325`	`+ },`
	`326`	`+ "/api/my-account/mfa-verifications/{verificationId}": {`
	`327`	`+ "delete": {`
	`328`	`+ "tags": ["Dev feature"],`
	`329`	`+ "parameters": [`
	`330`	`+ {`
	`331`	`+ "name": "verificationId",`
	`332`	`+ "in": "path",`
	`333`	`+ "required": true,`
	`334`	`+ "schema": {`
	`335`	`+ "type": "string"`
	`336`	`+ },`
	`337`	`+ "description": "The ID of the MFA verification to delete."`
	`338`	`+ }`
	`339`	`+ ],`
	`340`	`+ "operationId": "DeleteMfaVerification",`
	`341`	`+ "summary": "Delete an MFA verification",`
	`342`	`+ "description": "Delete an MFA verification, a logto-verification-id in header is required for checking sensitive permissions.",`
	`343`	`+ "responses": {`
	`344`	`+ "204": {`
	`345`	`+ "description": "The MFA verification was deleted successfully."`
	`346`	`+ }`
	`347`	`+ }`
	`348`	`+ }`
`325`	`349`	`}`
`326`	`350`	`}`
`327`	`351`	`}`