feat: update GetActiveRecoveryStrategies method

pcaillaudm · ory-bot · commit b94f4c9ba5b1 · 2026-02-19T15:03:20.000Z
GitOrigin-RevId: ae8121e4488d8fc332bea1bcea704b15c2cd7987
diff --git a/driver/registry_default_recovery.go b/driver/registry_default_recovery.go
@@ -41,16 +41,17 @@ func (m *RegistryDefault) RecoveryStrategies(ctx context.Context) (recoveryStrat
 	return
 }
 
-// GetActiveRecoveryStrategies returns the currently active recovery strategies
-// If no primary recovery strategy has been set, an error is returned
-func (m *RegistryDefault) GetActiveRecoveryStrategies(ctx context.Context) (recovery.Strategies, error) {
+// GetActiveRecoveryStrategies returns the currently active recovery strategies.
+// It returns a list of all strategies and the specific primary strategy.
+// If no primary recovery strategy has been set, an error is returned.
+func (m *RegistryDefault) GetActiveRecoveryStrategies(ctx context.Context) (active recovery.Strategies, primary recovery.Strategy, err error) {
 	as := m.Config().SelfServiceFlowRecoveryUse(ctx)
-	s, err := m.RecoveryStrategies(ctx).ActiveStrategies(as)
+	s, ps, err := m.RecoveryStrategies(ctx).ActiveStrategies(as)
 	if err != nil {
-		return nil, errors.WithStack(herodot.ErrBadRequest.
+		return nil, ps, errors.WithStack(herodot.ErrBadRequest.
 			WithReasonf("You attempted recovery using %s, which is not enabled or does not exist. An administrator needs to enable this recovery method.", as))
 	}
-	return s, nil
+	return s, ps, nil
 }
 
 func (m *RegistryDefault) AllRecoveryStrategies() (recoveryStrategies recovery.Strategies) {
diff --git a/driver/registry_default_test.go b/driver/registry_default_test.go
@@ -917,7 +917,7 @@ func TestGetActiveRecoveryStrategy(t *testing.T) {
 			config.ViperKeySelfServiceRecoveryUse: "code",
 		})
 
-		_, err := reg.GetActiveRecoveryStrategies(ctx)
+		_, _, err := reg.GetActiveRecoveryStrategies(ctx)
 		require.Error(t, err)
 	})
 
@@ -931,10 +931,10 @@ func TestGetActiveRecoveryStrategy(t *testing.T) {
 					config.ViperKeySelfServiceRecoveryUse:              sID,
 				})
 
-				s, err := reg.GetActiveRecoveryStrategies(ctx)
+				s, ps, err := reg.GetActiveRecoveryStrategies(ctx)
 				require.NoError(t, err)
 				require.Len(t, s, 1)
-				require.Equal(t, sID, s[0].RecoveryStrategyID())
+				require.Equal(t, sID, ps.RecoveryStrategyID())
 			})
 		}
 	})
diff --git a/driver/registry_default_verification.go b/driver/registry_default_verification.go
@@ -58,7 +58,7 @@ func (m *RegistryDefault) GetActiveVerificationStrategies(ctx context.Context) (
 	as := m.Config().SelfServiceFlowVerificationUse(ctx)
 	s, ps, err := m.VerificationStrategies(ctx).ActiveStrategies(as)
 	if err != nil {
-		return nil, nil, errors.WithStack(herodot.ErrBadRequest.
+		return nil, ps, errors.WithStack(herodot.ErrBadRequest.
 			WithReasonf("The active verification strategy %s is not enabled. Please enable it in the configuration.", as))
 	}
 	return s, ps, nil
diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go
@@ -88,9 +88,9 @@ func (s *ErrorHandler) WriteFlowError(
 	trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), f.ID, string(f.Type), f.Active.String(), recoveryErr))
 
 	if expiredError := new(flow.ExpiredError); errors.As(recoveryErr, &expiredError) {
-		strategies, err := s.d.RecoveryStrategies(r.Context()).ActiveStrategies(f.Active.String())
+		strategies, _, err := s.d.RecoveryStrategies(r.Context()).ActiveStrategies(f.Active.String())
 		if err != nil {
-			strategies, err = s.d.GetActiveRecoveryStrategies(r.Context())
+			strategies, _, err = s.d.GetActiveRecoveryStrategies(r.Context())
 			// Can't retry the recovery if no primary strategy has been set
 			if err != nil {
 				s.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
diff --git a/selfservice/flow/recovery/error_test.go b/selfservice/flow/recovery/error_test.go
@@ -74,7 +74,7 @@ func TestHandleError(t *testing.T) {
 
 	newFlow := func(t *testing.T, ttl time.Duration, ft flow.Type) *recovery.Flow {
 		req := &http.Request{URL: urlx.ParseOrPanic("/")}
-		s, err := reg.GetActiveRecoveryStrategies(context.Background())
+		s, _, err := reg.GetActiveRecoveryStrategies(context.Background())
 		require.NoError(t, err)
 		f, err := recovery.NewFlow(conf, ttl, nosurfx.FakeCSRFToken, req, s, ft)
 		require.NoError(t, err)
@@ -191,7 +191,7 @@ func TestHandleError(t *testing.T) {
 				c, reg := pkg.NewVeryFastRegistryWithoutDB(t)
 				require.NoError(t, c.Set(context.Background(), "selfservice.methods.code.enabled", false))
 				require.NoError(t, c.Set(context.Background(), config.ViperKeySelfServiceRecoveryUse, "code"))
-				_, err := reg.GetActiveRecoveryStrategies(context.Background())
+				_, _, err := reg.GetActiveRecoveryStrategies(context.Background())
 				recoveryFlow = newFlow(t, time.Minute, tc.t)
 				flowError = err
 				methodName = node.UiNodeGroup(recovery.RecoveryStrategyLink)
@@ -337,7 +337,7 @@ func TestHandleError_WithContinueWith(t *testing.T) {
 
 	newFlow := func(t *testing.T, ttl time.Duration, ft flow.Type) *recovery.Flow {
 		req := &http.Request{URL: urlx.ParseOrPanic("/")}
-		s, err := reg.GetActiveRecoveryStrategies(context.Background())
+		s, _, err := reg.GetActiveRecoveryStrategies(context.Background())
 		require.NoError(t, err)
 		f, err := recovery.NewFlow(conf, ttl, nosurfx.FakeCSRFToken, req, s, ft)
 		require.NoError(t, err)
@@ -462,7 +462,7 @@ func TestHandleError_WithContinueWith(t *testing.T) {
 				c, reg := pkg.NewVeryFastRegistryWithoutDB(t)
 				require.NoError(t, c.Set(context.Background(), "selfservice.methods.code.enabled", false))
 				require.NoError(t, c.Set(context.Background(), config.ViperKeySelfServiceRecoveryUse, "code"))
-				_, err := reg.GetActiveRecoveryStrategies(context.Background())
+				_, _, err := reg.GetActiveRecoveryStrategies(context.Background())
 				recoveryFlow = newFlow(t, time.Minute, tc.t)
 				flowError = err
 				methodName = node.UiNodeGroup(recovery.RecoveryStrategyLink)
diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go
@@ -122,7 +122,7 @@ func (h *Handler) createNativeRecoveryFlow(w http.ResponseWriter, r *http.Reques
 		h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled.")))
 		return
 	}
-	activeRecoveryStrategies, err := h.d.GetActiveRecoveryStrategies(r.Context())
+	activeRecoveryStrategies, _, err := h.d.GetActiveRecoveryStrategies(r.Context())
 	if err != nil {
 		h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
 		return
@@ -190,7 +190,7 @@ func (h *Handler) createBrowserRecoveryFlow(w http.ResponseWriter, r *http.Reque
 		h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled.")))
 		return
 	}
-	activeRecoveryStrategies, err := h.d.GetActiveRecoveryStrategies(r.Context())
+	activeRecoveryStrategies, _, err := h.d.GetActiveRecoveryStrategies(r.Context())
 	if err != nil {
 		h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
 		return
diff --git a/selfservice/flow/recovery/strategy.go b/selfservice/flow/recovery/strategy.go
@@ -33,27 +33,25 @@ type (
 	StrategyProvider interface {
 		AllRecoveryStrategies() Strategies
 		RecoveryStrategies(ctx context.Context) Strategies
-		GetActiveRecoveryStrategies(ctx context.Context) (Strategies, error)
+		GetActiveRecoveryStrategies(ctx context.Context) (active Strategies, primary Strategy, err error)
 	}
 )
 
-func (s Strategies) ActiveStrategies(id string) (Strategies, error) {
+func (s Strategies) ActiveStrategies(id string) (active Strategies, primary Strategy, err error) {
 	ids := make([]string, len(s))
-	activeStrategies := Strategies{}
-	foundPrimary := false
 	for k, ss := range s {
 		ids[k] = ss.RecoveryStrategyID()
 		if ss.RecoveryStrategyID() == id || !ss.IsPrimary() {
-			activeStrategies = append(activeStrategies, ss)
+			active = append(active, ss)
 			if ss.IsPrimary() {
-				foundPrimary = true
+				primary = ss
 			}
 		}
 	}
 
-	if !foundPrimary {
-		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("unable to find strategy for %s have %v", id, ids))
+	if primary == nil {
+		return nil, nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("unable to find strategy for %s have %v", id, ids))
 	}
 
-	return activeStrategies, nil
+	return active, primary, nil
 }
diff --git a/selfservice/hook/require_verified_address.go b/selfservice/hook/require_verified_address.go
@@ -106,6 +106,9 @@ func (e *AddressVerifier) ExecuteLoginPostHook(w http.ResponseWriter, r *http.Re
 
 		verificationFlow.State = flow.StateEmailSent
 		for _, strategy := range strategies {
+			if strategy.IsPrimary() {
+				verificationFlow.Active = sqlxx.NullString(strategy.NodeGroup())
+			}
 			if err := strategy.PopulateVerificationMethod(r, verificationFlow); err != nil {
 				return err
 			}
@@ -119,7 +122,6 @@ func (e *AddressVerifier) ExecuteLoginPostHook(w http.ResponseWriter, r *http.Re
 				WithMetaLabel(text.NewInfoNodeResendOTP()),
 		)
 
-		verificationFlow.Active = sqlxx.NullString(strategy.NodeGroup())
 		if err := e.r.VerificationFlowPersister().CreateVerificationFlow(ctx, verificationFlow); err != nil {
 			return err
 		}
diff --git a/selfservice/strategy/code/code_sender_test.go b/selfservice/strategy/code/code_sender_test.go
@@ -250,7 +250,7 @@ func TestSender(t *testing.T) {
 				flow:      "recovery",
 				configKey: config.ViperKeySelfServiceRecoveryNotifyUnknownRecipients,
 				send: func(t *testing.T) {
-					s, err := reg.RecoveryStrategies(ctx).ActiveStrategies("code")
+					s, _, err := reg.RecoveryStrategies(ctx).ActiveStrategies("code")
 					require.NoError(t, err)
 					f, err := recovery.NewFlow(conf, time.Hour, "", u, s, flow.TypeBrowser)
 					require.NoError(t, err)
diff --git a/selfservice/strategy/code/strategy_recovery_admin_test.go b/selfservice/strategy/code/strategy_recovery_admin_test.go
@@ -61,15 +61,15 @@ func TestAdminStrategy(t *testing.T) {
 
 	t.Run("no panic on empty body #1384", func(t *testing.T) {
 		ctx := context.Background()
-		s, err := reg.RecoveryStrategies(ctx).ActiveStrategies("code")
+		s, ps, err := reg.RecoveryStrategies(ctx).ActiveStrategies("code")
 		require.NoError(t, err)
 		require.Len(t, s, 1)
 		w := httptest.NewRecorder()
 		r := &http.Request{URL: new(url.URL)}
 		f, err := recovery.NewFlow(reg.Config(), time.Minute, "", r, s, flow.TypeBrowser)
 		require.NoError(t, err)
 		require.NotPanics(t, func() {
-			require.Error(t, s[0].(*Strategy).HandleRecoveryError(w, r, f, nil, errors.New("test")))
+			require.Error(t, ps.(*Strategy).HandleRecoveryError(w, r, f, nil, errors.New("test")))
 		})
 	})
 
diff --git a/selfservice/strategy/link/sender_test.go b/selfservice/strategy/link/sender_test.go
@@ -70,7 +70,7 @@ func TestManager(t *testing.T) {
 
 		t.Run("case="+tc.d, func(t *testing.T) {
 			t.Run("method=SendRecoveryLink", func(t *testing.T) {
-				s, err := reg.RecoveryStrategies(ctx).ActiveStrategies("link")
+				s, _, err := reg.RecoveryStrategies(ctx).ActiveStrategies("link")
 				require.NoError(t, err)
 				f, err := recovery.NewFlow(conf, time.Hour, "", u, s, flow.TypeBrowser)
 				require.NoError(t, err)
@@ -118,7 +118,7 @@ func TestManager(t *testing.T) {
 					config.ViperKeyCourierHTTPRequestConfig + ".url": srv.URL,
 				})
 
-				s, err := reg.RecoveryStrategies(ctx).ActiveStrategies("link")
+				s, _, err := reg.RecoveryStrategies(ctx).ActiveStrategies("link")
 				require.NoError(t, err)
 				f, err := recovery.NewFlow(conf, time.Hour, "", u, s, flow.TypeBrowser)
 				require.NoError(t, err)
@@ -190,7 +190,7 @@ func TestManager(t *testing.T) {
 				flow:      "recovery",
 				configKey: config.ViperKeySelfServiceRecoveryNotifyUnknownRecipients,
 				send: func(t *testing.T) {
-					s, err := reg.RecoveryStrategies(ctx).ActiveStrategies("link")
+					s, _, err := reg.RecoveryStrategies(ctx).ActiveStrategies("link")
 					require.NoError(t, err)
 					f, err := recovery.NewFlow(conf, time.Hour, "", u, s, flow.TypeBrowser)
 					require.NoError(t, err)
diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go
@@ -88,10 +88,8 @@ func TestAdminStrategy(t *testing.T) {
 	}
 
 	t.Run("no panic on empty body #1384", func(t *testing.T) {
-		s, err := reg.RecoveryStrategies(t.Context()).ActiveStrategies("link")
+		s, ps, err := reg.RecoveryStrategies(t.Context()).ActiveStrategies("link")
 		require.NoError(t, err)
-		require.NotEmpty(t, s)
-		ps := s[0]
 
 		r := &http.Request{URL: new(url.URL)}
 		f, err := recovery.NewFlow(reg.Config(), time.Minute, "", r, s, flow.TypeBrowser)

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ func (m *RegistryDefault) GetActiveVerificationStrategies(ctx context.Context) (`
`58`	`58`	`as := m.Config().SelfServiceFlowVerificationUse(ctx)`
`59`	`59`	`s, ps, err := m.VerificationStrategies(ctx).ActiveStrategies(as)`
`60`	`60`	`if err != nil {`
`61`		`- return nil, nil, errors.WithStack(herodot.ErrBadRequest.`
	`61`	`+ return nil, ps, errors.WithStack(herodot.ErrBadRequest.`
`62`	`62`	`WithReasonf("The active verification strategy %s is not enabled. Please enable it in the configuration.", as))`
`63`	`63`	`}`
`64`	`64`	`return s, ps, nil`
Original file line number	Diff line number	Diff line change
`@@ -33,27 +33,25 @@ type (`
`33`	`33`	`StrategyProvider interface {`
`34`	`34`	`AllRecoveryStrategies() Strategies`
`35`	`35`	`RecoveryStrategies(ctx context.Context) Strategies`
`36`		`- GetActiveRecoveryStrategies(ctx context.Context) (Strategies, error)`
	`36`	`+ GetActiveRecoveryStrategies(ctx context.Context) (active Strategies, primary Strategy, err error)`
`37`	`37`	`}`
`38`	`38`	`)`
`39`	`39`
`40`		`-func (s Strategies) ActiveStrategies(id string) (Strategies, error) {`
	`40`	`+func (s Strategies) ActiveStrategies(id string) (active Strategies, primary Strategy, err error) {`
`41`	`41`	`ids := make([]string, len(s))`
`42`		`- activeStrategies := Strategies{}`
`43`		`- foundPrimary := false`
`44`	`42`	`for k, ss := range s {`
`45`	`43`	`ids[k] = ss.RecoveryStrategyID()`
`46`	`44`	`if ss.RecoveryStrategyID() == id \|\| !ss.IsPrimary() {`
`47`		`- activeStrategies = append(activeStrategies, ss)`
	`45`	`+ active = append(active, ss)`
`48`	`46`	`if ss.IsPrimary() {`
`49`		`- foundPrimary = true`
	`47`	`+ primary = ss`
`50`	`48`	`}`
`51`	`49`	`}`
`52`	`50`	`}`
`53`	`51`
`54`		`- if !foundPrimary {`
`55`		`- return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("unable to find strategy for %s have %v", id, ids))`
	`52`	`+ if primary == nil {`
	`53`	`+ return nil, nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("unable to find strategy for %s have %v", id, ids))`
`56`	`54`	`}`
`57`	`55`
`58`		`- return activeStrategies, nil`
	`56`	`+ return active, primary, nil`
`59`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,9 @@ func (e AddressVerifier) ExecuteLoginPostHook(w http.ResponseWriter, r http.Re`
`106`	`106`
`107`	`107`	`verificationFlow.State = flow.StateEmailSent`
`108`	`108`	`for _, strategy := range strategies {`
	`109`	`+ if strategy.IsPrimary() {`
	`110`	`+ verificationFlow.Active = sqlxx.NullString(strategy.NodeGroup())`
	`111`	`+ }`
`109`	`112`	`if err := strategy.PopulateVerificationMethod(r, verificationFlow); err != nil {`
`110`	`113`	`return err`
`111`	`114`	`}`
`@@ -119,7 +122,6 @@ func (e AddressVerifier) ExecuteLoginPostHook(w http.ResponseWriter, r http.Re`
`119`	`122`	`WithMetaLabel(text.NewInfoNodeResendOTP()),`
`120`	`123`	`)`
`121`	`124`
`122`		`- verificationFlow.Active = sqlxx.NullString(strategy.NodeGroup())`
`123`	`125`	`if err := e.r.VerificationFlowPersister().CreateVerificationFlow(ctx, verificationFlow); err != nil {`
`124`	`126`	`return err`
`125`	`127`	`}`