From d96d84201e4fa644e9ea1e26f8ce74ab079fe5ec Mon Sep 17 00:00:00 2001
From: Khushboo Verma <43381712+vermakhushboo@users.noreply.github.com>
Date: Fri, 2 Feb 2024 14:03:20 +0530
Subject: [PATCH] Add auth group to create email token endpoint

---
 app/controllers/api/account.php     | 4 ++--
 app/controllers/shared/api.php      | 6 ++++++
 app/controllers/shared/api/auth.php | 6 ++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index b7b92cd9c6..0eb79e1fb4 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1212,9 +1212,9 @@ App::post('/v1/account/tokens/magic-url')
 
 App::post('/v1/account/tokens/email')
     ->desc('Create email token (OTP)')
-    ->groups(['api', 'account'])
+    ->groups(['api', 'account', 'auth'])
     ->label('scope', 'sessions.write')
-    ->label('auth.type', 'email')
+    ->label('auth.type', 'email-otp')
     ->label('audits.event', 'session.create')
     ->label('audits.resource', 'user/{response.userId}')
     ->label('audits.userId', '{response.userId}')
diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index a80fa90674..698de76fa3 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -379,6 +379,12 @@ App::init()
                 }
                 break;
 
+            case 'email-otp':
+                if (($auths['emailOTP'] ?? true) === false) {
+                    throw new Exception(Exception::USER_AUTH_METHOD_UNSUPPORTED, 'Email OTP authentication is disabled for this project');
+                }
+                break;
+
             default:
                 throw new Exception(Exception::USER_AUTH_METHOD_UNSUPPORTED, 'Unsupported authentication route');
                 break;
diff --git a/app/controllers/shared/api/auth.php b/app/controllers/shared/api/auth.php
index f9b0071f92..2fbcfb64d3 100644
--- a/app/controllers/shared/api/auth.php
+++ b/app/controllers/shared/api/auth.php
@@ -72,6 +72,12 @@ App::init()
                 }
                 break;
 
+            case 'email-otp':
+                if (($auths['emailOTP'] ?? true) === false) {
+                    throw new Exception(Exception::USER_AUTH_METHOD_UNSUPPORTED, 'Email OTP authentication is disabled for this project');
+                }
+                break;
+
             default:
                 throw new Exception(Exception::USER_AUTH_METHOD_UNSUPPORTED, 'Unsupported authentication route');
                 break;