From 2f8380e97dad0bda81168900bb45c281fe3967d0 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Wed, 29 May 2024 13:59:12 -0700
Subject: [PATCH 1/4] fix(docs): remove extraneous word in Verify authenticator
 description

---
 docs/references/account/update-mfa-authenticator.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/references/account/update-mfa-authenticator.md b/docs/references/account/update-mfa-authenticator.md
index 253826a891..23a3251441 100644
--- a/docs/references/account/update-mfa-authenticator.md
+++ b/docs/references/account/update-mfa-authenticator.md
@@ -1 +1 @@
-Verify an authenticator app after adding it using the [add authenticator](/docs/references/cloud/client-web/account#createMfaAuthenticator) method. add 
\ No newline at end of file
+Verify an authenticator app after adding it using the [add authenticator](/docs/references/cloud/client-web/account#createMfaAuthenticator) method.
\ No newline at end of file

From 4b5e86cc05b355c685b3291062c05bfb027965e0 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Wed, 29 May 2024 13:59:59 -0700
Subject: [PATCH 2/4] chore(sdks): bump major version since there are breaking
 changes

---
 app/config/platforms.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/config/platforms.php b/app/config/platforms.php
index d06c25a796..f0ce427c79 100644
--- a/app/config/platforms.php
+++ b/app/config/platforms.php
@@ -15,7 +15,7 @@ return [
             [
                 'key' => 'web',
                 'name' => 'Web',
-                'version' => '14.0.2',
+                'version' => '15.0.0',
                 'url' => 'https://github.com/appwrite/sdk-for-web',
                 'package' => 'https://www.npmjs.com/package/appwrite',
                 'enabled' => true,
@@ -138,7 +138,7 @@ return [
             [
                 'key' => 'react-native',
                 'name' => 'React Native',
-                'version' => '0.3.2',
+                'version' => '0.4.0',
                 'url' => 'https://github.com/appwrite/sdk-for-react-native',
                 'package' => 'https://npmjs.com/package/react-native-appwrite',
                 'enabled' => true,
@@ -267,7 +267,7 @@ return [
             [
                 'key' => 'deno',
                 'name' => 'Deno',
-                'version' => '10.0.2',
+                'version' => '11.0.0',
                 'url' => 'https://github.com/appwrite/sdk-for-deno',
                 'package' => 'https://deno.land/x/appwrite',
                 'enabled' => true,

From c7157b369277686af43a3bdc451ce4f68a1f3be6 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <1477010+stnguyen90@users.noreply.github.com>
Date: Thu, 6 Jun 2024 00:23:00 +0000
Subject: [PATCH 3/4] chore: bump base image from 0.9.0 to 0.9.1

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 1d2ac91ae0..1d82930c1d 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -29,7 +29,7 @@ ENV VITE_APPWRITE_GROWTH_ENDPOINT=$VITE_APPWRITE_GROWTH_ENDPOINT
 RUN npm ci
 RUN npm run build
 
-FROM appwrite/base:0.9.0 as final
+FROM appwrite/base:0.9.1 as final
 
 LABEL maintainer="team@appwrite.io"
 

From a09a09a7a96310fcab34742d0176e635f1ff81b2 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Fri, 7 Jun 2024 16:45:14 -0700
Subject: [PATCH 4/4] fix(auth): fix MFA verification for OAuth2 sessions

Before this, users who only signed in with OAuth2 were not able to
verify their sessions with MFA because their session already used an
email factor and they couldn't use an additional email factor.

This commit changes the OAuth2 session to include 2 factors: email and
oauth2. This second special factor is used to bypass MFA checks. It is
fine to bypass MFA checks because OAuth2 is supposed to handle the
entire authentication process, verifying who the user is and we, as the
resource provider, only need to trust the OAuth2 provider.
---
 app/controllers/api/account.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index e1ddeb6b68..9461af661b 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -86,8 +86,8 @@ $createSession = function (string $userId, string $secret, Request $request, Res
     $factor = (match ($verifiedToken->getAttribute('type')) {
         Auth::TOKEN_TYPE_MAGIC_URL,
         Auth::TOKEN_TYPE_OAUTH2,
-        Auth::TOKEN_TYPE_EMAIL => 'email',
-        Auth::TOKEN_TYPE_PHONE => 'phone',
+        Auth::TOKEN_TYPE_EMAIL => Type::EMAIL,
+        Auth::TOKEN_TYPE_PHONE => Type::PHONE,
         Auth::TOKEN_TYPE_GENERIC => 'token',
         default => throw new Exception(Exception::USER_INVALID_TOKEN)
     });
@@ -1506,7 +1506,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
                 'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
                 'userAgent' => $request->getUserAgent('UNKNOWN'),
                 'ip' => $request->getIP(),
-                'factors' => ['email'],
+                'factors' => [TYPE::EMAIL, 'oauth2'], // include a special oauth2 factor to bypass MFA checks
                 'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
                 'expire' => DateTime::addSeconds(new \DateTime(), $duration)
             ], $detector->getOS(), $detector->getClient(), $detector->getDevice()));