stage/authenticator*: expand attempt throttling to email- and sms-based 2FA (#21751)

* stages/authenticator*: enable attempt throttling for email- and sms-based second authentication factor

* stages/authenticator*: add throttling tests

* stage/authenticator_validate: add throttling documentation

* Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* stages/authenticator_validate: update docs wording

* Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

---------

Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>
Co-authored-by: Dominic R <dominic@sdko.org>

packages/client-ts/src/models/AuthenticatorValidateStage.ts

@@ -124,6 +124,30 @@ export interface AuthenticatorValidateStage {
      * @memberof AuthenticatorValidateStage
      */
     readonly webauthnAllowedDeviceTypesObj: Array<WebAuthnDeviceType>;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStage
+     */
+    emailOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStage
+     */
+    smsOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStage
+     */
+    totpOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStage
+     */
+    staticOtpThrottlingFactor?: number;
 }
 
 /**
@@ -193,6 +217,22 @@ export function AuthenticatorValidateStageFromJSONTyped(
         webauthnAllowedDeviceTypesObj: (
             json["webauthn_allowed_device_types_obj"] as Array<any>
         ).map(WebAuthnDeviceTypeFromJSON),
+        emailOtpThrottlingFactor:
+            json["email_otp_throttling_factor"] == null
+                ? undefined
+                : json["email_otp_throttling_factor"],
+        smsOtpThrottlingFactor:
+            json["sms_otp_throttling_factor"] == null
+                ? undefined
+                : json["sms_otp_throttling_factor"],
+        totpOtpThrottlingFactor:
+            json["totp_otp_throttling_factor"] == null
+                ? undefined
+                : json["totp_otp_throttling_factor"],
+        staticOtpThrottlingFactor:
+            json["static_otp_throttling_factor"] == null
+                ? undefined
+                : json["static_otp_throttling_factor"],
     };
 }
 
@@ -232,5 +272,9 @@ export function AuthenticatorValidateStageToJSONTyped(
                 ? undefined
                 : (value["webauthnHints"] as Array<any>).map(WebAuthnHintEnumToJSON),
         webauthn_allowed_device_types: value["webauthnAllowedDeviceTypes"],
+        email_otp_throttling_factor: value["emailOtpThrottlingFactor"],
+        sms_otp_throttling_factor: value["smsOtpThrottlingFactor"],
+        totp_otp_throttling_factor: value["totpOtpThrottlingFactor"],
+        static_otp_throttling_factor: value["staticOtpThrottlingFactor"],
     };
 }

packages/client-ts/src/models/AuthenticatorValidateStageRequest.ts

@@ -78,6 +78,30 @@ export interface AuthenticatorValidateStageRequest {
      * @memberof AuthenticatorValidateStageRequest
      */
     webauthnAllowedDeviceTypes?: Array<string>;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStageRequest
+     */
+    emailOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStageRequest
+     */
+    smsOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStageRequest
+     */
+    totpOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof AuthenticatorValidateStageRequest
+     */
+    staticOtpThrottlingFactor?: number;
 }
 
 /**
@@ -129,6 +153,22 @@ export function AuthenticatorValidateStageRequestFromJSONTyped(
             json["webauthn_allowed_device_types"] == null
                 ? undefined
                 : json["webauthn_allowed_device_types"],
+        emailOtpThrottlingFactor:
+            json["email_otp_throttling_factor"] == null
+                ? undefined
+                : json["email_otp_throttling_factor"],
+        smsOtpThrottlingFactor:
+            json["sms_otp_throttling_factor"] == null
+                ? undefined
+                : json["sms_otp_throttling_factor"],
+        totpOtpThrottlingFactor:
+            json["totp_otp_throttling_factor"] == null
+                ? undefined
+                : json["totp_otp_throttling_factor"],
+        staticOtpThrottlingFactor:
+            json["static_otp_throttling_factor"] == null
+                ? undefined
+                : json["static_otp_throttling_factor"],
     };
 }
 
@@ -161,5 +201,9 @@ export function AuthenticatorValidateStageRequestToJSONTyped(
                 ? undefined
                 : (value["webauthnHints"] as Array<any>).map(WebAuthnHintEnumToJSON),
         webauthn_allowed_device_types: value["webauthnAllowedDeviceTypes"],
+        email_otp_throttling_factor: value["emailOtpThrottlingFactor"],
+        sms_otp_throttling_factor: value["smsOtpThrottlingFactor"],
+        totp_otp_throttling_factor: value["totpOtpThrottlingFactor"],
+        static_otp_throttling_factor: value["staticOtpThrottlingFactor"],
     };
 }

packages/client-ts/src/models/PatchedAuthenticatorValidateStageRequest.ts

@@ -78,6 +78,30 @@ export interface PatchedAuthenticatorValidateStageRequest {
      * @memberof PatchedAuthenticatorValidateStageRequest
      */
     webauthnAllowedDeviceTypes?: Array<string>;
+    /**
+     *
+     * @type {number}
+     * @memberof PatchedAuthenticatorValidateStageRequest
+     */
+    emailOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof PatchedAuthenticatorValidateStageRequest
+     */
+    smsOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof PatchedAuthenticatorValidateStageRequest
+     */
+    totpOtpThrottlingFactor?: number;
+    /**
+     *
+     * @type {number}
+     * @memberof PatchedAuthenticatorValidateStageRequest
+     */
+    staticOtpThrottlingFactor?: number;
 }
 
 /**
@@ -128,6 +152,22 @@ export function PatchedAuthenticatorValidateStageRequestFromJSONTyped(
             json["webauthn_allowed_device_types"] == null
                 ? undefined
                 : json["webauthn_allowed_device_types"],
+        emailOtpThrottlingFactor:
+            json["email_otp_throttling_factor"] == null
+                ? undefined
+                : json["email_otp_throttling_factor"],
+        smsOtpThrottlingFactor:
+            json["sms_otp_throttling_factor"] == null
+                ? undefined
+                : json["sms_otp_throttling_factor"],
+        totpOtpThrottlingFactor:
+            json["totp_otp_throttling_factor"] == null
+                ? undefined
+                : json["totp_otp_throttling_factor"],
+        staticOtpThrottlingFactor:
+            json["static_otp_throttling_factor"] == null
+                ? undefined
+                : json["static_otp_throttling_factor"],
     };
 }
 
@@ -160,5 +200,9 @@ export function PatchedAuthenticatorValidateStageRequestToJSONTyped(
                 ? undefined
                 : (value["webauthnHints"] as Array<any>).map(WebAuthnHintEnumToJSON),
         webauthn_allowed_device_types: value["webauthnAllowedDeviceTypes"],
+        email_otp_throttling_factor: value["emailOtpThrottlingFactor"],
+        sms_otp_throttling_factor: value["smsOtpThrottlingFactor"],
+        totp_otp_throttling_factor: value["totpOtpThrottlingFactor"],
+        static_otp_throttling_factor: value["staticOtpThrottlingFactor"],
     };
 }