add 2fa type tracking to credentials (#3647)

2025-10-08 11:38:34 -07:00
parent a61ff4cb4f
commit fc0f2b87ca
9 changed files with 123 additions and 6 deletions
--- a/skyvern/forge/sdk/db/client.py
+++ b/skyvern/forge/sdk/db/client.py
@@ -3623,6 +3623,7 @@ class AgentDB:
        credential_type: CredentialType,
        organization_id: str,
        item_id: str,
+        totp_type: str = "none",
    ) -> Credential:
        async with self.Session() as session:
            credential = CredentialModel(
@@ -3630,6 +3631,7 @@ class AgentDB:
                name=name,
                credential_type=credential_type,
                item_id=item_id,
+                totp_type=totp_type,
            )
            session.add(credential)
            await session.commit()
--- a/skyvern/forge/sdk/db/models.py
+++ b/skyvern/forge/sdk/db/models.py
@@ -818,6 +818,7 @@ class CredentialModel(Base):

    name = Column(String, nullable=False)
    credential_type = Column(String, nullable=False)
+    totp_type = Column(String, nullable=False, default="none")

    created_at = Column(DateTime, default=datetime.datetime.utcnow, nullable=False)
    modified_at = Column(DateTime, default=datetime.datetime.utcnow, onupdate=datetime.datetime.utcnow, nullable=False)
--- a/skyvern/forge/sdk/routes/credentials.py
+++ b/skyvern/forge/sdk/routes/credentials.py
@@ -167,11 +167,13 @@ async def create_credential(
        item_id=item_id,
        name=data.name,
        credential_type=data.credential_type,
+        totp_type=data.credential.totp_type if hasattr(data.credential, "totp_type") else "none",
    )

    if data.credential_type == CredentialType.PASSWORD:
        credential_response = PasswordCredentialResponse(
            username=data.credential.username,
+            totp_type=data.credential.totp_type if hasattr(data.credential, "totp_type") else "none",
        )
        return CredentialResponse(
            credential=credential_response,
@@ -283,6 +285,7 @@ async def get_credential(
    if credential_item.credential_type == CredentialType.PASSWORD:
        credential_response = PasswordCredentialResponse(
            username=credential_item.credential.username,
+            totp_type=credential.totp_type,
        )
        return CredentialResponse(
            credential=credential_response,
@@ -354,7 +357,10 @@ async def get_credentials(
        if not item:
            continue
        if item.credential_type == CredentialType.PASSWORD:
-            credential_response = PasswordCredentialResponse(username=item.credential.username)
+            credential_response = PasswordCredentialResponse(
+                username=item.credential.username,
+                totp_type=credential.totp_type,
+            )
            response_items.append(
                CredentialResponse(
                    credential=credential_response,
--- a/skyvern/forge/sdk/schemas/credentials.py
+++ b/skyvern/forge/sdk/schemas/credentials.py
@@ -11,10 +11,24 @@ class CredentialType(StrEnum):
    CREDIT_CARD = "credit_card"


+class TotpType(StrEnum):
+    """Type of 2FA/TOTP method used."""
+
+    AUTHENTICATOR = "authenticator"
+    EMAIL = "email"
+    TEXT = "text"
+    NONE = "none"
+
+
 class PasswordCredentialResponse(BaseModel):
    """Response model for password credentials, containing only the username."""

    username: str = Field(..., description="The username associated with the credential", examples=["user@example.com"])
+    totp_type: TotpType = Field(
+        TotpType.NONE,
+        description="Type of 2FA method used for this credential",
+        examples=[TotpType.AUTHENTICATOR],
+    )


 class CreditCardCredentialResponse(BaseModel):
@@ -34,6 +48,11 @@ class PasswordCredential(BaseModel):
        description="Optional TOTP (Time-based One-Time Password) string used to generate 2FA codes",
        examples=["JBSWY3DPEHPK3PXP"],
    )
+    totp_type: TotpType = Field(
+        TotpType.NONE,
+        description="Type of 2FA method used for this credential",
+        examples=[TotpType.AUTHENTICATOR],
+    )


 class NonEmptyPasswordCredential(PasswordCredential):
@@ -124,6 +143,11 @@ class Credential(BaseModel):
    name: str = Field(..., description="Name of the credential", examples=["Skyvern Login"])
    credential_type: CredentialType = Field(..., description="Type of the credential. Eg password, credit card, etc.")
    item_id: str = Field(..., description="ID of the associated credential item", examples=["item_1234567890"])
+    totp_type: TotpType = Field(
+        TotpType.NONE,
+        description="Type of 2FA method used for this credential",
+        examples=[TotpType.AUTHENTICATOR],
+    )

    created_at: datetime = Field(..., description="Timestamp when the credential was created")
    modified_at: datetime = Field(..., description="Timestamp when the credential was last modified")