Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-31 22:51:25 -05:00
Code Issues Activity

refactor(core): refactor passwordless route

Browse source 
refactor passwordless route
This commit is contained in:
simeng-li 2022-10-13 14:13:03 +08:00
parent eb438f79cd
commit 2295946791
No known key found for this signature in database
GPG key ID: 14EA7BB1541E8075
7 changed files with 299 additions and 204 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
packages/core/src/routes/session/forgot-password.test.ts
View file

@ -13,7 +13,7 @@ const encryptUserPassword = jest.fn(async (password: string) => ({
passwordEncryptionMethod: 'Argon2i',
}));
const findUserById = jest.fn(async (): Promise<User> => mockUserWithPassword);
const updateUserById = jest.fn(async (..._args: unknown[]) => ({ id: 'id' }));
const updateUserById = jest.fn(async (..._args: unknown[]) => ({ userId: 'id' }));
jest.mock('@/lib/user', () => ({
...jest.requireActual('@/lib/user'),
@ -23,16 +23,16 @@ jest.mock('@/lib/user', () => ({
jest.mock('@/queries/user', () => ({
...jest.requireActual('@/queries/user'),
hasUserWithPhone: async (phone: string) => phone === '13000000000',
findUserByPhone: async () => ({ id: 'id' }),
findUserByPhone: async () => ({ userId: 'id' }),
hasUserWithEmail: async (email: string) => email === 'a@a.com',
findUserByEmail: async () => ({ id: 'id' }),
findUserByEmail: async () => ({ userId: 'id' }),
findUserById: async () => findUserById(),
updateUserById: async (...args: unknown[]) => updateUserById(...args),
}));
const sendPasscode = jest.fn(async () => ({ dbEntry: { id: 'connectorIdValue' } }));
jest.mock('@/lib/passcode', () => ({
createPasscode: async () => ({ id: 'id' }),
createPasscode: async () => ({ userId: 'id' }),
sendPasscode: async () => sendPasscode(),
verifyPasscode: async (_a: unknown, _b: unknown, code: string) => {
if (code !== '1234') {
@ -82,7 +82,7 @@ describe('session -> forgotPasswordRoutes', () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: {
id: 'id',
userId: 'id',
expiresAt: dayjs().add(1, 'day').toISOString(),
flow: PasscodeType.ForgotPassword,
},
@ -119,7 +119,7 @@ describe('session -> forgotPasswordRoutes', () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: {
id: 'id',
userId: 'id',
expiresAt: dayjs().add(1, 'day').toISOString(),
flow: PasscodeType.SignIn,
},
@ -134,7 +134,7 @@ describe('session -> forgotPasswordRoutes', () => {
it('should throw when `verification.expiresAt` is not string', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: { id: 'id', expiresAt: 0, flow: PasscodeType.ForgotPassword },
verification: { userId: 'id', expiresAt: 0, flow: PasscodeType.ForgotPassword },
},
});
const response = await sessionRequest
@ -147,7 +147,7 @@ describe('session -> forgotPasswordRoutes', () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: {
id: 'id',
userId: 'id',
expiresAt: 'invalid date string',
flow: PasscodeType.ForgotPassword,
},
@ -163,7 +163,7 @@ describe('session -> forgotPasswordRoutes', () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: {
id: 'id',
userId: 'id',
expiresAt: dayjs().subtract(1, 'day').toISOString(),
flow: PasscodeType.ForgotPassword,
},
@ -179,7 +179,7 @@ describe('session -> forgotPasswordRoutes', () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: {
id: 'id',
userId: 'id',
expiresAt: dayjs().add(1, 'day').toISOString(),
flow: PasscodeType.ForgotPassword,
},
@ -196,7 +196,7 @@ describe('session -> forgotPasswordRoutes', () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: {
id: 'id',
userId: 'id',
expiresAt: dayjs().add(1, 'day').toISOString(),
flow: PasscodeType.ForgotPassword,
},

8
packages/core/src/routes/session/forgot-password.ts
View file

@ -39,11 +39,11 @@ export default function forgotPasswordRoutes<T extends AnonymousRouter>(
const type = 'ForgotPasswordReset';
ctx.log(type, verificationStorage);
const { id, expiresAt } = verificationStorage;
const { userId, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
const { passwordEncrypted: oldPasswordEncrypted } = await findUserById(id);
const { passwordEncrypted: oldPasswordEncrypted } = await findUserById(userId);
assertThat(
!oldPasswordEncrypted ||
@ -53,9 +53,9 @@ export default function forgotPasswordRoutes<T extends AnonymousRouter>(
const { passwordEncrypted, passwordEncryptionMethod } = await encryptUserPassword(password);
ctx.log(type, { userId: id });
ctx.log(type, { userId });
await updateUserById(id, { passwordEncrypted, passwordEncryptionMethod });
await updateUserById(userId, { passwordEncrypted, passwordEncryptionMethod });
await clearVerificationResult(ctx, provider);
ctx.status = 204;

149
packages/core/src/routes/session/middleware/passwordless-action.ts Normal file
View file

@ -0,0 +1,149 @@
import { PasscodeType } from '@logto/schemas';
import { MiddlewareType } from 'koa';
import { Provider } from 'oidc-provider';
import RequestError from '@/errors/RequestError';
import { assignInteractionResults } from '@/lib/session';
import { generateUserId, insertUser } from '@/lib/user';
import { WithLogContext } from '@/middleware/koa-log';
import {
hasUserWithPhone,
hasUserWithEmail,
findUserByPhone,
findUserByEmail,
updateUserById,
} from '@/queries/user';
import assertThat from '@/utils/assert-that';
import { smsSessionResultGuard, emailSessionResultGuard } from '../types';
import {
getVerificationStorageFromInteraction,
getPasswordlessRelatedLogType,
checkValidateExpiration,
} from '../utils';
export const smsSignInAction = <StateT, ContextT extends WithLogContext, ResponseBodyT>(
provider: Provider
): MiddlewareType<StateT, ContextT, ResponseBodyT> => {
return async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
smsSessionResultGuard
);
const type = getPasswordlessRelatedLogType(PasscodeType.SignIn, 'sms');
ctx.log(type, verificationStorage);
const { phone, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
assertThat(
await hasUserWithPhone(phone),
new RequestError({ code: 'user.phone_not_exists', status: 404 })
);
const { id } = await findUserByPhone(phone);
ctx.log(type, { userId: id });
await updateUserById(id, { lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
};
};
export const emailSignInAction = <StateT, ContextT extends WithLogContext, ResponseBodyT>(
provider: Provider
): MiddlewareType<StateT, ContextT, ResponseBodyT> => {
return async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
emailSessionResultGuard
);
const type = getPasswordlessRelatedLogType(PasscodeType.SignIn, 'email');
ctx.log(type, verificationStorage);
const { email, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
assertThat(
await hasUserWithEmail(email),
new RequestError({ code: 'user.phone_not_exists', status: 404 })
);
const { id } = await findUserByEmail(email);
ctx.log(type, { userId: id });
await updateUserById(id, { lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
};
};
export const smsRegisterAction = <StateT, ContextT extends WithLogContext, ResponseBodyT>(
provider: Provider
): MiddlewareType<StateT, ContextT, ResponseBodyT> => {
return async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
smsSessionResultGuard
);
const type = getPasswordlessRelatedLogType(PasscodeType.Register, 'sms');
ctx.log(type, verificationStorage);
const { phone, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
assertThat(
!(await hasUserWithPhone(phone)),
new RequestError({ code: 'user.phone_exists_register', status: 422 })
);
const id = await generateUserId();
ctx.log(type, { userId: id });
await insertUser({ id, primaryPhone: phone, lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
};
};
export const emailRegisterAction = <StateT, ContextT extends WithLogContext, ResponseBodyT>(
provider: Provider
): MiddlewareType<StateT, ContextT, ResponseBodyT> => {
return async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
emailSessionResultGuard
);
const type = getPasswordlessRelatedLogType(PasscodeType.Register, 'email');
ctx.log(type, verificationStorage);
const { email, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
assertThat(
!(await hasUserWithEmail(email)),
new RequestError({ code: 'user.email_exists_register', status: 422 })
);
const id = await generateUserId();
ctx.log(type, { userId: id });
await insertUser({ id, primaryEmail: email, lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
};
};

94
packages/core/src/routes/session/passwordless.test.ts
View file

@ -8,6 +8,7 @@ import RequestError from '@/errors/RequestError';
import { createRequester } from '@/utils/test-utils';
import { verificationTimeout } from './consts';
import * as passwordlessActions from './middleware/passwordless-action';
import passwordlessRoutes, { registerRoute, signInRoute } from './passwordless';
const insertUser = jest.fn(async (..._args: unknown[]) => ({ id: 'id' }));
@ -29,6 +30,11 @@ jest.mock('@/queries/user', () => ({
hasUserWithEmail: async (email: string) => email === 'a@a.com',
}));
const smsSignInActionSpy = jest.spyOn(passwordlessActions, 'smsSignInAction');
const emailSignInActionSpy = jest.spyOn(passwordlessActions, 'emailSignInAction');
const smsRegisterActionSpy = jest.spyOn(passwordlessActions, 'smsRegisterAction');
const emailRegisterActionSpy = jest.spyOn(passwordlessActions, 'emailRegisterAction');
const sendPasscode = jest.fn(async () => ({ dbEntry: { id: 'connectorIdValue' } }));
const createPasscode = jest.fn(async (..._args: unknown[]) => ({ id: 'id' }));
jest.mock('@/lib/passcode', () => ({
@ -171,18 +177,21 @@ describe('session -> passwordlessRoutes', () => {
jti: 'jti',
});
});
afterEach(() => {
jest.useRealTimers();
jest.clearAllMocks();
jest.resetModules();
});
it('should call interactionResult (with flow `sign-in`)', async () => {
const fakeTime = new Date();
jest.useFakeTimers().setSystemTime(fakeTime);
const response = await sessionRequest
await sessionRequest
.post('/session/passwordless/sms/verify')
.send({ phone: '13000000000', code: '1234', flow: PasscodeType.SignIn });
expect(response.statusCode).toEqual(204);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
@ -194,14 +203,19 @@ describe('session -> passwordlessRoutes', () => {
},
})
);
// Should call sign-in with sms properly
expect(smsSignInActionSpy).toBeCalled();
});
it('should call interactionResult (with flow `register`)', async () => {
const fakeTime = new Date();
jest.useFakeTimers().setSystemTime(fakeTime);
const response = await sessionRequest
await sessionRequest
.post('/session/passwordless/sms/verify')
.send({ phone: '13000000000', code: '1234', flow: PasscodeType.Register });
expect(response.statusCode).toEqual(204);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
@ -213,26 +227,33 @@ describe('session -> passwordlessRoutes', () => {
},
})
);
expect(smsRegisterActionSpy).toBeCalled();
});
it('should call interactionResult (with flow `forgot-password`)', async () => {
const fakeTime = new Date();
jest.useFakeTimers().setSystemTime(fakeTime);
const response = await sessionRequest
.post('/session/passwordless/sms/verify')
.send({ phone: '13000000000', code: '1234', flow: PasscodeType.ForgotPassword });
expect(response.statusCode).toEqual(204);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({
verification: {
id: 'id',
userId: 'id',
expiresAt: dayjs(fakeTime).add(verificationTimeout, 'second').toISOString(),
flow: PasscodeType.ForgotPassword,
},
})
);
});
it('throw 404 (with flow `forgot-password`)', async () => {
const response = await sessionRequest
.post('/session/passwordless/sms/verify')
@ -240,6 +261,7 @@ describe('session -> passwordlessRoutes', () => {
expect(response.statusCode).toEqual(404);
expect(interactionResult).toHaveBeenCalledTimes(0);
});
it('throw when code is wrong', async () => {
const response = await sessionRequest
.post('/session/passwordless/sms/verify')
@ -254,18 +276,21 @@ describe('session -> passwordlessRoutes', () => {
jti: 'jti',
});
});
afterEach(() => {
jest.useRealTimers();
jest.clearAllMocks();
jest.resetModules();
});
it('should call interactionResult (with flow `sign-in`)', async () => {
const fakeTime = new Date();
jest.useFakeTimers().setSystemTime(fakeTime);
const response = await sessionRequest
await sessionRequest
.post('/session/passwordless/email/verify')
.send({ email: 'a@a.com', code: '1234', flow: PasscodeType.SignIn });
expect(response.statusCode).toEqual(204);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
@ -277,14 +302,18 @@ describe('session -> passwordlessRoutes', () => {
},
})
);
expect(emailSignInActionSpy).toBeCalled();
});
it('should call interactionResult (with flow `register`)', async () => {
const fakeTime = new Date();
jest.useFakeTimers().setSystemTime(fakeTime);
const response = await sessionRequest
await sessionRequest
.post('/session/passwordless/email/verify')
.send({ email: 'a@a.com', code: '1234', flow: PasscodeType.Register });
expect(response.statusCode).toEqual(204);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
@ -296,26 +325,33 @@ describe('session -> passwordlessRoutes', () => {
},
})
);
expect(emailRegisterActionSpy).toBeCalled();
});
it('should call interactionResult (with flow `forgot-password`)', async () => {
const fakeTime = new Date();
jest.useFakeTimers().setSystemTime(fakeTime);
const response = await sessionRequest
.post('/session/passwordless/email/verify')
.send({ email: 'a@a.com', code: '1234', flow: PasscodeType.ForgotPassword });
expect(response.statusCode).toEqual(204);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({
verification: {
id: 'id',
userId: 'id',
expiresAt: dayjs(fakeTime).add(verificationTimeout, 'second').toISOString(),
flow: PasscodeType.ForgotPassword,
},
})
);
});
it('throw 404 (with flow `forgot-password`)', async () => {
const fakeTime = new Date();
jest.useFakeTimers().setSystemTime(fakeTime);
@ -325,6 +361,7 @@ describe('session -> passwordlessRoutes', () => {
expect(response.statusCode).toEqual(404);
expect(interactionResult).toHaveBeenCalledTimes(0);
});
it('throw when code is wrong', async () => {
const response = await sessionRequest
.post('/session/passwordless/email/verify')
@ -337,6 +374,7 @@ describe('session -> passwordlessRoutes', () => {
beforeEach(() => {
jest.resetAllMocks();
});
it('should call interactionResult (with flow `sign-in`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -348,7 +386,9 @@ describe('session -> passwordlessRoutes', () => {
},
});
const response = await sessionRequest.post(`${signInRoute}/sms`);
expect(response.statusCode).toEqual(200);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
@ -358,6 +398,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('should call interactionResult (with flow `register`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -379,6 +420,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('throw when verification session invalid', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -391,6 +433,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/sms`);
expect(response.statusCode).toEqual(404);
});
it('throw when flow is not `sign-in` and `register`', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -404,6 +447,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/sms`);
expect(response.statusCode).toEqual(404);
});
it('throw when expiresAt is not valid ISO date string', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -417,6 +461,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/sms`);
expect(response.statusCode).toEqual(401);
});
it('throw when validation expired', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -430,10 +475,12 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/sms`);
expect(response.statusCode).toEqual(401);
});
it('throw when phone not exist', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
verification: {
email: 'XX@foo',
flow: PasscodeType.SignIn,
expiresAt: dayjs().add(1, 'day').toISOString(),
},
@ -442,6 +489,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/sms`);
expect(response.statusCode).toEqual(404);
});
it("throw when phone not exist as user's primaryPhone", async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -453,7 +501,7 @@ describe('session -> passwordlessRoutes', () => {
},
});
const response = await sessionRequest.post(`${signInRoute}/sms`);
expect(response.statusCode).toEqual(422);
expect(response.statusCode).toEqual(404);
});
});
@ -461,6 +509,7 @@ describe('session -> passwordlessRoutes', () => {
beforeEach(() => {
jest.resetAllMocks();
});
it('should call interactionResult (with flow `sign-in`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -471,7 +520,9 @@ describe('session -> passwordlessRoutes', () => {
},
},
});
const response = await sessionRequest.post(`${signInRoute}/email`);
expect(response.statusCode).toEqual(200);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
@ -482,6 +533,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('should call interactionResult (with flow `register`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -492,7 +544,9 @@ describe('session -> passwordlessRoutes', () => {
},
},
});
const response = await sessionRequest.post(`${signInRoute}/email`);
expect(response.statusCode).toEqual(200);
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
@ -503,6 +557,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('throw when verification session invalid', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -515,6 +570,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/email`);
expect(response.statusCode).toEqual(404);
});
it('throw when flow is not `sign-in` and `register`', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -528,6 +584,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/email`);
expect(response.statusCode).toEqual(404);
});
it('throw when email not exist', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -540,6 +597,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${signInRoute}/email`);
expect(response.statusCode).toEqual(404);
});
it("throw when email not exist as user's primaryEmail", async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -551,7 +609,7 @@ describe('session -> passwordlessRoutes', () => {
},
});
const response = await sessionRequest.post(`${signInRoute}/email`);
expect(response.statusCode).toEqual(422);
expect(response.statusCode).toEqual(404);
});
});
@ -559,6 +617,7 @@ describe('session -> passwordlessRoutes', () => {
beforeEach(() => {
jest.resetAllMocks();
});
it('should call interactionResult (with flow `register`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -580,6 +639,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('should call interactionResult (with flow `sign-in`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -601,6 +661,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('throw when verification session invalid', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -613,6 +674,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${registerRoute}/sms`);
expect(response.statusCode).toEqual(404);
});
it('throw when flow is not `register` and `sign-in`', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -626,6 +688,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${registerRoute}/sms`);
expect(response.statusCode).toEqual(404);
});
it('throw when phone not exist', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -638,6 +701,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${registerRoute}/sms`);
expect(response.statusCode).toEqual(404);
});
it("throw when phone already exist as user's primaryPhone", async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -657,6 +721,7 @@ describe('session -> passwordlessRoutes', () => {
beforeEach(() => {
jest.resetAllMocks();
});
it('should call interactionResult (with flow `register`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -678,6 +743,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('should call interactionResult (with flow `sign-in`)', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -699,6 +765,7 @@ describe('session -> passwordlessRoutes', () => {
expect.anything()
);
});
it('throw when verification session invalid', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -711,6 +778,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${registerRoute}/email`);
expect(response.statusCode).toEqual(404);
});
it('throw when flow is not `register` and `sign-in`', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -724,6 +792,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${registerRoute}/email`);
expect(response.statusCode).toEqual(404);
});
it('throw when email not exist', async () => {
interactionDetails.mockResolvedValueOnce({
result: {
@ -736,6 +805,7 @@ describe('session -> passwordlessRoutes', () => {
const response = await sessionRequest.post(`${registerRoute}/email`);
expect(response.statusCode).toEqual(404);
});
it("throw when email already exist as user's primaryEmail", async () => {
interactionDetails.mockResolvedValueOnce({
result: {

153
packages/core/src/routes/session/passwordless.ts
View file

@ -5,31 +5,24 @@ import { object, string } from 'zod';
import RequestError from '@/errors/RequestError';
import { createPasscode, sendPasscode, verifyPasscode } from '@/lib/passcode';
import { assignInteractionResults } from '@/lib/session';
import { generateUserId, insertUser } from '@/lib/user';
import koaGuard from '@/middleware/koa-guard';
import {
findUserByEmail,
findUserByPhone,
hasUserWithEmail,
hasUserWithPhone,
updateUserById,
} from '@/queries/user';
import {
emailSessionResultGuard,
passcodeTypeGuard,
smsSessionResultGuard,
} from '@/routes/session/types';
import { passcodeTypeGuard } from '@/routes/session/types';
import assertThat from '@/utils/assert-that';
import { AnonymousRouter } from '../types';
import {
assignVerificationResult,
getPasswordlessRelatedLogType,
getRoutePrefix,
getVerificationStorageFromInteraction,
checkValidateExpiration,
} from './utils';
smsSignInAction,
emailSignInAction,
smsRegisterAction,
emailRegisterAction,
} from './middleware/passwordless-action';
import { assignVerificationResult, getPasswordlessRelatedLogType, getRoutePrefix } from './utils';
export const registerRoute = getRoutePrefix('register', 'passwordless');
export const signInRoute = getRoutePrefix('sign-in', 'passwordless');
@ -101,6 +94,7 @@ export default function passwordlessRoutes<T extends AnonymousRouter>(
}),
async (ctx, next) => {
const { jti } = await provider.interactionDetails(ctx.req, ctx.res);
const {
body: { phone, code, flow },
} = ctx.guard;
@ -117,17 +111,19 @@ export default function passwordlessRoutes<T extends AnonymousRouter>(
);
const { id } = await findUserByPhone(phone);
await assignVerificationResult(ctx, provider, flow, { id });
await assignVerificationResult(ctx, provider, { flow, userId: id });
ctx.status = 204;
return next();
}
await assignVerificationResult(ctx, provider, flow, { phone });
ctx.status = 204;
await assignVerificationResult(ctx, provider, { flow, phone });
return next();
if (flow === PasscodeType.SignIn) {
return smsSignInAction(provider)(ctx, next);
}
return smsRegisterAction(provider)(ctx, next);
}
);
@ -159,124 +155,27 @@ export default function passwordlessRoutes<T extends AnonymousRouter>(
const { id } = await findUserByEmail(email);
await assignVerificationResult(ctx, provider, flow, { id });
await assignVerificationResult(ctx, provider, { flow, userId: id });
ctx.status = 204;
return next();
}
await assignVerificationResult(ctx, provider, flow, { email });
ctx.status = 204;
await assignVerificationResult(ctx, provider, { flow, email });
return next();
if (flow === PasscodeType.SignIn) {
return emailSignInAction(provider)(ctx, next);
}
return emailRegisterAction(provider)(ctx, next);
}
);
router.post(`${signInRoute}/sms`, async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
smsSessionResultGuard
);
router.post(`${signInRoute}/sms`, smsSignInAction(provider));
const type = getPasswordlessRelatedLogType(PasscodeType.SignIn, 'sms');
ctx.log(type, verificationStorage);
router.post(`${signInRoute}/email`, emailSignInAction(provider));
const { phone, expiresAt } = verificationStorage;
router.post(`${registerRoute}/sms`, smsRegisterAction(provider));
checkValidateExpiration(expiresAt);
assertThat(
await hasUserWithPhone(phone),
new RequestError({ code: 'user.phone_not_exists', status: 422 })
);
const { id } = await findUserByPhone(phone);
ctx.log(type, { userId: id });
await updateUserById(id, { lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
});
router.post(`${signInRoute}/email`, async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
emailSessionResultGuard
);
const type = getPasswordlessRelatedLogType(PasscodeType.SignIn, 'email');
ctx.log(type, verificationStorage);
const { email, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
assertThat(
await hasUserWithEmail(email),
new RequestError({ code: 'user.email_not_exists', status: 422 })
);
const { id } = await findUserByEmail(email);
ctx.log(type, { userId: id });
await updateUserById(id, { lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
});
router.post(`${registerRoute}/sms`, async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
smsSessionResultGuard
);
const type = getPasswordlessRelatedLogType(PasscodeType.Register, 'sms');
ctx.log(type, verificationStorage);
const { phone, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
assertThat(
!(await hasUserWithPhone(phone)),
new RequestError({ code: 'user.phone_exists_register', status: 422 })
);
const id = await generateUserId();
ctx.log(type, { userId: id });
await insertUser({ id, primaryPhone: phone, lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
});
router.post(`${registerRoute}/email`, async (ctx, next) => {
const verificationStorage = await getVerificationStorageFromInteraction(
ctx,
provider,
emailSessionResultGuard
);
const type = getPasswordlessRelatedLogType(PasscodeType.Register, 'email');
ctx.log(type, verificationStorage);
const { email, expiresAt } = verificationStorage;
checkValidateExpiration(expiresAt);
assertThat(
!(await hasUserWithEmail(email)),
new RequestError({ code: 'user.email_exists_register', status: 422 })
);
const id = await generateUserId();
ctx.log(type, { userId: id });
await insertUser({ id, primaryEmail: email, lastSignInAt: Date.now() });
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();
});
router.post(`${registerRoute}/email`, emailRegisterAction(provider));
}

18
packages/core/src/routes/session/types.ts
View file

@ -11,15 +11,6 @@ export const operationGuard = z.enum(['send', 'verify']);
export type Operation = z.infer<typeof operationGuard>;
export type VerifiedIdentity = { email: string } | { phone: string } | { id: string };
export type VerificationStorage =
| SmsSessionStorage
| EmailSessionStorage
| ForgotPasswordSessionStorage;
export type VerificationResult<T = VerificationStorage> = { verification: T };
const smsSessionStorageGuard = z.object({
flow: z.literal(PasscodeType.SignIn).or(z.literal(PasscodeType.Register)),
expiresAt: z.string(),
@ -45,7 +36,7 @@ export const emailSessionResultGuard = z.object({
const forgotPasswordSessionStorageGuard = z.object({
flow: z.literal(PasscodeType.ForgotPassword),
expiresAt: z.string(),
id: z.string(),
userId: z.string(),
});
export type ForgotPasswordSessionStorage = z.infer<typeof forgotPasswordSessionStorageGuard>;
@ -53,3 +44,10 @@ export type ForgotPasswordSessionStorage = z.infer<typeof forgotPasswordSessionS
export const forgotPasswordSessionResultGuard = z.object({
verification: forgotPasswordSessionStorageGuard,
});
export type VerificationStorage =
| SmsSessionStorage
| EmailSessionStorage
| ForgotPasswordSessionStorage;
export type VerificationResult<T = VerificationStorage> = { verification: T };

59
packages/core/src/routes/session/utils.ts
View file

@ -9,16 +9,7 @@ import RequestError from '@/errors/RequestError';
import assertThat from '@/utils/assert-that';
import { verificationTimeout } from './consts';
import {
emailSessionResultGuard,
smsSessionResultGuard,
forgotPasswordSessionResultGuard,
Method,
Operation,
VerificationResult,
VerificationStorage,
VerifiedIdentity,
} from './types';
import { Method, Operation, VerificationResult, VerificationStorage } from './types';
export const getRoutePrefix = (
type: 'sign-in' | 'register' | 'forgot-password',
@ -44,11 +35,16 @@ export const getPasswordlessRelatedLogType = (
return result.data;
};
const parseVerificationStorage = <T = VerificationStorage>(
data: unknown,
export const getVerificationStorageFromInteraction = async <T = VerificationStorage>(
ctx: Context,
provider: Provider,
resultGuard: ZodType<VerificationResult<T>>
): T => {
const verificationResult = resultGuard.safeParse(data);
): Promise<T> => {
const { result } = await provider.interactionDetails(ctx.req, ctx.res);
const verificationResult = resultGuard.safeParse(result);
console.log(result);
if (!verificationResult.success) {
throw new RequestError(
@ -63,16 +59,6 @@ const parseVerificationStorage = <T = VerificationStorage>(
return verificationResult.data.verification;
};
export const getVerificationStorageFromInteraction = async <T = VerificationStorage>(
ctx: Context,
provider: Provider,
resultGuard: ZodType<VerificationResult<T>>
): Promise<T> => {
const { result } = await provider.interactionDetails(ctx.req, ctx.res);
return parseVerificationStorage<T>(result, resultGuard);
};
export const checkValidateExpiration = (expiresAt: string) => {
assertThat(
dayjs(expiresAt).isValid() && dayjs(expiresAt).isAfter(dayjs()),
@ -80,28 +66,21 @@ export const checkValidateExpiration = (expiresAt: string) => {
);
};
type DistributiveOmit<T, K extends keyof T> = T extends unknown ? Omit<T, K> : never;
export const assignVerificationResult = async (
ctx: Context,
provider: Provider,
flow: PasscodeType,
identity: VerifiedIdentity
verificationData: DistributiveOmit<VerificationStorage, 'expiresAt'>
) => {
const verificationResult = {
verification: {
flow,
expiresAt: dayjs().add(verificationTimeout, 'second').toISOString(),
...identity,
},
const verification: VerificationStorage = {
...verificationData,
expiresAt: dayjs().add(verificationTimeout, 'second').toISOString(),
};
assertThat(
emailSessionResultGuard.safeParse(verificationResult).success ||
smsSessionResultGuard.safeParse(verificationResult).success ||
forgotPasswordSessionResultGuard.safeParse(verificationResult).success,
new RequestError({ code: 'session.invalid_verification' })
);
await provider.interactionResult(ctx.req, ctx.res, verificationResult);
await provider.interactionResult(ctx.req, ctx.res, {
verification,
});
};
export const clearVerificationResult = async (ctx: Context, provider: Provider) => {