Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-31 22:51:25 -05:00
Code Issues Activity

Merge branch master into merge/suspend

Browse source
This commit is contained in:
wangsijie 2022-11-10 18:32:22 +08:00
commit b9a1ded63f
No known key found for this signature in database
GPG key ID: C72642FE24F7D42B
102 changed files with 1167 additions and 421 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
.changeset/unlucky-lizards-agree.md Normal file
View file

@ -0,0 +1,23 @@
---
"@logto/cli": minor
---
## CLI
### Rotate your private or secret key
We add a new command `db config rotate <key>` to support key rotation via CLI.
When rotating, the CLI will generate a new key and prepend to the corresponding key array. Thus the old key is still valid and the service will use the new key for signing.
Run `logto db config rotate help` for detailed usage.
### Trim the private or secret key you don't need
If you want to trim one or more out-dated private or secret key(s) from the config, use the command `db config trim <key>`. It will remove the last item (private or secret key) in the array.
You may remove the old key after a certain period (such as half a year) to allow most of your users have time to touch the new key.
If you want to remove multiple keys at once, just append a number to the command. E.g. `logto db config trim oidc.cookieKeys 3`.
Run `logto db config trim help` for detailed usage.

115
packages/cli/src/commands/database/config.ts
View file

@ -1,5 +1,5 @@
import type { LogtoConfigKey } from '@logto/schemas';
import { logtoConfigGuards, logtoConfigKeys } from '@logto/schemas';
import { LogtoOidcConfigKey, logtoConfigGuards, logtoConfigKeys } from '@logto/schemas';
import { deduplicate, noop } from '@silverhand/essentials';
import chalk from 'chalk';
import type { CommandModule } from 'yargs';
@ -7,6 +7,7 @@ import type { CommandModule } from 'yargs';
import { createPoolFromConfig } from '../../database';
import { getRowsByKeys, updateValueByKey } from '../../queries/logto-config';
import { log } from '../../utilities';
import { generateOidcCookieKey, generateOidcPrivateKey } from './utilities';
const validKeysDisplay = chalk.green(logtoConfigKeys.join(', '));
@ -29,6 +30,21 @@ const validateKeys: ValidateKeysFunction = (keys) => {
}
};
const validRotateKeys = Object.freeze([
LogtoOidcConfigKey.PrivateKeys,
LogtoOidcConfigKey.CookieKeys,
] as const);
type ValidateRotateKeyFunction = (key: string) => asserts key is typeof validRotateKeys[number];
const validateRotateKey: ValidateRotateKeyFunction = (key) => {
// Using `.includes()` will result a type error
// eslint-disable-next-line unicorn/prefer-includes
if (!validRotateKeys.some((element) => element === key)) {
log.error(`Invalid config key ${chalk.red(key)} found, expected one of ${validKeysDisplay}`);
}
};
const getConfig: CommandModule<unknown, { key: string; keys: string[] }> = {
command: 'get <key> [keys...]',
describe: 'Get config value(s) of the given key(s) in Logto database',
@ -97,10 +113,105 @@ const setConfig: CommandModule<unknown, { key: string; value: string }> = {
},
};
const rotateConfig: CommandModule<unknown, { key: string }> = {
command: 'rotate <key>',
describe:
'Generate a new private or secret key for the given config key and prepend to the key array',
builder: (yargs) =>
yargs.positional('key', {
describe: `The key to rotate, one of ${chalk.green(validRotateKeys.join(', '))}`,
type: 'string',
demandOption: true,
}),
handler: async ({ key }) => {
validateRotateKey(key);
const pool = await createPoolFromConfig();
const { rows } = await getRowsByKeys(pool, [key]);
if (!rows[0]) {
log.warn('No key found, create a new one');
}
const getValue = async () => {
const parsed = logtoConfigGuards[key].safeParse(rows[0]?.value);
const original = parsed.success ? parsed.data : [];
// No need for default. It's already exhaustive
// eslint-disable-next-line default-case
switch (key) {
case LogtoOidcConfigKey.PrivateKeys:
return [await generateOidcPrivateKey(), ...original];
case LogtoOidcConfigKey.CookieKeys:
return [generateOidcCookieKey(), ...original];
}
};
const rotated = await getValue();
await updateValueByKey(pool, key, rotated);
await pool.end();
log.info(`Rotate ${chalk.green(key)} succeeded, now it has ${rotated.length} keys`);
},
};
const trimConfig: CommandModule<unknown, { key: string; length: number }> = {
command: 'trim <key> [length]',
describe: 'Remove the last [length] number of private or secret keys for the given config key',
builder: (yargs) =>
yargs
.positional('key', {
describe: `The config key to trim, one of ${chalk.green(validRotateKeys.join(', '))}`,
type: 'string',
demandOption: true,
})
.positional('length', {
describe: 'Number of private or secret keys to trim',
type: 'number',
default: 1,
demandOption: true,
}),
handler: async ({ key, length }) => {
validateRotateKey(key);
if (length < 1) {
log.error('Invalid length provided');
}
const pool = await createPoolFromConfig();
const { rows } = await getRowsByKeys(pool, [key]);
if (!rows[0]) {
log.warn('No key found, create a new one');
}
const getValue = async () => {
const value = logtoConfigGuards[key].parse(rows[0]?.value);
if (value.length - length < 1) {
await pool.end();
log.error(`You should keep at least one key in the array, current length=${value.length}`);
}
return value.slice(0, -length);
};
const trimmed = await getValue();
await updateValueByKey(pool, key, trimmed);
await pool.end();
log.info(`Trim ${chalk.green(key)} succeeded, now it has ${trimmed.length} keys`);
},
};
const config: CommandModule = {
command: ['config', 'configs'],
describe: 'Commands for Logto database config',
builder: (yargs) => yargs.command(getConfig).command(setConfig).demandCommand(1),
builder: (yargs) =>
yargs
.command(getConfig)
.command(setConfig)
.command(rotateConfig)
.command(trimConfig)
.demandCommand(1),
handler: noop,
};

22
packages/cli/src/commands/database/seed/oidc-config.ts
View file

@ -1,11 +1,10 @@
import { generateKeyPair } from 'crypto';
import { readFile } from 'fs/promises';
import { promisify } from 'util';
import type { LogtoOidcConfigType } from '@logto/schemas';
import { LogtoOidcConfigKey } from '@logto/schemas';
import { getEnv, getEnvAsStringArray } from '@silverhand/essentials';
import { nanoid } from 'nanoid';
import { generateOidcCookieKey, generateOidcPrivateKey } from '../utilities';
const isBase64FormatPrivateKey = (key: string) => !key.includes('-');
@ -57,21 +56,8 @@ export const oidcConfigReaders: {
};
}
// Generate a new key
const { privateKey } = await promisify(generateKeyPair)('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
},
});
return {
value: [privateKey],
value: [await generateOidcPrivateKey()],
fromEnv: false,
};
},
@ -79,7 +65,7 @@ export const oidcConfigReaders: {
const envKey = 'OIDC_COOKIE_KEYS';
const keys = getEnvAsStringArray(envKey);
return { value: keys.length > 0 ? keys : [nanoid()], fromEnv: keys.length > 0 };
return { value: keys.length > 0 ? keys : [generateOidcCookieKey()], fromEnv: keys.length > 0 };
},
[LogtoOidcConfigKey.RefreshTokenReuseInterval]: async () => {
const envKey = 'OIDC_REFRESH_TOKEN_REUSE_INTERVAL';

22
packages/cli/src/commands/database/utilities.ts Normal file
View file

@ -0,0 +1,22 @@
import { generateKeyPair } from 'crypto';
import { promisify } from 'util';
import { nanoid } from 'nanoid';
export const generateOidcPrivateKey = async () => {
const { privateKey } = await promisify(generateKeyPair)('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
},
});
return privateKey;
};
export const generateOidcCookieKey = () => nanoid();

6
packages/console/src/components/Checkbox/index.module.scss
View file

@ -20,11 +20,13 @@
}
}
input {
input,
.disabledMask {
position: absolute;
width: 20px;
height: 20px;
left: 0;
// Note: add a left value to make the input element align with the icon
left: _.unit(0.5);
top: 0;
margin: 0;
opacity: 0%;

18
packages/console/src/components/Checkbox/index.tsx
View file

@ -1,7 +1,9 @@
import classNames from 'classnames';
import { nanoid } from 'nanoid';
import type { ReactNode } from 'react';
import { useState } from 'react';
import { useRef, useState } from 'react';
import Tooltip from '../Tooltip';
import Icon from './Icon';
import * as styles from './index.module.scss';
@ -12,13 +14,17 @@ type Props = {
label?: ReactNode;
// eslint-disable-next-line react/boolean-prop-naming
disabled: boolean;
className?: string;
disabledTooltip?: ReactNode;
};
const Checkbox = ({ value, onChange, label, disabled }: Props) => {
const Checkbox = ({ value, onChange, label, disabled, className, disabledTooltip }: Props) => {
const [id, setId] = useState(nanoid());
const tipRef = useRef<HTMLDivElement>(null);
return (
<div className={styles.checkbox}>
<div className={classNames(styles.checkbox, className)}>
<input
id={id}
type="checkbox"
@ -28,6 +34,12 @@ const Checkbox = ({ value, onChange, label, disabled }: Props) => {
onChange(event.target.checked);
}}
/>
{disabled && disabledTooltip && (
<>
<div ref={tipRef} className={styles.disabledMask} />
<Tooltip anchorRef={tipRef} content={disabledTooltip} />
</>
)}
<Icon className={styles.icon} />
{label && <label htmlFor={id}>{label}</label>}
</div>

1
packages/console/src/components/Dropdown/index.tsx
View file

@ -54,6 +54,7 @@ const Dropdown = ({
isFullWidth && anchorRef.current
? anchorRef.current.getBoundingClientRect().width
: undefined,
...(!position && { opacity: 0 }),
...position,
},
}}

38
packages/console/src/components/IconButton/index.module.scss
View file

@ -14,13 +14,19 @@
justify-content: center;
align-items: center;
> svg {
color: var(--color-text-secondary);
.icon {
> svg {
display: block;
color: var(--color-text-secondary);
}
}
&:disabled {
> svg {
color: var(--color-neutral-80);
.icon {
> svg {
color: var(--color-neutral-80);
}
}
}
@ -40,9 +46,11 @@
height: 24px;
width: 24px;
> svg {
height: 16px;
width: 16px;
.icon {
> svg {
height: 16px;
width: 16px;
}
}
}
@ -50,9 +58,11 @@
height: 28px;
width: 28px;
> svg {
height: 20px;
width: 20px;
.icon {
> svg {
height: 20px;
width: 20px;
}
}
}
@ -60,9 +70,11 @@
height: 32px;
width: 32px;
> svg {
height: 24px;
width: 24px;
.icon {
> svg {
height: 24px;
width: 24px;
}
}
}
}

42
packages/console/src/components/IconButton/index.tsx
View file

@ -1,49 +1,35 @@
import type { AdminConsoleKey } from '@logto/phrases';
import type { Nullable } from '@silverhand/essentials';
import classNames from 'classnames';
import type { ForwardedRef, HTMLProps } from 'react';
import { forwardRef, useImperativeHandle, useRef } from 'react';
import { useTranslation } from 'react-i18next';
import type { ForwardedRef, HTMLProps, ReactNode } from 'react';
import { forwardRef, useRef } from 'react';
import Tooltip from '../Tooltip';
import * as styles from './index.module.scss';
export type Props = Omit<HTMLProps<HTMLButtonElement>, 'size' | 'type'> & {
size?: 'small' | 'medium' | 'large';
tooltip?: AdminConsoleKey;
tooltip?: ReactNode;
};
const IconButton = (
{ size = 'medium', children, className, tooltip, ...rest }: Props,
reference: ForwardedRef<HTMLButtonElement>
) => {
const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
const innerReference = useRef<HTMLButtonElement>(null);
useImperativeHandle<Nullable<HTMLButtonElement>, Nullable<HTMLButtonElement>>(
reference,
() => innerReference.current
);
const tipRef = useRef<HTMLDivElement>(null);
return (
<>
<button
ref={innerReference}
type="button"
className={classNames(styles.button, styles[size], className)}
{...rest}
>
<button
ref={reference}
type="button"
className={classNames(styles.button, styles[size], className)}
{...rest}
>
<div ref={tipRef} className={styles.icon}>
{children}
</button>
</div>
{tooltip && (
<Tooltip
anchorRef={innerReference}
content={t(tooltip)}
position="top"
horizontalAlign="center"
/>
<Tooltip anchorRef={tipRef} content={tooltip} position="top" horizontalAlign="center" />
)}
</>
</button>
);
};

1
packages/console/src/components/ToggleTip/index.tsx
View file

@ -56,6 +56,7 @@ const ToggleTip = ({
isOpen={isOpen}
style={{
content: {
...(!layoutPosition && { opacity: 0 }),
...layoutPosition,
},
}}

2
packages/console/src/components/Tooltip/index.tsx
View file

@ -130,7 +130,7 @@ const Tooltip = ({
<TipBubble
ref={tooltipRef}
className={className}
style={{ ...layoutPosition }}
style={{ ...(!layoutPosition && { opacity: 0 }), ...layoutPosition }}
position={position}
horizontalAlignment={positionState.horizontalAlign}
>

5
packages/console/src/components/Transfer/DraggableItem.tsx
View file

@ -11,6 +11,7 @@ type Props = {
sortIndex: number;
moveItem: (dragIndex: number, hoverIndex: number) => void;
children: ReactNode;
className?: string;
};
type DragItemProps = {
@ -21,7 +22,7 @@ type DragItemProps = {
const dragType = 'TransferItem';
const DraggableItem = ({ id, children, sortIndex, moveItem }: Props) => {
const DraggableItem = ({ id, children, sortIndex, moveItem, className }: Props) => {
const ref = useRef<HTMLDivElement>(null);
const { setIsDragging } = useContext(DragDropContext);
const [{ handlerId }, drop] = useDrop<DragItemProps, void, { handlerId: Nullable<Identifier> }>({
@ -99,7 +100,7 @@ const DraggableItem = ({ id, children, sortIndex, moveItem }: Props) => {
}, [setIsDragging, isDragging]);
return (
<div ref={ref} style={{ opacity }} data-handler-id={handlerId}>
<div ref={ref} style={{ opacity }} data-handler-id={handlerId} className={className}>
{children}
</div>
);

28
packages/console/src/pages/Connectors/components/ConnectorStatusField/index.module.scss Normal file
View file

@ -0,0 +1,28 @@
@use '@/scss/underscore' as _;
.field {
display: flex;
align-items: center;
}
.tipIcon {
margin-left: _.unit(1);
> svg {
display: block;
cursor: pointer;
}
}
.title {
font: var(--font-label-large);
}
.content {
font: var(--font-body-medium);
a {
color: #cabeff;
text-decoration: none;
}
}

64
packages/console/src/pages/Connectors/components/ConnectorStatusField/index.tsx Normal file
View file

@ -0,0 +1,64 @@
import { useRef, useState } from 'react';
import { Trans, useTranslation } from 'react-i18next';
import { Link } from 'react-router-dom';
import Tip from '@/assets/images/tip.svg';
import ToggleTip from '@/components/ToggleTip';
import { onKeyDownHandler } from '@/utilities/a11y';
import * as styles from './index.module.scss';
const ConnectorStatusField = () => {
const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
const [isTipOpen, setIsTipOpen] = useState(false);
const anchorRef = useRef<HTMLDivElement>(null);
return (
<div className={styles.field}>
{t('connectors.connector_status')}
<div ref={anchorRef} className={styles.tipIcon}>
<Tip
tabIndex={0}
onClick={() => {
setIsTipOpen(true);
}}
onKeyDown={onKeyDownHandler(() => {
setIsTipOpen(true);
})}
/>
</div>
<ToggleTip
isOpen={isTipOpen}
anchorRef={anchorRef}
position="top"
horizontalAlign="center"
onClose={() => {
setIsTipOpen(false);
}}
>
<div className={styles.title}>{t('connectors.connector_status')}</div>
<div className={styles.content}>
<Trans
components={{
a: (
<Link
to="/sign-in-experience/sign-up-and-sign-in"
target="_blank"
onClick={() => {
setIsTipOpen(false);
}}
/>
),
}}
>
{t('connectors.not_in_use_tip.content', {
link: t('connectors.not_in_use_tip.go_to_sie'),
})}
</Trans>
</div>
</ToggleTip>
</div>
);
};
export default ConnectorStatusField;

5
packages/console/src/pages/Connectors/index.tsx
View file

@ -19,6 +19,7 @@ import { useTheme } from '@/hooks/use-theme';
import * as tableStyles from '@/scss/table.module.scss';
import ConnectorRow from './components/ConnectorRow';
import ConnectorStatusField from './components/ConnectorStatusField';
import CreateForm from './components/CreateForm';
import SignInExperienceSetupNotice from './components/SignInExperienceSetupNotice';
import * as styles from './index.module.scss';
@ -90,7 +91,9 @@ const Connectors = () => {
<tr>
<th>{t('connectors.connector_name')}</th>
<th>{t('connectors.connector_type')}</th>
<th>{t('connectors.connector_status')}</th>
<th>
<ConnectorStatusField />
</th>
</tr>
</thead>
<tbody>

2
packages/console/src/pages/SignInExperience/components/ColorForm.tsx
View file

@ -64,7 +64,7 @@ const ColorForm = () => {
</FormField>
{isDarkModeEnabled && (
<>
<FormField isRequired title="sign_in_exp.color.dark_primary_color">
<FormField title="sign_in_exp.color.dark_primary_color">
<Controller
name="color.darkPrimaryColor"
control={control}

4
packages/console/src/pages/SignInExperience/components/ManageLanguage/LanguageEditor/LanguageDetails.tsx
View file

@ -160,7 +160,7 @@ const LanguageDetails = () => {
</div>
{!isBuiltIn && (
<IconButton
tooltip="sign_in_exp.others.manage_language.deletion_tip"
tooltip={t('sign_in_exp.others.manage_language.deletion_tip')}
onClick={() => {
setIsDeletionAlertOpen(true);
}}
@ -189,7 +189,7 @@ const LanguageDetails = () => {
<IconButton
size="small"
className={style.clearButton}
tooltip="sign_in_exp.others.manage_language.clear_all_tip"
tooltip={t('sign_in_exp.others.manage_language.clear_all_tip')}
onClick={() => {
for (const [key, value] of Object.entries(
flattenTranslation(emptyUiTranslation)

14
packages/console/src/pages/SignInExperience/components/Preview.tsx
View file

@ -1,7 +1,7 @@
import type { LanguageTag } from '@logto/language-kit';
import { languages as uiLanguageNameMapping } from '@logto/language-kit';
import type { ConnectorResponse, ConnectorMetadata, SignInExperience } from '@logto/schemas';
import { AppearanceMode } from '@logto/schemas';
import { ConnectorType, AppearanceMode } from '@logto/schemas';
import { conditional } from '@silverhand/essentials';
import classNames from 'classnames';
import { format } from 'date-fns';
@ -94,6 +94,14 @@ const Preview = ({ signInExperience, className }: Props) => {
[]
);
const hasEmailConnector = allConnectors.some(
({ type, enabled }) => enabled && type === ConnectorType.Email
);
const hasSmsConnector = allConnectors.some(
({ type, enabled }) => enabled && type === ConnectorType.Sms
);
return {
signInExperience: {
...signInExperience,
@ -103,6 +111,10 @@ const Preview = ({ signInExperience, className }: Props) => {
mode,
platform: platform === 'desktopWeb' ? 'web' : 'mobile',
isNative: platform === 'mobile',
forgotPassword: {
email: hasEmailConnector,
sms: hasSmsConnector,
},
};
}, [allConnectors, language, mode, platform, signInExperience]);

2
packages/console/src/pages/SignInExperience/index.tsx
View file

@ -72,6 +72,7 @@ const SignInExperience = () => {
})
.json<SignInExperienceType>();
void mutate(updatedData);
setDataToCompare(undefined);
await updateSettings({ signInExperienceCustomized: true });
toast.success(t('general.saved'));
};
@ -172,7 +173,6 @@ const SignInExperience = () => {
}}
onConfirm={async () => {
await saveData();
setDataToCompare(undefined);
}}
>
{dataToCompare && <SignInMethodsChangePreview before={data} after={dataToCompare} />}

8
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/SignInForm.tsx
View file

@ -5,7 +5,10 @@ import FormField from '@/components/FormField';
import type { SignInExperienceForm } from '../../types';
import SignInMethodEditBox from './components/SignInMethodEditBox';
import { signUpToSignInIdentifierMapping } from './constants';
import {
signUpIdentifierToRequiredConnectorMapping,
signUpToSignInIdentifierMapping,
} from './constants';
import * as styles from './index.module.scss';
const SignInForm = () => {
@ -41,6 +44,9 @@ const SignInForm = () => {
<SignInMethodEditBox
value={value}
requiredSignInIdentifiers={signUpToSignInIdentifierMapping[signUpIdentifier]}
ignoredWarningConnectors={
signUpIdentifierToRequiredConnectorMapping[signUpIdentifier]
}
isSignUpPasswordRequired={setupPasswordAtSignUp}
isSignUpVerificationRequired={setupVerificationAtSignUp}
onChange={onChange}

2
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/SignUpForm.tsx
View file

@ -100,6 +100,7 @@ const SignUpForm = () => {
label={t('sign_in_exp.sign_up_and_sign_in.sign_up.set_a_password_option')}
disabled={signUpIdentifier === SignUpIdentifier.Username}
value={value ?? false}
disabledTooltip={t('sign_in_exp.sign_up_and_sign_in.tip.set_a_password')}
onChange={onChange}
/>
)}
@ -113,6 +114,7 @@ const SignUpForm = () => {
label={t('sign_in_exp.sign_up_and_sign_in.sign_up.verify_at_sign_up_option')}
value={value ?? false}
disabled={requiredVerifySignUpIdentifiers.includes(signUpIdentifier)}
disabledTooltip={t('sign_in_exp.sign_up_and_sign_in.tip.verify_at_sign_up')}
onChange={onChange}
/>
)}

16
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SignInMethodEditBox/SignInMethodItem.tsx
View file

@ -1,4 +1,5 @@
import { SignInIdentifier } from '@logto/schemas';
import { conditional } from '@silverhand/essentials';
import classNames from 'classnames';
import { useTranslation } from 'react-i18next';
import { snakeCase } from 'snake-case';
@ -53,9 +54,11 @@ const SignInMethodItem = ({
)}
>
<Checkbox
className={styles.checkBox}
label={t('sign_in_exp.sign_up_and_sign_in.sign_in.password_auth')}
value={password}
disabled={!isPasswordCheckable}
disabledTooltip={t('sign_in_exp.sign_up_and_sign_in.tip.password_auth')}
onChange={(checked) => {
onVerificationStateChange(identifier, 'password', checked);
}}
@ -63,7 +66,8 @@ const SignInMethodItem = ({
{identifier !== SignInIdentifier.Username && (
<>
<IconButton
tooltip="sign_in_exp.sign_up_and_sign_in.sign_in.auth_swap_tip"
className={styles.swapButton}
tooltip={t('sign_in_exp.sign_up_and_sign_in.sign_in.auth_swap_tip')}
onClick={() => {
onToggleVerificationPrimary(identifier);
}}
@ -71,9 +75,11 @@ const SignInMethodItem = ({
<SwitchArrowIcon />
</IconButton>
<Checkbox
className={styles.checkBox}
label={t('sign_in_exp.sign_up_and_sign_in.sign_in.verification_code_auth')}
value={verificationCode}
disabled={!isVerificationCodeCheckable}
disabledTooltip={t('sign_in_exp.sign_up_and_sign_in.tip.verification_code_auth')}
onChange={(checked) => {
onVerificationStateChange(identifier, 'verificationCode', checked);
}}
@ -84,6 +90,14 @@ const SignInMethodItem = ({
</div>
<IconButton
disabled={!isDeletable}
tooltip={conditional(
!isDeletable &&
t('sign_in_exp.sign_up_and_sign_in.tip.delete_sign_in_method', {
identifier: t('sign_in_exp.sign_up_and_sign_in.identifiers', {
context: snakeCase(identifier),
}).toLocaleLowerCase(),
})
)}
onClick={() => {
onDelete(identifier);
}}

14
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SignInMethodEditBox/index.module.scss
View file

@ -1,5 +1,9 @@
@use '@/scss/underscore' as _;
.draggleItemContainer {
transform: translate(0, 0);
}
.signInMethodItem {
display: flex;
align-items: center;
@ -32,6 +36,15 @@
padding: 0 _.unit(2);
flex-grow: 1;
.checkBox {
flex-grow: 1;
width: 100%;
}
.swapButton {
margin-right: _.unit(4);
}
&.verifyCodePrimary {
flex-direction: row-reverse;
}
@ -39,6 +52,7 @@
.draggableIcon {
color: var(--color-text-secondary);
margin-right: _.unit(1);
}
}

17
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SignInMethodEditBox/index.tsx
View file

@ -9,6 +9,7 @@ import { signInIdentifiers, signInIdentifierToRequiredConnectorMapping } from '.
import ConnectorSetupWarning from '../ConnectorSetupWarning';
import AddButton from './AddButton';
import SignInMethodItem from './SignInMethodItem';
import * as styles from './index.module.scss';
import type { SignInMethod } from './types';
import {
computeOnSignInMethodAppended,
@ -22,6 +23,7 @@ type Props = {
value: SignInMethod[];
onChange: (value: SignInMethod[]) => void;
requiredSignInIdentifiers: SignInIdentifier[];
ignoredWarningConnectors: ConnectorType[];
isSignUpPasswordRequired: boolean;
isSignUpVerificationRequired: boolean;
};
@ -30,6 +32,7 @@ const SignInMethodEditBox = ({
value,
onChange,
requiredSignInIdentifiers,
ignoredWarningConnectors,
isSignUpPasswordRequired,
isSignUpVerificationRequired,
}: Props) => {
@ -125,6 +128,7 @@ const SignInMethodEditBox = ({
id={signInMethod.identifier}
sortIndex={index}
moveItem={onMoveItem}
className={styles.draggleItemContainer}
>
<SignInMethodItem
signInMethod={signInMethod}
@ -132,9 +136,7 @@ const SignInMethodEditBox = ({
signInMethod.identifier !== SignInIdentifier.Username && !isSignUpPasswordRequired
}
isVerificationCodeCheckable={
(isSignUpPasswordRequired && isSignUpVerificationRequired) ||
// Note: the next line is used to handle the case when the sign-up identifier is `Username`
(isSignUpPasswordRequired && signInMethod.identifier !== SignInIdentifier.Username)
!(isSignUpVerificationRequired && !isSignUpPasswordRequired)
}
isDeletable={!requiredSignInIdentifiers.includes(signInMethod.identifier)}
onVerificationStateChange={(identifier, verification, checked) => {
@ -153,12 +155,11 @@ const SignInMethodEditBox = ({
))}
</DragDropProvider>
<ConnectorSetupWarning
requiredConnectors={value.reduce<ConnectorType[]>(
(connectors, { identifier: signInIdentifier }) => {
requiredConnectors={value
.reduce<ConnectorType[]>((connectors, { identifier: signInIdentifier }) => {
return [...connectors, ...signInIdentifierToRequiredConnectorMapping[signInIdentifier]];
},
[]
)}
}, [])
.filter((connector) => !ignoredWarningConnectors.includes(connector))}
/>
<AddButton
options={signInIdentifierOptions}

6
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SignUpAndSignInDiffSection/SignInDiffSection.tsx
View file

@ -70,7 +70,11 @@ const SignInDiffSection = ({ before, after, isAfter = false }: Props) => {
hasChanged={hasAuthenticationChanged(identifierKey, 'verificationCode')}
isAfter={isAfter}
>
{t('sign_in_exp.sign_up_and_sign_in.sign_in.verification_code_auth')}
{needDisjunction
? t(
'sign_in_exp.sign_up_and_sign_in.sign_in.verification_code_auth'
).toLocaleLowerCase()
: t('sign_in_exp.sign_up_and_sign_in.sign_in.verification_code_auth')}
</DiffSegment>
)}
{hasAuthentication && ')'}

6
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SignUpAndSignInDiffSection/SignUpDiffSection.tsx
View file

@ -41,7 +41,11 @@ const SignUpDiffSection = ({ before, after, isAfter = false }: Props) => {
{needConjunction && ` ${String(t('sign_in_exp.sign_up_and_sign_in.and'))} `}
{verify && (
<DiffSegment hasChanged={hasChanged('verify')} isAfter={isAfter}>
{t('sign_in_exp.sign_up_and_sign_in.sign_up.verify_at_sign_up_option')}
{needConjunction
? t(
'sign_in_exp.sign_up_and_sign_in.sign_up.verify_at_sign_up_option'
).toLowerCase()
: t('sign_in_exp.sign_up_and_sign_in.sign_up.verify_at_sign_up_option')}
</DiffSegment>
)}
{hasAuthentication && ')'}

46
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SignUpAndSignInDiffSection/index.tsx
View file

@ -3,7 +3,6 @@ import type { SignInExperience } from '@logto/schemas';
import SignInDiffSection from './SignInDiffSection';
import SignUpDiffSection from './SignUpDiffSection';
import SocialTargetsDiffSection from './SocialTargetsDiffSection';
import { isSignInMethodsDifferent, isSignUpDifferent, isSocialTargetsDifferent } from './utilities';
type Props = {
before: SignInExperience;
@ -11,35 +10,20 @@ type Props = {
isAfter?: boolean;
};
const SignUpAndSignInDiffSection = ({ before, after, isAfter = false }: Props) => {
const showSignUpDiff = isSignUpDifferent(before.signUp, after.signUp);
const showSignInDiff = isSignInMethodsDifferent(before.signIn.methods, after.signIn.methods);
const showSocialDiff = isSocialTargetsDifferent(
before.socialSignInConnectorTargets,
after.socialSignInConnectorTargets
);
return (
<>
{showSignUpDiff && (
<SignUpDiffSection before={before.signUp} after={after.signUp} isAfter={isAfter} />
)}
{showSignInDiff && (
<SignInDiffSection
before={before.signIn.methods}
after={after.signIn.methods}
isAfter={isAfter}
/>
)}
{showSocialDiff && (
<SocialTargetsDiffSection
before={before.socialSignInConnectorTargets}
after={after.socialSignInConnectorTargets}
isAfter={isAfter}
/>
)}
</>
);
};
const SignUpAndSignInDiffSection = ({ before, after, isAfter = false }: Props) => (
<>
<SignUpDiffSection before={before.signUp} after={after.signUp} isAfter={isAfter} />
<SignInDiffSection
before={before.signIn.methods}
after={after.signIn.methods}
isAfter={isAfter}
/>
<SocialTargetsDiffSection
before={before.socialSignInConnectorTargets}
after={after.socialSignInConnectorTargets}
isAfter={isAfter}
/>
</>
);
export default SignUpAndSignInDiffSection;

4
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SocialConnectorEditBox/index.module.scss
View file

@ -1,5 +1,9 @@
@use '@/scss/underscore' as _;
.draggleItemContainer {
transform: translate(0, 0);
}
.setUpHint {
font: var(--font-body-medium);
color: var(--color-text-secondary);

8
packages/console/src/pages/SignInExperience/tabs/SignUpAndSignInTab/components/SocialConnectorEditBox/index.tsx
View file

@ -62,7 +62,13 @@ const SocialConnectorEditBox = ({ value, onChange }: Props) => {
<div>
<DragDropProvider>
{selectedConnectorItems.map((item, index) => (
<DraggableItem key={item.id} id={item.id} sortIndex={index} moveItem={onMoveItem}>
<DraggableItem
key={item.id}
id={item.id}
sortIndex={index}
moveItem={onMoveItem}
className={styles.draggleItemContainer}
>
<SelectedConnectorItem
data={item}
onDelete={(target) => {

49
packages/core/src/lib/session.ts
View file

@ -1,6 +1,9 @@
import { conditional } from '@silverhand/essentials';
import { getUnixTime } from 'date-fns';
import type { Context } from 'koa';
import type { InteractionResults, Provider } from 'oidc-provider';
import RequestError from '@/errors/RequestError';
import { findUserById, updateUserById } from '@/queries/user';
export const assignInteractionResults = async (
@ -14,20 +17,56 @@ export const assignInteractionResults = async (
// have to do it manually
// refer to: https://github.com/panva/node-oidc-provider/blob/c243bf6b6663c41ff3e75c09b95fb978eba87381/lib/actions/authorization/interactions.js#L106
const details = merge ? await provider.interactionDetails(ctx.req, ctx.res) : undefined;
const ts = getUnixTime(new Date());
const mergedResult = {
// Merge with current result
...details?.result,
...result,
};
const redirectTo = await provider.interactionResult(
ctx.req,
ctx.res,
{
// Merge with current result
...details?.result,
...result,
...mergedResult,
...conditional(
mergedResult.login && {
login: {
...mergedResult.login,
// Update ts(timestamp) if the accountId has been set in result
ts: result.login?.accountId ? ts : mergedResult.login.ts,
},
}
),
},
{
mergeWithLastSubmission: merge,
}
);
ctx.body = { redirectTo };
ctx.body = { redirectTo, ts };
};
export const checkSessionHealth = async (
ctx: Context,
provider: Provider,
tolerance = 10 * 60 // 10 mins
) => {
const { result } = await provider.interactionDetails(ctx.req, ctx.res);
if (!result?.login?.accountId) {
throw new RequestError('auth.unauthorized');
}
if (!result.login.ts || result.login.ts < getUnixTime(new Date()) - tolerance) {
const { passwordEncrypted, primaryPhone, primaryEmail } = await findUserById(
result.login.accountId
);
// No authenticated method configured for this user. Pass!
if (!passwordEncrypted && !primaryPhone && !primaryEmail) {
return;
}
throw new RequestError('auth.require_re_authentication');
}
};
export const saveUserFirstConsentedAppId = async (userId: string, applicationId: string) => {

35
packages/core/src/lib/sign-in-experience/sign-in.test.ts
View file

@ -218,6 +218,7 @@ describe('validate sign-in', () => {
...mockSignInMethod,
identifier: SignInIdentifier.Email,
password: false,
verificationCode: true,
},
],
},
@ -261,4 +262,38 @@ describe('validate sign-in', () => {
})
);
});
it('throws when verification code and password are both disabled', () => {
expect(() => {
validateSignIn(
{
methods: [
{
...mockSignInMethod,
identifier: SignInIdentifier.Email,
verificationCode: false,
password: false,
},
{
...mockSignInMethod,
identifier: SignInIdentifier.Sms,
verificationCode: true,
password: false,
},
],
},
{
...mockSignUp,
identifier: SignUpIdentifier.Sms,
password: false,
verify: true,
},
enabledConnectors
);
}).toMatchError(
new RequestError({
code: 'sign_in_experiences.at_least_one_authentication_factor',
})
);
});
});

7
packages/core/src/lib/sign-in-experience/sign-in.ts
View file

@ -31,6 +31,13 @@ export const validateSignIn = (
);
}
assertThat(
signIn.methods.every(({ password, verificationCode }) => password || verificationCode),
new RequestError({
code: 'sign_in_experiences.at_least_one_authentication_factor',
})
);
switch (signUp.identifier) {
case SignUpIdentifier.Username: {
assertThat(

4
packages/core/src/queries/user.test.ts
View file

@ -67,7 +67,7 @@ describe('user query', () => {
const expectSql = sql`
select ${sql.join(Object.values(fields), sql`,`)}
from ${table}
where ${fields.primaryEmail}=$1
where lower(${fields.primaryEmail})=lower($1)
`;
mockQuery.mockImplementationOnce(async (sql, values) => {
@ -179,7 +179,7 @@ describe('user query', () => {
SELECT EXISTS(
select ${fields.primaryEmail}
from ${table}
where ${fields.primaryEmail}=$1
where lower(${fields.primaryEmail})=lower($1)
)
`;

4
packages/core/src/queries/user.ts
View file

@ -21,7 +21,7 @@ export const findUserByEmail = async (email: string) =>
envSet.pool.one<User>(sql`
select ${sql.join(Object.values(fields), sql`,`)}
from ${table}
where ${fields.primaryEmail}=${email}
where lower(${fields.primaryEmail})=lower(${email})
`);
export const findUserByPhone = async (phone: string) =>
@ -65,7 +65,7 @@ export const hasUserWithEmail = async (email: string) =>
envSet.pool.exists(sql`
select ${fields.primaryEmail}
from ${table}
where ${fields.primaryEmail}=${email}
where lower(${fields.primaryEmail})=lower(${email})
`);
export const hasUserWithPhone = async (phone: string) =>

126
packages/core/src/routes/admin-user.test.ts
View file

@ -1,5 +1,5 @@
import type { CreateUser, Role, User } from '@logto/schemas';
import { userInfoSelectFields } from '@logto/schemas';
import { SignUpIdentifier, userInfoSelectFields } from '@logto/schemas';
import pick from 'lodash.pick';
import { mockUser, mockUserList, mockUserListResponse, mockUserResponse } from '@/__mocks__';
@ -23,6 +23,21 @@ const filterUsersWithSearch = (users: User[], search: string) =>
)
);
const mockFindDefaultSignInExperience = jest.fn(async () => ({
signUp: {
identifier: SignUpIdentifier.None,
password: false,
verify: false,
},
}));
jest.mock('@/queries/sign-in-experience', () => ({
findDefaultSignInExperience: jest.fn(async () => mockFindDefaultSignInExperience()),
}));
const mockHasUser = jest.fn(async () => false);
const mockHasUserWithEmail = jest.fn(async () => false);
const mockHasUserWithPhone = jest.fn(async () => false);
jest.mock('@/queries/user', () => ({
countUsers: jest.fn(async (search) => ({
count: search ? filterUsersWithSearch(mockUserList, search).length : mockUserList.length,
@ -32,7 +47,9 @@ jest.mock('@/queries/user', () => ({
search ? filterUsersWithSearch(mockUserList, search) : mockUserList
),
findUserById: jest.fn(async (): Promise<User> => mockUser),
hasUser: jest.fn(async () => false),
hasUser: jest.fn(async () => mockHasUser()),
hasUserWithEmail: jest.fn(async () => mockHasUserWithEmail()),
hasUserWithPhone: jest.fn(async () => mockHasUserWithPhone()),
updateUserById: jest.fn(
async (_, data: Partial<CreateUser>): Promise<User> => ({
...mockUser,
@ -99,9 +116,12 @@ describe('adminUserRoutes', () => {
it('POST /users', async () => {
const username = 'MJAtLogto';
const password = 'PASSWORD';
const name = 'Micheal';
const name = 'Michael';
const primaryEmail = 'foo@logto.io';
const response = await userRequest.post('/users').send({ username, password, name });
const response = await userRequest
.post('/users')
.send({ primaryEmail, username, password, name });
expect(response.status).toEqual(200);
expect(response.body).toEqual({
...mockUserResponse,
@ -114,22 +134,7 @@ describe('adminUserRoutes', () => {
it('POST /users should throw with invalid input params', async () => {
const username = 'MJAtLogto';
const password = 'PASSWORD';
const name = 'Micheal';
// Missing input
await expect(userRequest.post('/users').send({})).resolves.toHaveProperty('status', 400);
await expect(userRequest.post('/users').send({ username, password })).resolves.toHaveProperty(
'status',
400
);
await expect(userRequest.post('/users').send({ username, name })).resolves.toHaveProperty(
'status',
400
);
await expect(userRequest.post('/users').send({ password, name })).resolves.toHaveProperty(
'status',
400
);
const name = 'Michael';
// Invalid input format
await expect(
@ -137,13 +142,13 @@ describe('adminUserRoutes', () => {
).resolves.toHaveProperty('status', 400);
});
it('POST /users should throw if username exist', async () => {
it('POST /users should throw if username exists', async () => {
const mockHasUser = hasUser as jest.Mock;
mockHasUser.mockImplementationOnce(async () => true);
const username = 'MJAtLogto';
const password = 'PASSWORD';
const name = 'Micheal';
const name = 'Michael';
await expect(
userRequest.post('/users').send({ username, password, name })
@ -151,20 +156,29 @@ describe('adminUserRoutes', () => {
});
it('PATCH /users/:userId', async () => {
const name = 'Micheal';
const avatar = 'http://www.micheal.png';
const name = 'Michael';
const avatar = 'http://www.michael.png';
const primaryEmail = 'bar@logto.io';
const primaryPhone = '222222';
const username = 'bar';
const response = await userRequest
.patch('/users/foo')
.send({ username, name, avatar, primaryEmail, primaryPhone });
const response = await userRequest.patch('/users/foo').send({ name, avatar });
expect(response.status).toEqual(200);
expect(response.body).toEqual({
...mockUserResponse,
primaryEmail,
primaryPhone,
username,
name,
avatar,
});
});
it('PATCH /users/:userId should allow updated with empty avatar', async () => {
const name = 'Micheal';
it('PATCH /users/:userId should allow empty avatar URL', async () => {
const name = 'Michael';
const avatar = '';
const response = await userRequest.patch('/users/foo').send({ name, avatar });
@ -176,8 +190,8 @@ describe('adminUserRoutes', () => {
});
});
it('PATCH /users/:userId should updated with one field if the other is undefined', async () => {
const name = 'Micheal';
it('PATCH /users/:userId should allow partial update', async () => {
const name = 'Michael';
const updateNameResponse = await userRequest.patch('/users/foo').send({ name });
expect(updateNameResponse.status).toEqual(200);
@ -186,7 +200,7 @@ describe('adminUserRoutes', () => {
name,
});
const avatar = 'https://www.miceal.png';
const avatar = 'https://www.michael.png';
const updateAvatarResponse = await userRequest.patch('/users/foo').send({ avatar });
expect(updateAvatarResponse.status).toEqual(200);
expect(updateAvatarResponse.body).toEqual({
@ -195,9 +209,9 @@ describe('adminUserRoutes', () => {
});
});
it('PATCH /users/:userId throw with invalid input params', async () => {
const name = 'Micheal';
const avatar = 'http://www.micheal.png';
it('PATCH /users/:userId should throw when avatar URL is invalid', async () => {
const name = 'Michael';
const avatar = 'http://www.michael.png';
await expect(userRequest.patch('/users/foo').send({ avatar })).resolves.toHaveProperty(
'status',
@ -209,9 +223,9 @@ describe('adminUserRoutes', () => {
).resolves.toHaveProperty('status', 400);
});
it('PATCH /users/:userId throw if user not found', async () => {
const name = 'Micheal';
const avatar = 'http://www.micheal.png';
it('PATCH /users/:userId should throw if user cannot be found', async () => {
const name = 'Michael';
const avatar = 'http://www.michael.png';
const mockFindUserById = findUserById as jest.Mock;
mockFindUserById.mockImplementationOnce(() => {
@ -225,6 +239,30 @@ describe('adminUserRoutes', () => {
expect(updateUserById).not.toBeCalled();
});
it('PATCH /users/:userId should throw if new username is already in use', async () => {
mockHasUser.mockImplementationOnce(async () => true);
await expect(
userRequest.patch('/users/foo').send({ username: 'test' })
).resolves.toHaveProperty('status', 422);
});
it('PATCH /users/:userId should throw if new email has already linked to other accounts', async () => {
mockHasUserWithEmail.mockImplementationOnce(async () => true);
await expect(
userRequest.patch('/users/foo').send({ primaryEmail: 'test@email.com' })
).resolves.toHaveProperty('status', 422);
});
it('PATCH /users/:userId should throw if new phone number has already linked to other accounts', async () => {
mockHasUserWithPhone.mockImplementationOnce(async () => true);
await expect(
userRequest.patch('/users/foo').send({ primaryPhone: '18688886666' })
).resolves.toHaveProperty('status', 422);
});
it('PATCH /users/:userId should throw if role names are invalid', async () => {
const mockedFindRolesByRoleNames = findRolesByRoleNames as jest.Mock;
mockedFindRolesByRoleNames.mockImplementationOnce(
@ -263,7 +301,7 @@ describe('adminUserRoutes', () => {
});
});
it('PATCH /users/:userId/password throw if user not found', async () => {
it('PATCH /users/:userId/password should throw if user cannot be found', async () => {
const notExistedUserId = 'notExistedUserId';
const dummyPassword = '123456';
const mockedFindUserById = findUserById as jest.Mock;
@ -293,8 +331,8 @@ describe('adminUserRoutes', () => {
expect(deleteUserIdentity).not.toHaveBeenCalled();
});
it('DELETE /users/:userId should throw if user not found', async () => {
const notExistedUserId = 'notExisitedUserId';
it('DELETE /users/:userId should throw if user cannot be found', async () => {
const notExistedUserId = 'notExistedUserId';
const mockedFindUserById = findUserById as jest.Mock;
mockedFindUserById.mockImplementationOnce((userId) => {
if (userId === notExistedUserId) {
@ -308,8 +346,8 @@ describe('adminUserRoutes', () => {
expect(deleteUserById).not.toHaveBeenCalled();
});
it('DELETE /users/:userId/identities/:target should throw if user not found', async () => {
const notExistedUserId = 'notExisitedUserId';
it('DELETE /users/:userId/identities/:target should throw if user cannot be found', async () => {
const notExistedUserId = 'notExistedUserId';
const arbitraryTarget = 'arbitraryTarget';
const mockedFindUserById = findUserById as jest.Mock;
mockedFindUserById.mockImplementationOnce((userId) => {
@ -323,9 +361,9 @@ describe('adminUserRoutes', () => {
expect(deleteUserIdentity).not.toHaveBeenCalled();
});
it('DELETE /users/:userId/identities/:target should throw if user found and connector is not found', async () => {
it('DELETE /users/:userId/identities/:target should throw if user is found but connector cannot be found', async () => {
const arbitraryUserId = 'arbitraryUserId';
const nonexistentTarget = 'nonexistentTarget';
const nonExistedTarget = 'nonExistedTarget';
const mockedFindUserById = findUserById as jest.Mock;
mockedFindUserById.mockImplementationOnce((userId) => {
if (userId === arbitraryUserId) {
@ -333,7 +371,7 @@ describe('adminUserRoutes', () => {
}
});
await expect(
userRequest.delete(`/users/${arbitraryUserId}/identities/${nonexistentTarget}`)
userRequest.delete(`/users/${arbitraryUserId}/identities/${nonExistedTarget}`)
).resolves.toHaveProperty('status', 404);
expect(deleteUserIdentity).not.toHaveBeenCalled();
});

34
packages/core/src/routes/admin-user.ts
View file

@ -1,4 +1,4 @@
import { passwordRegEx, usernameRegEx } from '@logto/core-kit';
import { emailRegEx, passwordRegEx, phoneRegEx, usernameRegEx } from '@logto/core-kit';
import { arbitraryObjectGuard, userInfoSelectFields } from '@logto/schemas';
import { has } from '@silverhand/essentials';
import pick from 'lodash.pick';
@ -18,9 +18,11 @@ import {
findUserById,
hasUser,
updateUserById,
hasUserWithEmail,
} from '@/queries/user';
import assertThat from '@/utils/assert-that';
import { checkExistingSignUpIdentifiers } from './session/utils';
import type { AuthedRouter } from './types';
export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
@ -120,20 +122,29 @@ export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
'/users',
koaGuard({
body: object({
username: string().regex(usernameRegEx),
primaryEmail: string().regex(emailRegEx).optional(),
username: string().regex(usernameRegEx).optional(),
password: string().regex(passwordRegEx),
name: string(),
name: string().optional(),
}),
}),
async (ctx, next) => {
const { username, password, name } = ctx.guard.body;
const { primaryEmail, username, password, name } = ctx.guard.body;
assertThat(
!(await hasUser(username)),
!username || !(await hasUser(username)),
new RequestError({
code: 'user.username_exists_register',
status: 422,
})
);
assertThat(
!primaryEmail || !(await hasUserWithEmail(primaryEmail)),
new RequestError({
code: 'user.email_exists_register',
status: 422,
})
);
const id = await generateUserId();
@ -141,6 +152,7 @@ export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
const user = await insertUser({
id,
primaryEmail,
username,
passwordEncrypted,
passwordEncryptionMethod,
@ -158,6 +170,9 @@ export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
koaGuard({
params: object({ userId: string() }),
body: object({
username: string().regex(usernameRegEx).optional(),
primaryEmail: string().regex(emailRegEx).optional(),
primaryPhone: string().regex(phoneRegEx).optional(),
name: string().nullable().optional(),
avatar: string().url().or(literal('')).nullable().optional(),
customData: arbitraryObjectGuard.optional(),
@ -171,6 +186,7 @@ export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
} = ctx.guard;
await findUserById(userId);
await checkExistingSignUpIdentifiers(body);
// Temp solution to validate the existence of input roleNames
if (body.roleNames?.length) {
@ -191,13 +207,7 @@ export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
}
}
const user = await updateUserById(
userId,
{
...body,
},
'replace'
);
const user = await updateUserById(userId, body, 'replace');
ctx.body = pick(user, ...userInfoSelectFields);

12
packages/core/src/routes/session/continue.test.ts
View file

@ -89,7 +89,8 @@ describe('session -> continueRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: mockUser.id } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});
@ -121,7 +122,8 @@ describe('session -> continueRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: mockUser.id } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});
@ -156,7 +158,8 @@ describe('session -> continueRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: mockUser.id } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});
@ -188,7 +191,8 @@ describe('session -> continueRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: mockUser.id } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});

26
packages/core/src/routes/session/password.test.ts
View file

@ -8,29 +8,29 @@ import { createRequester } from '@/utils/test-utils';
import passwordRoutes, { registerRoute, signInRoute } from './password';
const insertUser = jest.fn(async (..._args: unknown[]) => ({ id: 'id' }));
const insertUser = jest.fn(async (..._args: unknown[]) => mockUser);
const hasUser = jest.fn(async (username: string) => username === 'username1');
const findUserById = jest.fn(async (): Promise<User> => mockUser);
const updateUserById = jest.fn(async (..._args: unknown[]) => ({ id: 'id' }));
const updateUserById = jest.fn(async (..._args: unknown[]) => mockUser);
const hasActiveUsers = jest.fn(async () => true);
const findDefaultSignInExperience = jest.fn(async () => mockSignInExperience);
jest.mock('@/queries/user', () => ({
findUserById: async () => findUserById(),
findUserByIdentity: async () => ({ id: 'id', identities: {} }),
findUserByPhone: async () => ({ id: 'id' }),
findUserByEmail: async () => ({ id: 'id' }),
findUserByIdentity: async () => ({ id: mockUser.id, identities: {} }),
findUserByPhone: async () => mockUser,
findUserByEmail: async () => mockUser,
updateUserById: async (...args: unknown[]) => updateUserById(...args),
hasUser: async (username: string) => hasUser(username),
hasUserWithIdentity: async (connectorId: string, userId: string) =>
connectorId === 'connectorId' && userId === 'id',
connectorId === 'connectorId' && userId === mockUser.id,
hasUserWithPhone: async (phone: string) => phone === '13000000000',
hasUserWithEmail: async (email: string) => email === 'a@a.com',
hasActiveUsers: async () => hasActiveUsers(),
async findUserByUsername(username: string) {
const roleNames = username === 'admin' ? [UserRole.Admin] : [];
return { id: 'id', username, roleNames };
return { ...mockUser, username, roleNames };
},
}));
@ -111,7 +111,8 @@ describe('session -> password routes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: 'id' } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});
@ -127,7 +128,8 @@ describe('session -> password routes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: 'id' } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});
@ -143,7 +145,8 @@ describe('session -> password routes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: 'id' } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});
@ -172,7 +175,8 @@ describe('session -> password routes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: 'user1' } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: 'user1', ts: expect.any(Number) } }),
expect.anything()
);
jest.useRealTimers();

5
packages/core/src/routes/session/password.ts
View file

@ -19,7 +19,7 @@ import {
import assertThat from '@/utils/assert-that';
import type { AnonymousRouter } from '../types';
import { getRoutePrefix, signInWithPassword } from './utils';
import { checkRequiredProfile, getRoutePrefix, signInWithPassword } from './utils';
export const registerRoute = getRoutePrefix('register', 'password');
export const signInRoute = getRoutePrefix('sign-in', 'password');
@ -171,7 +171,7 @@ export default function passwordRoutes<T extends AnonymousRouter>(router: T, pro
const { passwordEncrypted, passwordEncryptionMethod } = await encryptUserPassword(password);
await insertUser({
const user = await insertUser({
id,
username,
passwordEncrypted,
@ -179,6 +179,7 @@ export default function passwordRoutes<T extends AnonymousRouter>(router: T, pro
roleNames,
lastSignInAt: Date.now(),
});
await checkRequiredProfile(ctx, provider, user, signInExperience);
await assignInteractionResults(ctx, provider, { login: { accountId: id } });
return next();

24
packages/core/src/routes/session/passwordless.test.ts
View file

@ -393,7 +393,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: mockUser.id },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: mockUser.id, ts: expect.any(Number) },
}),
expect.anything()
);
@ -415,7 +416,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: mockUser.id },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: mockUser.id, ts: expect.any(Number) },
}),
expect.anything()
);
@ -574,7 +576,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: mockUser.id },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: mockUser.id, ts: expect.any(Number) },
}),
expect.anything()
);
@ -598,7 +601,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: mockUser.id },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: mockUser.id, ts: expect.any(Number) },
}),
expect.anything()
);
@ -725,7 +729,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: 'user1' },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: 'user1', ts: expect.any(Number) },
}),
expect.anything()
);
@ -747,7 +752,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: 'user1' },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: 'user1', ts: expect.any(Number) },
}),
expect.anything()
);
@ -853,7 +859,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: 'user1' },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: 'user1', ts: expect.any(Number) },
}),
expect.anything()
);
@ -875,7 +882,8 @@ describe('session -> passwordlessRoutes', () => {
expect.anything(),
expect.anything(),
expect.objectContaining({
login: { accountId: 'user1' },
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
login: { accountId: 'user1', ts: expect.any(Number) },
}),
expect.anything()
);

3
packages/core/src/routes/session/social.bind-social.test.ts
View file

@ -156,7 +156,8 @@ describe('session -> socialRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: 'user1' } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: 'user1', ts: expect.anything() } }),
expect.anything()
);
});

14
packages/core/src/routes/session/social.test.ts
View file

@ -236,7 +236,8 @@ describe('session -> socialRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: mockUser.id } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});
@ -360,7 +361,8 @@ describe('session -> socialRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: 'user1' } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: 'user1', ts: expect.any(Number) } }),
expect.anything()
);
});
@ -394,7 +396,8 @@ describe('session -> socialRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: 'user1' } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: 'user1', ts: expect.any(Number) } }),
expect.anything()
);
});
@ -408,7 +411,10 @@ describe('session -> socialRoutes', () => {
});
it('throw error if result parsing fails', async () => {
interactionDetails.mockResolvedValueOnce({ result: { login: { accountId: mockUser.id } } });
interactionDetails.mockResolvedValueOnce({
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
result: { login: { accountId: mockUser.id, ts: expect.any(Number) } },
});
const response = await sessionRequest
.post(`${registerRoute}`)
.send({ connectorId: 'connectorId' });

3
packages/core/src/routes/session/utils.test.ts
View file

@ -121,7 +121,8 @@ describe('signInWithPassword()', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
expect.objectContaining({ login: { accountId: mockUser.id } }),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: { accountId: mockUser.id, ts: expect.any(Number) } }),
expect.anything()
);
});

52
packages/core/src/routes/session/utils.ts
View file

@ -19,7 +19,7 @@ import { assignInteractionResults } from '@/lib/session';
import { verifyUserPassword } from '@/lib/user';
import type { LogContext } from '@/middleware/koa-log';
import { findDefaultSignInExperience } from '@/queries/sign-in-experience';
import { updateUserById } from '@/queries/user';
import { hasUser, hasUserWithEmail, hasUserWithPhone, updateUserById } from '@/queries/user';
import assertThat from '@/utils/assert-that';
import { continueSignInTimeout, verificationTimeout } from './consts';
@ -189,8 +189,54 @@ export const checkRequiredProfile = async (
throw new RequestError({ code: 'user.require_email_or_sms', status: 422 });
}
};
export const checkRequiredSignUpIdentifiers = async (identifiers: {
username?: string;
primaryEmail?: string;
primaryPhone?: string;
}) => {
const { username, primaryEmail, primaryPhone } = identifiers;
const { signUp } = await findDefaultSignInExperience();
if (signUp.identifier === SignUpIdentifier.Username && !username) {
throw new RequestError({ code: 'user.require_username', status: 422 });
}
if (signUp.identifier === SignUpIdentifier.Email && !primaryEmail) {
throw new RequestError({ code: 'user.require_email', status: 422 });
}
if (signUp.identifier === SignUpIdentifier.Sms && !primaryPhone) {
throw new RequestError({ code: 'user.require_sms', status: 422 });
}
if (signUp.identifier === SignUpIdentifier.EmailOrSms && !primaryEmail && !primaryPhone) {
throw new RequestError({ code: 'user.require_email_or_sms', status: 422 });
}
};
/* eslint-enable complexity */
export const checkExistingSignUpIdentifiers = async (identifiers: {
username?: string;
primaryEmail?: string;
primaryPhone?: string;
}) => {
const { username, primaryEmail, primaryPhone } = identifiers;
if (username && (await hasUser(username))) {
throw new RequestError({ code: 'user.username_exists', status: 422 });
}
if (primaryEmail && (await hasUserWithEmail(primaryEmail))) {
throw new RequestError({ code: 'user.email_exists', status: 422 });
}
if (primaryPhone && (await hasUserWithPhone(primaryPhone))) {
throw new RequestError({ code: 'user.sms_exists', status: 422 });
}
};
type SignInWithPasswordParameter = {
identifier: SignInIdentifier;
password: string;
@ -219,10 +265,12 @@ export const signInWithPassword = async (
ctx.log(logType, logPayload);
const user = await findUser();
const { id, isSuspended } = await verifyUserPassword(user, password);
const verifiedUser = await verifyUserPassword(user, password);
const { id, isSuspended } = verifiedUser;
assertThat(!isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
ctx.log(logType, { userId: id });
await updateUserById(id, { lastSignInAt: Date.now() });
await checkRequiredProfile(ctx, provider, verifiedUser, signInExperience);
await assignInteractionResults(ctx, provider, { login: { accountId: id } }, true);
};

1
packages/integration-tests/src/api/admin-user.ts
View file

@ -3,6 +3,7 @@ import type { User } from '@logto/schemas';
import { authedAdminApi } from './api';
type CreateUserPayload = {
primaryEmail?: string;
username: string;
password: string;
name: string;

22
packages/integration-tests/src/api/session.ts
View file

@ -24,17 +24,27 @@ export const registerUserWithUsernameAndPassword = async (
})
.json<RedirectResponse>();
export const signInWithUsernameAndPassword = async (
username: string,
password: string,
interactionCookie: string
) =>
export type SignInWithPassword = {
username?: string;
email?: string;
password: string;
interactionCookie: string;
};
export const signInWithPassword = async ({
email,
username,
password,
interactionCookie,
}: SignInWithPassword) =>
api
.post('session/sign-in/password/username', {
// This route in core needs to be refactored
.post('session/sign-in/password/' + (username ? 'username' : 'email'), {
headers: {
cookie: interactionCookie,
},
json: {
email,
username,
password,
},

35
packages/integration-tests/src/helpers.ts
View file

@ -8,7 +8,7 @@ import { HTTPError } from 'got';
import {
createUser,
registerUserWithUsernameAndPassword,
signInWithUsernameAndPassword,
signInWithPassword,
updateConnectorConfig,
enableConnector,
bindWithSocial,
@ -21,14 +21,12 @@ import { generateUsername, generatePassword } from '@/utils';
import { mockSocialConnectorId } from './__mocks__/connectors-mock';
export const createUserByAdmin = (_username?: string, _password?: string) => {
const username = _username ?? generateUsername();
const password = _password ?? generatePassword();
export const createUserByAdmin = (username?: string, password?: string, primaryEmail?: string) => {
return createUser({
username,
password,
name: username,
username: username ?? generateUsername(),
password: password ?? generatePassword(),
name: username ?? 'John',
primaryEmail,
}).json<User>();
};
@ -49,17 +47,24 @@ export const registerNewUser = async (username: string, password: string) => {
assert(client.isAuthenticated, new Error('Sign in failed'));
};
export const signIn = async (username: string, password: string) => {
export type SignInHelper = {
username?: string;
email?: string;
password: string;
};
export const signIn = async ({ username, email, password }: SignInHelper) => {
const client = new MockClient();
await client.initSession();
assert(client.interactionCookie, new Error('Session not found'));
const { redirectTo } = await signInWithUsernameAndPassword(
const { redirectTo } = await signInWithPassword({
username,
email,
password,
client.interactionCookie
);
interactionCookie: client.interactionCookie,
});
await client.processSession(redirectTo);
@ -135,11 +140,11 @@ export const bindSocialToNewCreatedUser = async () => {
new Error('Auth with social failed')
);
const { redirectTo } = await signInWithUsernameAndPassword(
const { redirectTo } = await signInWithPassword({
username,
password,
client.interactionCookie
);
interactionCookie: client.interactionCookie,
});
await bindWithSocial(mockSocialConnectorId, client.interactionCookie);

2
packages/integration-tests/src/utils.ts
View file

@ -11,7 +11,7 @@ export const generatePassword = () => `pwd_${crypto.randomUUID()}`;
export const generateResourceName = () => `res_${crypto.randomUUID()}`;
export const generateResourceIndicator = () => `https://${crypto.randomUUID()}.logto.io`;
export const generateEmail = () => `${crypto.randomUUID()}@logto.io`;
export const generateEmail = () => `${crypto.randomUUID().toLowerCase()}@logto.io`;
export const generatePhone = () => {
const array = new Uint32Array(1);

2
packages/integration-tests/tests/api/dashboard.test.ts
View file

@ -44,7 +44,7 @@ describe('admin console dashboard', () => {
const username = generateUsername();
await createUserByAdmin(username, password);
await signIn(username, password);
await signIn({ username, password });
const newActiveUserStatistics = await getActiveUsersData();

14
packages/integration-tests/tests/api/get-access-token.test.ts
View file

@ -5,7 +5,7 @@ import { managementResource } from '@logto/schemas/lib/seeds';
import { assert } from '@silverhand/essentials';
import fetch from 'node-fetch';
import { signInWithUsernameAndPassword } from '@/api';
import { signInWithPassword } from '@/api';
import MockClient, { defaultConfig } from '@/client';
import { logtoUrl } from '@/constants';
import { createUserByAdmin } from '@/helpers';
@ -24,11 +24,11 @@ describe('get access token', () => {
await client.initSession();
assert(client.interactionCookie, new Error('Session not found'));
const { redirectTo } = await signInWithUsernameAndPassword(
const { redirectTo } = await signInWithPassword({
username,
password,
client.interactionCookie
);
interactionCookie: client.interactionCookie,
});
await client.processSession(redirectTo);
@ -47,11 +47,11 @@ describe('get access token', () => {
await client.initSession();
assert(client.interactionCookie, new Error('Session not found'));
const { redirectTo } = await signInWithUsernameAndPassword(
const { redirectTo } = await signInWithPassword({
username,
password,
client.interactionCookie
);
interactionCookie: client.interactionCookie,
});
await client.processSession(redirectTo);
assert(client.isAuthenticated, new Error('Sign in get get access token failed'));

68
packages/integration-tests/tests/api/session.test.ts
View file

@ -18,7 +18,8 @@ import {
sendSignInUserWithSmsPasscode,
verifySignInUserWithSmsPasscode,
disableConnector,
signInWithUsernameAndPassword,
signInWithPassword,
createUser,
} from '@/api';
import MockClient from '@/client';
import {
@ -36,12 +37,57 @@ describe('username and password flow', () => {
const username = generateUsername();
const password = generatePassword();
it('register with username & password', async () => {
await expect(registerNewUser(username, password)).resolves.not.toThrow();
beforeAll(async () => {
await setSignUpIdentifier(SignUpIdentifier.Username, true);
await setSignInMethod([
{
identifier: SignInIdentifier.Username,
password: true,
verificationCode: false,
isPasswordPrimary: false,
},
]);
});
it('sign-in with username & password', async () => {
await expect(signIn(username, password)).resolves.not.toThrow();
it('register and sign in with username & password', async () => {
await expect(registerNewUser(username, password)).resolves.not.toThrow();
await expect(signIn({ username, password })).resolves.not.toThrow();
});
});
describe('email and password flow', () => {
const email = generateEmail();
const [localPart, domain] = email.split('@');
const password = generatePassword();
assert(localPart && domain, new Error('Email address local part or domain is empty'));
beforeAll(async () => {
await setUpConnector(mockEmailConnectorId, mockEmailConnectorConfig);
await setSignUpIdentifier(SignUpIdentifier.Email, true);
await setSignInMethod([
{
identifier: SignInIdentifier.Email,
password: true,
verificationCode: false,
isPasswordPrimary: false,
},
]);
});
it('can sign in with email & password', async () => {
await createUser({ password, primaryEmail: email, username: generateUsername(), name: 'John' });
await expect(
Promise.all([
signIn({ email, password }),
signIn({ email: localPart.toUpperCase() + '@' + domain, password }),
signIn({
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
email: localPart[0]! + localPart.toUpperCase().slice(1) + '@' + domain,
password,
}),
])
).resolves.not.toThrow();
});
});
@ -236,11 +282,11 @@ describe('sign-in and sign-out', () => {
assert(client.interactionCookie, new Error('Session not found'));
const { redirectTo } = await signInWithUsernameAndPassword(
const { redirectTo } = await signInWithPassword({
username,
password,
client.interactionCookie
);
interactionCookie: client.interactionCookie,
});
await client.processSession(redirectTo);
@ -266,11 +312,11 @@ describe('sign-in to demo app and revisit Admin Console', () => {
assert(client.interactionCookie, new Error('Session not found'));
const { redirectTo } = await signInWithUsernameAndPassword(
const { redirectTo } = await signInWithPassword({
username,
password,
client.interactionCookie
);
interactionCookie: client.interactionCookie,
});
await client.processSession(redirectTo);

8
packages/integration-tests/tests/api/social-session.test.ts
View file

@ -12,7 +12,7 @@ import {
getAuthWithSocial,
registerWithSocial,
bindWithSocial,
signInWithUsernameAndPassword,
signInWithPassword,
getUser,
} from '@/api';
import MockClient from '@/client';
@ -126,11 +126,11 @@ describe('social bind account', () => {
// User with social does not exist
expect(response instanceof HTTPError && response.response.statusCode === 422).toBe(true);
const { redirectTo } = await signInWithUsernameAndPassword(
const { redirectTo } = await signInWithPassword({
username,
password,
client.interactionCookie
);
interactionCookie: client.interactionCookie,
});
await expect(
bindWithSocial(mockSocialConnectorId, client.interactionCookie)

18
packages/phrases/src/locales/de/errors.ts
View file

@ -7,6 +7,7 @@ const errors = {
expected_role_not_found:
'Erwartete Rolle nicht gefunden. Bitte überprüfe deine Rollen und Berechtigungen.',
jwt_sub_missing: '`sub` fehlt in JWT.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: 'Die Anfrage {{type}} ist ungültig.',
@ -45,15 +46,15 @@ const errors = {
sign_up_method_not_enabled: 'This sign up method is not enabled.', // UNTRANSLATED
sign_in_method_not_enabled: 'This sign in method is not enabled.', // UNTRANSLATED
same_password: 'Das neue Passwort muss sich vom alten unterscheiden.',
require_password: 'You need to set a password before sign in.', // UNTRANSLATED
require_password: 'You need to set a password before signing-in.', // UNTRANSLATED
password_exists: 'Your password has been set.', // UNTRANSLATED
require_username: 'You need to set a username before sign in.', // UNTRANSLATED
username_exists: 'Your username has been set.', // UNTRANSLATED
require_email: 'You need to set an email before sign in.', // UNTRANSLATED
email_exists: 'Your email has been set.', // UNTRANSLATED
require_sms: 'You need to set a phone before sign in.', // UNTRANSLATED
sms_exists: 'Your phone has been set.', // UNTRANSLATED
require_email_or_sms: 'You need to set a phone or email before sign in.', // UNTRANSLATED
require_username: 'You need to set a username before signing-in.', // UNTRANSLATED
username_exists: 'This username is already in use.', // UNTRANSLATED
require_email: 'You need to add an email address before signing-in.', // UNTRANSLATED
email_exists: 'This email is associated with an existing account.', // UNTRANSLATED
require_sms: 'You need to add a phone number before signing-in.', // UNTRANSLATED
sms_exists: 'This phone number is associated with an existing account.', // UNTRANSLATED
require_email_or_sms: 'You need to add an email address or phone number before signing-in.', // UNTRANSLATED
suspended: 'This account is suspended.', // UNTRANSLATED
},
password: {
@ -128,6 +129,7 @@ const errors = {
code_sign_in_must_be_enabled:
'Verification code sign in must be enabled when set a password is not required in sign up.', // UNTRANSLATED
unsupported_default_language: 'Die Sprache - {{language}} wird momentan nicht unterstützt.',
at_least_one_authentication_factor: 'You have to select at least one authentication factor.', // UNTRANSLATED
},
localization: {
cannot_delete_default_language:

5
packages/phrases/src/locales/de/translation/admin-console/connectors.ts
View file

@ -11,6 +11,11 @@ const connectors = {
connector_status: 'Anmeldeoberfläche',
connector_status_in_use: 'In Benutzung',
connector_status_not_in_use: 'Nicht in Benutzung',
not_in_use_tip: {
content:
'Not in use means your sign in experience hasnt used this sign in method. <a>{{link}}</a> to add this sign in method. ', // UNTRANSLATED
go_to_sie: 'Go to sign in experience', // UNTRANSLATED
},
social_connector_eg: 'z.B. Google, Facebook, Github',
save_and_done: 'Speichern und fertigstellen',
type: {

11
packages/phrases/src/locales/de/translation/admin-console/sign-in-exp.ts
View file

@ -55,6 +55,17 @@ const sign_in_exp = {
go_to: 'social connectors or go to “Connectors” section.', // UNTRANSLATED
},
},
tip: {
set_a_password: 'A unique set of a password to your username is a must.', // UNTRANSLATED
verify_at_sign_up:
'Right now we only support email verified at sign up but soon to open this capability', // UNTRANSLATED
password_auth:
'This is essential as you have enabled the option to set a password during the sign-up process.', // UNTRANSLATED
verification_code_auth:
'This is essential as you have only enabled the option to provide verification code when signing up. Youre free to uncheck the box when password set-up is allowed at the sign-up process.', // UNTRANSLATED
delete_sign_in_method:
'This is essential as you have selected {{identifier}} as a required identifier.', // UNTRANSLATED
},
},
color: {
title: 'FARBE',

20
packages/phrases/src/locales/en/errors.ts
View file

@ -7,6 +7,7 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: 'Missing `sub` in JWT.',
require_re_authentication: 'Re-authentication is required to perform a protected action.',
},
guard: {
invalid_input: 'The request {{type}} is invalid.',
@ -44,16 +45,16 @@ const errors = {
cannot_delete_self: 'You cannot delete yourself.',
sign_up_method_not_enabled: 'This sign up method is not enabled.',
sign_in_method_not_enabled: 'This sign in method is not enabled.',
same_password: 'Your new password cant be the same as your current password.',
require_password: 'You need to set a password before sign in.',
same_password: 'New password cannot be the same as your old password.',
require_password: 'You need to set a password before signing-in.',
password_exists: 'Your password has been set.',
require_username: 'You need to set a username before sign in.',
username_exists: 'Your username has been set.',
require_email: 'You need to set an email before sign in.',
email_exists: 'Your email has been set.',
require_sms: 'You need to set a phone before sign in.',
sms_exists: 'Your phone has been set.',
require_email_or_sms: 'You need to set a phone or email before sign in.',
require_username: 'You need to set a username before signing-in.',
username_exists: 'This username is already in use.',
require_email: 'You need to add an email address before signing-in.',
email_exists: 'This email is associated with an existing account.',
require_sms: 'You need to add a phone number before signing-in.',
sms_exists: 'This phone number is associated with an existing account.',
require_email_or_sms: 'You need to add an email address or phone number before signing-in.',
suspended: 'This account is suspended.',
},
password: {
@ -126,6 +127,7 @@ const errors = {
code_sign_in_must_be_enabled:
'Verification code sign in must be enabled when set a password is not required in sign up.',
unsupported_default_language: 'This language - {{language}} is not supported at the moment.',
at_least_one_authentication_factor: 'You have to select at least one authentication factor.',
},
localization: {
cannot_delete_default_language:

5
packages/phrases/src/locales/en/translation/admin-console/connectors.ts
View file

@ -11,6 +11,11 @@ const connectors = {
connector_status: 'Sign in Experience',
connector_status_in_use: 'In use',
connector_status_not_in_use: 'Not in use',
not_in_use_tip: {
content:
'Not in use means your sign in experience hasnt used this sign in method. <a>{{link}}</a> to add this sign in method. ',
go_to_sie: 'Go to sign in experience',
},
social_connector_eg: 'E.g., Google, Facebook, Github',
save_and_done: 'Save and Done',
type: {

11
packages/phrases/src/locales/en/translation/admin-console/sign-in-exp.ts
View file

@ -77,6 +77,17 @@ const sign_in_exp = {
go_to: 'social connectors or go to “Connectors” section.',
},
},
tip: {
set_a_password: 'A unique set of a password to your username is a must.',
verify_at_sign_up:
'Right now we only support email verified at sign up but soon to open this capability',
password_auth:
'This is essential as you have enabled the option to set a password during the sign-up process.',
verification_code_auth:
'This is essential as you have only enabled the option to provide verification code when signing up. Youre free to uncheck the box when password set-up is allowed at the sign-up process.',
delete_sign_in_method:
'This is essential as you have selected {{identifier}} as a required identifier.',
},
},
sign_in_methods: {
title: 'SIGN-IN METHODS',

20
packages/phrases/src/locales/fr/errors.ts
View file

@ -8,6 +8,7 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: '`sub` manquant dans JWT.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: "La requête {{type}} n'est pas valide.",
@ -45,16 +46,16 @@ const errors = {
cannot_delete_self: 'You cannot delete yourself.', // UNTRANSLATED
sign_up_method_not_enabled: 'This sign up method is not enabled.', // UNTRANSLATED
sign_in_method_not_enabled: 'This sign in method is not enabled.', // UNTRANSLATED
same_password: 'Your new password cant be the same as your current password.', // UNTRANSLATED
require_password: 'You need to set a password before sign in.', // UNTRANSLATED
same_password: 'New password cannot be the same as your old password.', // UNTRANSLATED
require_password: 'You need to set a password before signing-in.', // UNTRANSLATED
password_exists: 'Your password has been set.', // UNTRANSLATED
require_username: 'You need to set a username before sign in.', // UNTRANSLATED
username_exists: 'Your username has been set.', // UNTRANSLATED
require_email: 'You need to set an email before sign in.', // UNTRANSLATED
email_exists: 'Your email has been set.', // UNTRANSLATED
require_sms: 'You need to set a phone before sign in.', // UNTRANSLATED
sms_exists: 'Your phone has been set.', // UNTRANSLATED
require_email_or_sms: 'You need to set a phone or email before sign in.', // UNTRANSLATED
require_username: 'You need to set a username before signing-in.', // UNTRANSLATED
username_exists: 'This username is already in use.', // UNTRANSLATED
require_email: 'You need to add an email address before signing-in.', // UNTRANSLATED
email_exists: 'This email is associated with an existing account.', // UNTRANSLATED
require_sms: 'You need to add a phone number before signing-in.', // UNTRANSLATED
sms_exists: 'This phone number is associated with an existing account.', // UNTRANSLATED
require_email_or_sms: 'You need to add an email address or phone number before signing-in.', // UNTRANSLATED
suspended: 'This account is suspended.', // UNTRANSLATED
},
password: {
@ -134,6 +135,7 @@ const errors = {
code_sign_in_must_be_enabled:
'Verification code sign in must be enabled when set a password is not required in sign up.', // UNTRANSLATED
unsupported_default_language: 'This language - {{language}} is not supported at the moment.', // UNTRANSLATED
at_least_one_authentication_factor: 'You have to select at least one authentication factor.', // UNTRANSLATED
},
localization: {
cannot_delete_default_language:

5
packages/phrases/src/locales/fr/translation/admin-console/connectors.ts
View file

@ -12,6 +12,11 @@ const connectors = {
connector_status: 'Experience de connexion',
connector_status_in_use: "En cours d'utilisation",
connector_status_not_in_use: 'Non utilisé',
not_in_use_tip: {
content:
'Not in use means your sign in experience hasnt used this sign in method. <a>{{link}}</a> to add this sign in method. ', // UNTRANSLATED
go_to_sie: 'Go to sign in experience', // UNTRANSLATED
},
social_connector_eg: 'Exemple : Google, Facebook, Github',
save_and_done: 'Sauvegarder et Finis',
type: {

11
packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp.ts
View file

@ -79,6 +79,17 @@ const sign_in_exp = {
go_to: 'social connectors or go to “Connectors” section.', // UNTRANSLATED
},
},
tip: {
set_a_password: 'A unique set of a password to your username is a must.', // UNTRANSLATED
verify_at_sign_up:
'Right now we only support email verified at sign up but soon to open this capability', // UNTRANSLATED
password_auth:
'This is essential as you have enabled the option to set a password during the sign-up process.', // UNTRANSLATED
verification_code_auth:
'This is essential as you have only enabled the option to provide verification code when signing up. Youre free to uncheck the box when password set-up is allowed at the sign-up process.', // UNTRANSLATED
delete_sign_in_method:
'This is essential as you have selected {{identifier}} as a required identifier.', // UNTRANSLATED
},
},
sign_in_methods: {
title: 'METHODES DE CONNEXION',

20
packages/phrases/src/locales/ko/errors.ts
View file

@ -7,6 +7,7 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: 'JWT에서 `sub`를 찾을 수 없어요.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: '{{type}} 요청 타입은 유효하지 않아요.',
@ -43,16 +44,16 @@ const errors = {
cannot_delete_self: 'You cannot delete yourself.', // UNTRANSLATED
sign_up_method_not_enabled: 'This sign up method is not enabled.', // UNTRANSLATED
sign_in_method_not_enabled: 'This sign in method is not enabled.', // UNTRANSLATED
same_password: 'Your new password cant be the same as your current password.', // UNTRANSLATED
require_password: 'You need to set a password before sign in.', // UNTRANSLATED
same_password: 'New password cannot be the same as your old password.', // UNTRANSLATED
require_password: 'You need to set a password before signing-in.', // UNTRANSLATED
password_exists: 'Your password has been set.', // UNTRANSLATED
require_username: 'You need to set a username before sign in.', // UNTRANSLATED
username_exists: 'Your username has been set.', // UNTRANSLATED
require_email: 'You need to set an email before sign in.', // UNTRANSLATED
email_exists: 'Your email has been set.', // UNTRANSLATED
require_sms: 'You need to set a phone before sign in.', // UNTRANSLATED
sms_exists: 'Your phone has been set.', // UNTRANSLATED
require_email_or_sms: 'You need to set a phone or email before sign in.', // UNTRANSLATED
require_username: 'You need to set a username before signing-in.', // UNTRANSLATED
username_exists: 'This username is already in use.', // UNTRANSLATED
require_email: 'You need to add an email address before signing-in.', // UNTRANSLATED
email_exists: 'This email is associated with an existing account.', // UNTRANSLATED
require_sms: 'You need to add a phone number before signing-in.', // UNTRANSLATED
sms_exists: 'This phone number is associated with an existing account.', // UNTRANSLATED
require_email_or_sms: 'You need to add an email address or phone number before signing-in.', // UNTRANSLATED
suspended: 'This account is suspended.', // UNTRANSLATED
},
password: {
@ -123,6 +124,7 @@ const errors = {
code_sign_in_must_be_enabled:
'Verification code sign in must be enabled when set a password is not required in sign up.', // UNTRANSLATED
unsupported_default_language: 'This language - {{language}} is not supported at the moment.', // UNTRANSLATED
at_least_one_authentication_factor: 'You have to select at least one authentication factor.', // UNTRANSLATED
},
localization: {
cannot_delete_default_language:

5
packages/phrases/src/locales/ko/translation/admin-console/connectors.ts
View file

@ -11,6 +11,11 @@ const connectors = {
connector_status: '로그인 경험',
connector_status_in_use: '사용 중',
connector_status_not_in_use: '사용 중이 아님',
not_in_use_tip: {
content:
'Not in use means your sign in experience hasnt used this sign in method. <a>{{link}}</a> to add this sign in method. ', // UNTRANSLATED
go_to_sie: 'Go to sign in experience', // UNTRANSLATED
},
social_connector_eg: '예) Google, Facebook, Github',
save_and_done: '저장 및 완료',
type: {

11
packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp.ts
View file

@ -74,6 +74,17 @@ const sign_in_exp = {
go_to: 'social connectors or go to “Connectors” section.', // UNTRANSLATED
},
},
tip: {
set_a_password: 'A unique set of a password to your username is a must.', // UNTRANSLATED
verify_at_sign_up:
'Right now we only support email verified at sign up but soon to open this capability', // UNTRANSLATED
password_auth:
'This is essential as you have enabled the option to set a password during the sign-up process.', // UNTRANSLATED
verification_code_auth:
'This is essential as you have only enabled the option to provide verification code when signing up. Youre free to uncheck the box when password set-up is allowed at the sign-up process.', // UNTRANSLATED
delete_sign_in_method:
'This is essential as you have selected {{identifier}} as a required identifier.', // UNTRANSLATED
},
},
sign_in_methods: {
title: '로그인 방법',

20
packages/phrases/src/locales/pt-pt/errors.ts
View file

@ -6,6 +6,7 @@ const errors = {
forbidden: 'Proibido. Verifique os seus cargos e permissões.',
expected_role_not_found: 'Role esperado não encontrado. Verifique os seus cargos e permissões.',
jwt_sub_missing: 'Campo `sub` está ausente no JWT.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: 'O pedido {{type}} é inválido.',
@ -43,16 +44,16 @@ const errors = {
cannot_delete_self: 'Não se pode remover a si mesmo.',
sign_up_method_not_enabled: 'This sign up method is not enabled.', // UNTRANSLATED
sign_in_method_not_enabled: 'This sign in method is not enabled.', // UNTRANSLATED
same_password: 'Your new password cant be the same as your current password.', // UNTRANSLATED
require_password: 'You need to set a password before sign in.', // UNTRANSLATED
same_password: 'New password cannot be the same as your old password.', // UNTRANSLATED
require_password: 'You need to set a password before signing-in.', // UNTRANSLATED
password_exists: 'Your password has been set.', // UNTRANSLATED
require_username: 'You need to set a username before sign in.', // UNTRANSLATED
username_exists: 'Your username has been set.', // UNTRANSLATED
require_email: 'You need to set an email before sign in.', // UNTRANSLATED
email_exists: 'Your email has been set.', // UNTRANSLATED
require_sms: 'You need to set a phone before sign in.', // UNTRANSLATED
sms_exists: 'Your phone has been set.', // UNTRANSLATED
require_email_or_sms: 'You need to set a phone or email before sign in.', // UNTRANSLATED
require_username: 'You need to set a username before signing-in.', // UNTRANSLATED
username_exists: 'This username is already in use.', // UNTRANSLATED
require_email: 'You need to add an email address before signing-in.', // UNTRANSLATED
email_exists: 'This email is associated with an existing account.', // UNTRANSLATED
require_sms: 'You need to add a phone number before signing-in.', // UNTRANSLATED
sms_exists: 'This phone number is associated with an existing account.', // UNTRANSLATED
require_email_or_sms: 'You need to add an email address or phone number before signing-in.', // UNTRANSLATED
suspended: 'This account is suspended.', // UNTRANSLATED
},
password: {
@ -129,6 +130,7 @@ const errors = {
code_sign_in_must_be_enabled:
'Verification code sign in must be enabled when set a password is not required in sign up.', // UNTRANSLATED
unsupported_default_language: 'This language - {{language}} is not supported at the moment.', // UNTRANSLATED
at_least_one_authentication_factor: 'You have to select at least one authentication factor.', // UNTRANSLATED
},
localization: {
cannot_delete_default_language:

5
packages/phrases/src/locales/pt-pt/translation/admin-console/connectors.ts
View file

@ -11,6 +11,11 @@ const connectors = {
connector_status: 'Experiência de login',
connector_status_in_use: 'Em uso',
connector_status_not_in_use: 'Fora de uso',
not_in_use_tip: {
content:
'Not in use means your sign in experience hasnt used this sign in method. <a>{{link}}</a> to add this sign in method. ', // UNTRANSLATED
go_to_sie: 'Go to sign in experience', // UNTRANSLATED
},
social_connector_eg: 'Ex., Google, Facebook, Github',
save_and_done: 'Guardar',
type: {

11
packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp.ts
View file

@ -77,6 +77,17 @@ const sign_in_exp = {
go_to: 'social connectors or go to “Connectors” section.', // UNTRANSLATED
},
},
tip: {
set_a_password: 'A unique set of a password to your username is a must.', // UNTRANSLATED
verify_at_sign_up:
'Right now we only support email verified at sign up but soon to open this capability', // UNTRANSLATED
password_auth:
'This is essential as you have enabled the option to set a password during the sign-up process.', // UNTRANSLATED
verification_code_auth:
'This is essential as you have only enabled the option to provide verification code when signing up. Youre free to uncheck the box when password set-up is allowed at the sign-up process.', // UNTRANSLATED
delete_sign_in_method:
'This is essential as you have selected {{identifier}} as a required identifier.', // UNTRANSLATED
},
},
sign_in_methods: {
title: 'MÉTODOS DE LOGIN',

20
packages/phrases/src/locales/tr-tr/errors.ts
View file

@ -7,6 +7,7 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: 'JWTde `sub` eksik.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: 'İstek {{type}} geçersiz.',
@ -44,16 +45,16 @@ const errors = {
cannot_delete_self: 'You cannot delete yourself.', // UNTRANSLATED
sign_up_method_not_enabled: 'This sign up method is not enabled.', // UNTRANSLATED
sign_in_method_not_enabled: 'This sign in method is not enabled.', // UNTRANSLATED
same_password: 'Your new password cant be the same as your current password.', // UNTRANSLATED
require_password: 'You need to set a password before sign in.', // UNTRANSLATED
same_password: 'New password cannot be the same as your old password.', // UNTRANSLATED
require_password: 'You need to set a password before signing-in.', // UNTRANSLATED
password_exists: 'Your password has been set.', // UNTRANSLATED
require_username: 'You need to set a username before sign in.', // UNTRANSLATED
username_exists: 'Your username has been set.', // UNTRANSLATED
require_email: 'You need to set an email before sign in.', // UNTRANSLATED
email_exists: 'Your email has been set.', // UNTRANSLATED
require_sms: 'You need to set a phone before sign in.', // UNTRANSLATED
sms_exists: 'Your phone has been set.', // UNTRANSLATED
require_email_or_sms: 'You need to set a phone or email before sign in.', // UNTRANSLATED
require_username: 'You need to set a username before signing-in.', // UNTRANSLATED
username_exists: 'This username is already in use.', // UNTRANSLATED
require_email: 'You need to add an email address before signing-in.', // UNTRANSLATED
email_exists: 'This email is associated with an existing account.', // UNTRANSLATED
require_sms: 'You need to add a phone number before signing-in.', // UNTRANSLATED
sms_exists: 'This phone number is associated with an existing account.', // UNTRANSLATED
require_email_or_sms: 'You need to add an email address or phone number before signing-in.', // UNTRANSLATED
suspended: 'This account is suspended.', // UNTRANSLATED
},
password: {
@ -127,6 +128,7 @@ const errors = {
code_sign_in_must_be_enabled:
'Verification code sign in must be enabled when set a password is not required in sign up.', // UNTRANSLATED
unsupported_default_language: 'This language - {{language}} is not supported at the moment.', // UNTRANSLATED
at_least_one_authentication_factor: 'You have to select at least one authentication factor.', // UNTRANSLATED
},
localization: {
cannot_delete_default_language:

5
packages/phrases/src/locales/tr-tr/translation/admin-console/connectors.ts
View file

@ -12,6 +12,11 @@ const connectors = {
connector_status: 'Oturum açma deneyimi',
connector_status_in_use: 'Kullanımda',
connector_status_not_in_use: 'Kullanımda değil',
not_in_use_tip: {
content:
'Not in use means your sign in experience hasnt used this sign in method. <a>{{link}}</a> to add this sign in method. ', // UNTRANSLATED
go_to_sie: 'Go to sign in experience', // UNTRANSLATED
},
social_connector_eg: 'Örneğin, Google, Facebook, Github',
save_and_done: 'Kaydet ve bitir',
type: {

11
packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp.ts
View file

@ -78,6 +78,17 @@ const sign_in_exp = {
go_to: 'social connectors or go to “Connectors” section.', // UNTRANSLATED
},
},
tip: {
set_a_password: 'A unique set of a password to your username is a must.', // UNTRANSLATED
verify_at_sign_up:
'Right now we only support email verified at sign up but soon to open this capability', // UNTRANSLATED
password_auth:
'This is essential as you have enabled the option to set a password during the sign-up process.', // UNTRANSLATED
verification_code_auth:
'This is essential as you have only enabled the option to provide verification code when signing up. Youre free to uncheck the box when password set-up is allowed at the sign-up process.', // UNTRANSLATED
delete_sign_in_method:
'This is essential as you have selected {{identifier}} as a required identifier.', // UNTRANSLATED
},
},
sign_in_methods: {
title: 'OTURUM AÇMA YÖNTEMLERİ',

8
packages/phrases/src/locales/zh-cn/errors.ts
View file

@ -6,6 +6,7 @@ const errors = {
forbidden: '禁止访问。请检查用户 role 与权限。',
expected_role_not_found: '未找到期望的 role。请检查用户 role 与权限。',
jwt_sub_missing: 'JWT 缺失 `sub`',
require_re_authentication: '需要重新认证以进行受保护操作。',
},
guard: {
invalid_input: '请求中 {{type}} 无效',
@ -47,11 +48,11 @@ const errors = {
require_password: '请设置密码',
password_exists: '密码已设置过',
require_username: '请设置用户名',
username_exists: '用户名已设置过',
username_exists: '该用户名已存在',
require_email: '请绑定邮箱地址',
email_exists: '已绑定邮箱地址',
email_exists: '该邮箱地址已被其它账户绑定',
require_sms: '请绑定手机号码',
sms_exists: '已绑定手机号码',
sms_exists: '该手机号码已被其它账户绑定',
require_email_or_sms: '请绑定邮箱地址或手机号码',
suspended: '账号已被禁用',
},
@ -119,6 +120,7 @@ const errors = {
code_sign_in_must_be_enabled:
'Verification code sign in must be enabled when set a password is not required in sign up.', // UNTRANSLATED
unsupported_default_language: '{{language}}无法选择为默认语言。',
at_least_one_authentication_factor: '至少要选择一个登录要素',
},
localization: {
cannot_delete_default_language: '你已设置{{languageTag}}为你的默认语言,你无法删除默认语言。',

5
packages/phrases/src/locales/zh-cn/translation/admin-console/connectors.ts
View file

@ -11,6 +11,11 @@ const connectors = {
connector_status: '登录体验',
connector_status_in_use: '使用中',
connector_status_not_in_use: '未使用',
not_in_use_tip: {
content:
'Not in use means your sign in experience hasnt used this sign in method. <a>{{link}}</a> to add this sign in method. ', // UNTRANSLATED
go_to_sie: 'Go to sign in experience', // UNTRANSLATED
},
social_connector_eg: '如: 微信登录,支付宝登录',
save_and_done: '保存并完成',
type: {

11
packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp.ts
View file

@ -75,6 +75,17 @@ const sign_in_exp = {
go_to: 'social connectors or go to “Connectors” section.', // UNTRANSLATED
},
},
tip: {
set_a_password: 'A unique set of a password to your username is a must.', // UNTRANSLATED
verify_at_sign_up:
'Right now we only support email verified at sign up but soon to open this capability', // UNTRANSLATED
password_auth:
'This is essential as you have enabled the option to set a password during the sign-up process.', // UNTRANSLATED
verification_code_auth:
'This is essential as you have only enabled the option to provide verification code when signing up. Youre free to uncheck the box when password set-up is allowed at the sign-up process.', // UNTRANSLATED
delete_sign_in_method:
'This is essential as you have selected {{identifier}} as a required identifier.', // UNTRANSLATED
},
},
sign_in_methods: {
title: '登录方式',

8
packages/ui/src/components/BrandingHeader/index.module.scss
View file

@ -1,6 +1,6 @@
@use '@/scss/underscore' as _;
$logo-height: 60px;
$logo-height: 50px;
.container {
width: 100%;
@ -36,12 +36,8 @@ $logo-height: 60px;
}
:global(body.desktop) {
.container {
min-height: 96px;
}
.logo:not(:last-child) {
margin-bottom: _.unit(4);
margin-bottom: _.unit(3);
}
.headline {

3
packages/ui/src/components/Input/index.module.scss
View file

@ -56,7 +56,8 @@
}
.errorMessage {
margin-top: _.unit(2);
margin-left: _.unit(0.5);
margin-top: _.unit(1);
}
:global(body.desktop) {

11
packages/ui/src/components/Notification/index.module.scss
View file

@ -22,7 +22,7 @@
}
&.info {
background: var(--color-neutral-variant-80);
background: var(--color-neutral-variant-90);
.icon {
color: var(--color-neutral-variant-60);
@ -42,5 +42,14 @@
:global(body.desktop) {
.notification {
border-radius: var(--radius);
box-shadow: var(--color-shadow-1);
&.alert {
border: _.border(var(--color-alert-70));
}
&.info {
border: _.border(var(--color-neutral-variant-80));
}
}
}

3
packages/ui/src/components/Passcode/index.module.scss
View file

@ -27,7 +27,8 @@
}
.passcode + .errorMessage {
margin-top: _.unit(2);
margin-left: _.unit(0.5);
margin-top: _.unit(1);
}
:global(body.desktop) {

14
packages/ui/src/components/SecondaryPageWrapper/index.module.scss
View file

@ -9,8 +9,12 @@
margin-top: _.unit(2);
}
.description {
.header {
margin-bottom: _.unit(6);
}
.description {
margin-top: _.unit(2);
@include _.text-hint;
}
@ -21,7 +25,6 @@
.title {
@include _.title;
margin-bottom: _.unit(6);
}
}
@ -30,8 +33,11 @@
margin-top: _.unit(12);
}
.title {
@include _.title_desktop;
.header {
margin-bottom: _.unit(4);
}
.title {
@include _.title_desktop;
}
}

11
packages/ui/src/components/SecondaryPageWrapper/index.tsx
View file

@ -26,10 +26,13 @@ const SecondaryPageWrapper = ({
<div className={styles.wrapper}>
<NavBar />
<div className={styles.container}>
{title && <div className={styles.title}>{t(title, titleProps)}</div>}
{description && (
<div className={styles.description}>{t(description, descriptionProps)}</div>
)}
<div className={styles.header}>
{title && <div className={styles.title}>{t(title, titleProps)}</div>}
{description && (
<div className={styles.description}>{t(description, descriptionProps)}</div>
)}
</div>
{children}
</div>
</div>

2
packages/ui/src/components/TermsOfUse/index.module.scss
View file

@ -4,11 +4,13 @@
@include _.flex-row;
width: 100%;
user-select: none;
cursor: pointer;
}
.checkBox {
margin-right: _.unit(2);
fill: var(--color-type-secondary);
cursor: pointer;
}
.content {

6
packages/ui/src/components/TextLink/index.module.scss
View file

@ -9,11 +9,9 @@
color: var(--color-brand-default);
text-decoration: none;
font: var(--font-label-2);
border-radius: _.unit(1);
padding: _.unit(1) _.unit(0.5);
&:active {
background: var(--color-overlay-brand-pressed);
color: var(--color-brand-hover);
}
}
@ -27,7 +25,7 @@
:global(body.desktop) {
.link {
&.primary:hover {
background: var(--color-overlay-brand-hover);
color: var(--color-brand-hover);
}
&.primary:focus-visible {

2
packages/ui/src/components/Toast/index.module.scss
View file

@ -44,6 +44,6 @@
:global(body.desktop) {
.toast {
padding: _.unit(3) _.unit(4);
box-shadow: var(--color-shadow);
box-shadow: var(--color-shadow-2);
}
}

2
packages/ui/src/containers/AppContent/index.module.scss
View file

@ -83,6 +83,6 @@ body {
padding: _.unit(6);
border-radius: 16px;
background: var(--color-bg-float);
box-shadow: var(--color-shadow);
box-shadow: var(--color-shadow-2);
}
}

16
packages/ui/src/containers/CreateAccount/index.test.tsx
View file

@ -16,7 +16,7 @@ describe('<CreateAccount/>', () => {
expect(container.querySelector('input[name="new-username"]')).not.toBeNull();
expect(container.querySelector('input[name="new-password"]')).not.toBeNull();
expect(container.querySelector('input[name="confirm-new-password"]')).not.toBeNull();
expect(queryByText('action.create')).not.toBeNull();
expect(queryByText('action.create_account')).not.toBeNull();
});
test('render with terms settings enabled', () => {
@ -30,7 +30,7 @@ describe('<CreateAccount/>', () => {
test('username and password are required', () => {
const { queryByText, getByText } = renderWithPageContext(<CreateAccount />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
fireEvent.click(submitButton);
expect(queryByText('username_required')).not.toBeNull();
@ -41,7 +41,7 @@ describe('<CreateAccount/>', () => {
test('username with initial numeric char should throw', () => {
const { queryByText, getByText, container } = renderWithPageContext(<CreateAccount />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const usernameInput = container.querySelector('input[name="new-username"]');
@ -65,7 +65,7 @@ describe('<CreateAccount/>', () => {
test('username with special character should throw', () => {
const { queryByText, getByText, container } = renderWithPageContext(<CreateAccount />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const usernameInput = container.querySelector('input[name="new-username"]');
if (usernameInput) {
@ -88,7 +88,7 @@ describe('<CreateAccount/>', () => {
test('password less than 6 chars should throw', () => {
const { queryByText, getByText, container } = renderWithPageContext(<CreateAccount />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const passwordInput = container.querySelector('input[name="new-password"]');
if (passwordInput) {
@ -111,7 +111,7 @@ describe('<CreateAccount/>', () => {
test('password mismatch with confirmPassword should throw', () => {
const { queryByText, getByText, container } = renderWithPageContext(<CreateAccount />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const passwordInput = container.querySelector('input[name="new-password"]');
const confirmPasswordInput = container.querySelector('input[name="confirm-new-password"]');
const usernameInput = container.querySelector('input[name="username"]');
@ -148,7 +148,7 @@ describe('<CreateAccount/>', () => {
const passwordInput = container.querySelector('input[name="new-password"]');
const confirmPasswordInput = container.querySelector('input[name="confirm-new-password"]');
const usernameInput = container.querySelector('input[name="new-username"]');
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
if (usernameInput) {
fireEvent.change(usernameInput, { target: { value: 'username' } });
@ -198,7 +198,7 @@ describe('<CreateAccount/>', () => {
<CreateAccount />
</SettingsProvider>
);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const passwordInput = container.querySelector('input[name="new-password"]');
const confirmPasswordInput = container.querySelector('input[name="confirm-new-password"]');
const usernameInput = container.querySelector('input[name="new-username"]');

2
packages/ui/src/containers/CreateAccount/index.tsx
View file

@ -124,7 +124,7 @@ const CreateAccount = ({ className, autoFocus }: Props) => {
<TermsOfUse className={styles.terms} />
<Button title="action.create" onClick={async () => onSubmitHandler()} />
<Button title="action.create_account" onClick={async () => onSubmitHandler()} />
<input hidden type="submit" />
</form>

7
packages/ui/src/containers/EmailForm/index.module.scss
View file

@ -9,7 +9,8 @@
.inputField,
.terms,
.switch {
.switch,
.formErrors {
margin-bottom: _.unit(4);
}
@ -19,7 +20,7 @@
}
.formErrors {
margin-top: _.unit(-2);
margin-bottom: _.unit(4);
margin-left: _.unit(0.5);
margin-top: _.unit(-3);
}
}

17
packages/ui/src/containers/EmailPassword/index.module.scss
View file

@ -9,17 +9,28 @@
.inputField,
.link,
.terms {
.terms,
.formErrors {
margin-bottom: _.unit(4);
}
.link {
margin-top: _.unit(-1);
width: auto;
align-self: start;
}
.formErrors {
margin-top: _.unit(-2);
margin-bottom: _.unit(4);
margin-top: _.unit(-3);
margin-left: _.unit(0.5);
}
}
:global(.desktop) {
.form {
.link {
margin-top: _.unit(-2);
}
}
}

4
packages/ui/src/containers/EmailPassword/index.tsx
View file

@ -89,6 +89,8 @@ const EmailPassword = ({ className, autoFocus }: Props) => {
{...register('password', (value) => requiredValidation('password', value))}
/>
{errorMessage && <ErrorMessage className={styles.formErrors}>{errorMessage}</ErrorMessage>}
{isForgotPasswordEnabled && (
<ForgotPasswordLink
className={styles.link}
@ -96,8 +98,6 @@ const EmailPassword = ({ className, autoFocus }: Props) => {
/>
)}
{errorMessage && <ErrorMessage className={styles.formErrors}>{errorMessage}</ErrorMessage>}
<TermsOfUse className={styles.terms} />
<Button title="action.sign_in" onClick={async () => onSubmitHandler()} />

9
packages/ui/src/containers/PasscodeValidation/index.module.scss
View file

@ -23,11 +23,16 @@
}
}
.link {
margin-top: _.unit(3);
.message,
.link,
.switch {
width: auto;
align-self: start;
}
.switch {
margin-top: _.unit(3);
}
}
:global(body.mobile) {

3
packages/ui/src/containers/PasscodeValidation/index.tsx
View file

@ -59,6 +59,7 @@ const PasscodeValidation = ({ type, method, className, hasPasswordButton, target
</div>
) : (
<TextLink
className={styles.link}
text="description.resend_passcode"
onClick={() => {
clearErrorMessage();
@ -67,7 +68,7 @@ const PasscodeValidation = ({ type, method, className, hasPasswordButton, target
/>
)}
{type === UserFlow.signIn && hasPasswordButton && (
<PasswordSignInLink method={method} target={target} className={styles.link} />
<PasswordSignInLink method={method} target={target} className={styles.switch} />
)}
</form>
);

19
packages/ui/src/containers/PasswordSignInForm/index.module.scss
View file

@ -9,7 +9,8 @@
.inputField,
.link,
.switch {
.switch,
.formErrors {
margin-bottom: _.unit(4);
}
@ -19,8 +20,20 @@
width: auto;
}
.link {
margin-top: _.unit(-1);
}
.formErrors {
margin-top: _.unit(-2);
margin-bottom: _.unit(4);
margin-left: _.unit(0.5);
margin-top: _.unit(-3);
}
}
:global(.desktop) {
.form {
.link {
margin-top: _.unit(-2);
}
}
}

7
packages/ui/src/containers/PhoneForm/index.module.scss
View file

@ -9,7 +9,8 @@
.inputField,
.terms,
.switch {
.switch,
.formErrors {
margin-bottom: _.unit(4);
}
@ -19,7 +20,7 @@
}
.formErrors {
margin-top: _.unit(-2);
margin-bottom: _.unit(4);
margin-left: _.unit(0.5);
margin-top: _.unit(-3);
}
}

16
packages/ui/src/containers/PhonePassword/index.module.scss
View file

@ -9,17 +9,27 @@
.inputField,
.link,
.terms {
.terms,
.formErrors {
margin-bottom: _.unit(4);
}
.link {
margin-top: _.unit(-1);
align-self: start;
width: auto;
}
.formErrors {
margin-top: _.unit(-2);
margin-bottom: _.unit(4);
margin-top: _.unit(-3);
margin-left: _.unit(0.5);
}
}
:global(.desktop) {
.form {
.link {
margin-top: _.unit(-2);
}
}
}

7
packages/ui/src/containers/SetPassword/index.module.scss
View file

@ -7,12 +7,13 @@
width: 100%;
}
.inputField {
.inputField,
.formErrors {
margin-bottom: _.unit(4);
}
.formErrors {
margin-top: _.unit(-2);
margin-bottom: _.unit(4);
margin-left: _.unit(0.5);
margin-top: _.unit(-3);
}
}

10
packages/ui/src/containers/UsernameRegister/index.test.tsx
View file

@ -21,7 +21,7 @@ describe('<UsernameRegister />', () => {
test('default render', () => {
const { queryByText, container } = renderWithPageContext(<UsernameRegister />);
expect(container.querySelector('input[name="new-username"]')).not.toBeNull();
expect(queryByText('action.create')).not.toBeNull();
expect(queryByText('action.create_account')).not.toBeNull();
});
test('render with terms settings enabled', () => {
@ -35,7 +35,7 @@ describe('<UsernameRegister />', () => {
test('username are required', () => {
const { queryByText, getByText } = renderWithPageContext(<UsernameRegister />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
fireEvent.click(submitButton);
expect(queryByText('username_required')).not.toBeNull();
@ -45,7 +45,7 @@ describe('<UsernameRegister />', () => {
test('username with initial numeric char should throw', () => {
const { queryByText, getByText, container } = renderWithPageContext(<UsernameRegister />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const usernameInput = container.querySelector('input[name="new-username"]');
@ -69,7 +69,7 @@ describe('<UsernameRegister />', () => {
test('username with special character should throw', () => {
const { queryByText, getByText, container } = renderWithPageContext(<UsernameRegister />);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const usernameInput = container.querySelector('input[name="new-username"]');
if (usernameInput) {
@ -96,7 +96,7 @@ describe('<UsernameRegister />', () => {
<UsernameRegister />
</SettingsProvider>
);
const submitButton = getByText('action.create');
const submitButton = getByText('action.create_account');
const usernameInput = container.querySelector('input[name="new-username"]');
if (usernameInput) {

2
packages/ui/src/containers/UsernameRegister/index.tsx
View file

@ -96,7 +96,7 @@ const UsernameRegister = ({ className }: Props) => {
<TermsOfUse className={styles.terms} />
<Button title="action.create" onClick={async () => onSubmitHandler()} />
<Button title="action.create_account" onClick={async () => onSubmitHandler()} />
<input hidden type="submit" />
</form>

15
packages/ui/src/containers/UsernameSignIn/index.module.scss
View file

@ -9,17 +9,26 @@
.inputField,
.link,
.terms {
.terms,
.formErrors {
margin-bottom: _.unit(4);
}
.link {
margin-top: _.unit(-1);
align-self: start;
width: auto;
}
.formErrors {
margin-top: _.unit(-2);
margin-bottom: _.unit(4);
margin-top: _.unit(-3);
}
}
:global(.desktop) {
.form {
.link {
margin-top: _.unit(-2);
}
}
}

22
packages/ui/src/pages/Register/index.module.scss
View file

@ -1,15 +1,13 @@
@use '@/scss/underscore' as _;
.main {
.main,
.divider,
.otherMethods {
margin-bottom: _.unit(4);
}
.otherMethodsLink {
margin-bottom: _.unit(6);
}
.createAccount {
margin-top: _.unit(6);
margin-top: _.unit(2);
text-align: center;
}
@ -19,25 +17,13 @@
:global(body.mobile) {
.divider {
margin-bottom: _.unit(5);
}
.createAccount {
padding-bottom: env(safe-area-inset-bottom);
}
}
:global(body.desktop) {
.main {
margin-bottom: _.unit(6);
}
.placeHolder {
flex: 0;
}
.divider {
margin-bottom: _.unit(4);
}
}

7
packages/ui/src/pages/Register/index.tsx
View file

@ -29,6 +29,7 @@ const Register = () => {
// Other create account methods
otherMethods.length > 0 && (
<OtherMethodsLink
className={styles.otherMethods}
methods={otherMethods}
template="register_with"
flow={UserFlow.register}
@ -40,7 +41,11 @@ const Register = () => {
signUpMethods.length > 0 && socialConnectors.length > 0 && (
<>
<Divider label="description.or" className={styles.divider} />
<SocialSignInList isCollapseEnabled socialConnectors={socialConnectors} />
<SocialSignInList
isCollapseEnabled
socialConnectors={socialConnectors}
className={styles.main}
/>
</>
)
}

21
packages/ui/src/pages/SignIn/index.module.scss
View file

@ -1,15 +1,14 @@
@use '@/scss/underscore' as _;
.main {
.main,
.otherMethods,
.divider {
margin-bottom: _.unit(4);
}
.otherMethodsLink {
margin-bottom: _.unit(6);
}
.createAccount {
margin-top: _.unit(6);
margin-top: _.unit(2);
text-align: center;
}
@ -19,25 +18,13 @@
:global(body.mobile) {
.divider {
margin-bottom: _.unit(5);
}
.createAccount {
padding-bottom: env(safe-area-inset-bottom);
}
}
:global(body.desktop) {
.main {
margin-bottom: _.unit(6);
}
.placeHolder {
flex: 0;
}
.divider {
margin-bottom: _.unit(4);
}
}

Some files were not shown because too many files have changed in this diff Show more