diff --git a/packages/core/src/routes/session/forgot-password.test.ts b/packages/core/src/routes/session/forgot-password.test.ts index cf5eaaffe..8ceec189b 100644 --- a/packages/core/src/routes/session/forgot-password.test.ts +++ b/packages/core/src/routes/session/forgot-password.test.ts @@ -97,20 +97,18 @@ describe('session -> forgotPasswordRoutes', () => { const response = await sessionRequest .post(`${forgotPasswordRoute}/sms/verify-passcode`) .send({ phone: '13000000000', code: '1234' }); - expect(response.statusCode).toEqual(200); - expect(response.body).toHaveProperty('redirectTo'); + expect(response.statusCode).toEqual(204); expect(interactionResult).toHaveBeenCalledWith( expect.anything(), expect.anything(), expect.objectContaining({ - login: { accountId: 'id' }, forgotPassword: { + userId: 'id', expiresAt: dayjs(fakeTime) .add(forgotPasswordVerificationTimeout, 'second') .toISOString(), }, - }), - expect.anything() + }) ); jest.useRealTimers(); }); @@ -150,20 +148,18 @@ describe('session -> forgotPasswordRoutes', () => { const response = await sessionRequest .post(`${forgotPasswordRoute}/email/verify-passcode`) .send({ email: 'a@a.com', code: '1234' }); - expect(response.statusCode).toEqual(200); - expect(response.body).toHaveProperty('redirectTo'); + expect(response.statusCode).toEqual(204); expect(interactionResult).toHaveBeenCalledWith( expect.anything(), expect.anything(), expect.objectContaining({ - login: { accountId: 'id' }, forgotPassword: { + userId: 'id', expiresAt: dayjs(fakeTime) .add(forgotPasswordVerificationTimeout, 'second') .toISOString(), }, - }), - expect.anything() + }) ); jest.useRealTimers(); }); @@ -188,8 +184,7 @@ describe('session -> forgotPasswordRoutes', () => { it('assign result and redirect', async () => { interactionDetails.mockResolvedValueOnce({ result: { - login: { accountId: 'id' }, - forgotPassword: { expiresAt: dayjs().add(1, 'day').toISOString() }, + forgotPassword: { userId: 'id', expiresAt: dayjs().add(1, 'day').toISOString() }, }, }); const response = await sessionRequest @@ -219,8 +214,7 @@ describe('session -> forgotPasswordRoutes', () => { it('should throw when `forgotPassword.expiresAt` is not string', async () => { interactionDetails.mockResolvedValueOnce({ result: { - login: { accountId: 'id' }, - forgotPassword: { expiresAt: 0 }, + forgotPassword: { userId: 'id', expiresAt: 0 }, }, }); const response = await sessionRequest @@ -232,8 +226,7 @@ describe('session -> forgotPasswordRoutes', () => { it('should throw when `expiresAt` is not a valid date string', async () => { interactionDetails.mockResolvedValueOnce({ result: { - login: { accountId: 'id' }, - forgotPassword: { expiresAt: 'invalid date string' }, + forgotPassword: { userId: 'id', expiresAt: 'invalid date string' }, }, }); const response = await sessionRequest @@ -245,8 +238,7 @@ describe('session -> forgotPasswordRoutes', () => { it('should throw when verification expires', async () => { interactionDetails.mockResolvedValueOnce({ result: { - login: { accountId: 'id' }, - forgotPassword: { expiresAt: dayjs().subtract(1, 'day').toISOString() }, + forgotPassword: { userId: 'id', expiresAt: dayjs().subtract(1, 'day').toISOString() }, }, }); const response = await sessionRequest @@ -258,8 +250,7 @@ describe('session -> forgotPasswordRoutes', () => { it('should throw when new password is the same as old one', async () => { interactionDetails.mockResolvedValueOnce({ result: { - login: { accountId: 'id' }, - forgotPassword: { expiresAt: dayjs().add(1, 'day').toISOString() }, + forgotPassword: { userId: 'id', expiresAt: dayjs().add(1, 'day').toISOString() }, }, }); mockArgon2Verify.mockResolvedValueOnce(true); @@ -272,8 +263,7 @@ describe('session -> forgotPasswordRoutes', () => { it('should redirect when there was no old password', async () => { interactionDetails.mockResolvedValueOnce({ result: { - login: { accountId: 'id' }, - forgotPassword: { expiresAt: dayjs().add(1, 'day').toISOString() }, + forgotPassword: { userId: 'id', expiresAt: dayjs().add(1, 'day').toISOString() }, }, }); findUserById.mockResolvedValueOnce({ diff --git a/packages/core/src/routes/session/forgot-password.ts b/packages/core/src/routes/session/forgot-password.ts index 79af4af41..fb3e11d11 100644 --- a/packages/core/src/routes/session/forgot-password.ts +++ b/packages/core/src/routes/session/forgot-password.ts @@ -7,7 +7,6 @@ import { z } from 'zod'; import RequestError from '@/errors/RequestError'; import { createPasscode, sendPasscode, verifyPasscode } from '@/lib/passcode'; -import { assignInteractionResults } from '@/lib/session'; import { encryptUserPassword } from '@/lib/user'; import koaGuard from '@/middleware/koa-guard'; import { @@ -27,7 +26,7 @@ import { getRoutePrefix } from './utils'; export const forgotPasswordRoute = getRoutePrefix('forgot-password'); const forgotPasswordVerificationGuard = z.object({ - forgotPassword: z.object({ expiresAt: z.string() }), + forgotPassword: z.object({ userId: z.string(), expiresAt: z.string() }), }); export default function forgotPasswordRoutes( @@ -70,12 +69,13 @@ export default function forgotPasswordRoutes( const { id } = await findUserByPhone(phone); ctx.log(type, { userId: id }); - await assignInteractionResults(ctx, provider, { - login: { accountId: id }, + await provider.interactionResult(ctx.req, ctx.res, { forgotPassword: { + userId: id, expiresAt: dayjs().add(forgotPasswordVerificationTimeout, 'second').toISOString(), }, }); + ctx.status = 204; return next(); } @@ -115,12 +115,13 @@ export default function forgotPasswordRoutes( await verifyPasscode(jti, PasscodeType.ForgotPassword, code, { email }); const { id } = await findUserByEmail(email); - await assignInteractionResults(ctx, provider, { - login: { accountId: id }, + await provider.interactionResult(ctx.req, ctx.res, { forgotPassword: { + userId: id, expiresAt: dayjs().add(forgotPasswordVerificationTimeout, 'second').toISOString(), }, }); + ctx.status = 204; return next(); } @@ -135,15 +136,12 @@ export default function forgotPasswordRoutes( const forgotPasswordVerificationResult = forgotPasswordVerificationGuard.safeParse(result); assertThat( - result?.login?.accountId && forgotPasswordVerificationResult.success, + forgotPasswordVerificationResult.success, new RequestError({ code: 'session.forgot_password_session_not_found', status: 404 }) ); const { - login: { accountId: id }, - } = result; - const { - forgotPassword: { expiresAt }, + forgotPassword: { userId: id, expiresAt }, } = forgotPasswordVerificationResult.data; assertThat(