Merge branch '0.12' into feat/jwt-rework

Author: nkshah2

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [0.12.0] - 2023-05-05
 
+### Added
+
+- added optional password policy check in `updateEmailOrPassword`
+
 ### Breaking Changes
 
 -   Changed the interface and configuration of the Session recipe, see below for details. If you do not use the Session recipe directly and do not provide custom configuration, then no migration is necessary.

recipe/dashboard/api/userdetails/userPut.go

@@ -74,7 +74,7 @@ func updateEmailForRecipeId(recipeId string, userId string, email string) (updat
 			}, nil
 		}
 
-		updateResponse, err := emailpassword.UpdateEmailOrPassword(userId, &email, nil)
+		updateResponse, err := emailpassword.UpdateEmailOrPassword(userId, &email, nil, nil)
 
 		if err != nil {
 			return updateEmailResponse{}, err
@@ -113,7 +113,7 @@ func updateEmailForRecipeId(recipeId string, userId string, email string) (updat
 			}, nil
 		}
 
-		updateResponse, err := thirdpartyemailpassword.UpdateEmailOrPassword(userId, &email, nil)
+		updateResponse, err := thirdpartyemailpassword.UpdateEmailOrPassword(userId, &email, nil, nil)
 
 		if err != nil {
 			return updateEmailResponse{}, err

recipe/emailpassword/authFlow_test.go

@@ -35,7 +35,7 @@ import (
 	"github.com/supertokens/supertokens-golang/test/unittesting"
 )
 
-//SigninFeature Tests
+// SigninFeature Tests
 func TestDisablingAPIDefaultSigninDoesNotWork(t *testing.T) {
 	configValue := supertokens.TypeInput{
 		Supertokens: &supertokens.ConnectionInfo{
@@ -1234,7 +1234,7 @@ func TestHandlePostSignInFunction(t *testing.T) {
 
 }
 
-//Signout Feature tests
+// Signout Feature tests
 func TestDefaultSignoutRouteRevokesSession(t *testing.T) {
 	customAntiCsrfVal := "VIA_TOKEN"
 	configValue := supertokens.TypeInput{
@@ -1474,7 +1474,7 @@ func TestSignoutAPIreturnsTryRefreshTokenAndSignoutShouldReturnOK(t *testing.T)
 	assert.Equal(t, "", cookieData2["refreshTokenDomain"])
 }
 
-//Signup Feature tests
+// Signup Feature tests
 func TestDisablingAPIDefaultSignUpDoesNotWork(t *testing.T) {
 	configValue := supertokens.TypeInput{
 		Supertokens: &supertokens.ConnectionInfo{

recipe/emailpassword/ep_userIdMapping_test.go

@@ -188,7 +188,7 @@ func TestCreateUserIdMappingUpdateEmailPassword(t *testing.T) {
 
 	newEmail := "email@example.com"
 	newPass := "newpass123"
-	updateResp, err := UpdateEmailOrPassword(externalUserId, &newEmail, &newPass)
+	updateResp, err := UpdateEmailOrPassword(externalUserId, &newEmail, &newPass, nil)
 	assert.NoError(t, err)
 	assert.NotNil(t, updateResp.OK)
 

recipe/emailpassword/epmodels/recipeInterface.go

@@ -24,7 +24,7 @@ type RecipeInterface struct {
 	GetUserByEmail           *func(email string, userContext supertokens.UserContext) (*User, error)
 	CreateResetPasswordToken *func(userID string, userContext supertokens.UserContext) (CreateResetPasswordTokenResponse, error)
 	ResetPasswordUsingToken  *func(token string, newPassword string, userContext supertokens.UserContext) (ResetPasswordUsingTokenResponse, error)
-	UpdateEmailOrPassword    *func(userId string, email *string, password *string, userContext supertokens.UserContext) (UpdateEmailOrPasswordResponse, error)
+	UpdateEmailOrPassword    *func(userId string, email *string, password *string, applyPasswordPolicy *bool, userContext supertokens.UserContext) (UpdateEmailOrPasswordResponse, error)
 }
 
 type SignUpResponse struct {
@@ -56,7 +56,12 @@ type ResetPasswordUsingTokenResponse struct {
 }
 
 type UpdateEmailOrPasswordResponse struct {
-	OK                      *struct{}
-	UnknownUserIdError      *struct{}
-	EmailAlreadyExistsError *struct{}
+	OK                          *struct{}
+	UnknownUserIdError          *struct{}
+	EmailAlreadyExistsError     *struct{}
+	PasswordPolicyViolatedError *PasswordPolicyViolatedError
+}
+
+type PasswordPolicyViolatedError struct {
+	FailureReason string
 }

recipe/emailpassword/main.go

@@ -74,12 +74,12 @@ func ResetPasswordUsingTokenWithContext(token string, newPassword string, userCo
 	return (*instance.RecipeImpl.ResetPasswordUsingToken)(token, newPassword, userContext)
 }
 
-func UpdateEmailOrPasswordWithContext(userId string, email *string, password *string, userContext supertokens.UserContext) (epmodels.UpdateEmailOrPasswordResponse, error) {
+func UpdateEmailOrPasswordWithContext(userId string, email *string, password *string, applyPasswordPolicy *bool, userContext supertokens.UserContext) (epmodels.UpdateEmailOrPasswordResponse, error) {
 	instance, err := GetRecipeInstanceOrThrowError()
 	if err != nil {
 		return epmodels.UpdateEmailOrPasswordResponse{}, nil
 	}
-	return (*instance.RecipeImpl.UpdateEmailOrPassword)(userId, email, password, userContext)
+	return (*instance.RecipeImpl.UpdateEmailOrPassword)(userId, email, password, applyPasswordPolicy, userContext)
 }
 
 func SendEmailWithContext(input emaildelivery.EmailType, userContext supertokens.UserContext) error {
@@ -114,8 +114,8 @@ func ResetPasswordUsingToken(token string, newPassword string) (epmodels.ResetPa
 	return ResetPasswordUsingTokenWithContext(token, newPassword, &map[string]interface{}{})
 }
 
-func UpdateEmailOrPassword(userId string, email *string, password *string) (epmodels.UpdateEmailOrPasswordResponse, error) {
-	return UpdateEmailOrPasswordWithContext(userId, email, password, &map[string]interface{}{})
+func UpdateEmailOrPassword(userId string, email *string, password *string, applyPasswordPolicy *bool) (epmodels.UpdateEmailOrPasswordResponse, error) {
+	return UpdateEmailOrPasswordWithContext(userId, email, password, applyPasswordPolicy, &map[string]interface{}{})
 }
 
 func SendEmail(input emaildelivery.EmailType) error {

recipe/emailpassword/recipe.go

@@ -53,7 +53,10 @@ func MakeRecipe(recipeId string, appInfo supertokens.NormalisedAppinfo, config *
 	verifiedConfig := validateAndNormaliseUserInput(r, appInfo, config)
 	r.Config = verifiedConfig
 	r.APIImpl = verifiedConfig.Override.APIs(api.MakeAPIImplementation())
-	r.RecipeImpl = verifiedConfig.Override.Functions(MakeRecipeImplementation(*querierInstance))
+	var getEmailPasswordConfig = func() epmodels.TypeNormalisedInput {
+		return verifiedConfig
+	}
+	r.RecipeImpl = verifiedConfig.Override.Functions(MakeRecipeImplementation(*querierInstance, getEmailPasswordConfig))
 
 	if emailDeliveryIngredient != nil {
 		r.EmailDelivery = *emailDeliveryIngredient

recipe/emailpassword/recipeImplementation.go

@@ -20,7 +20,7 @@ import (
 	"github.com/supertokens/supertokens-golang/supertokens"
 )
 
-func MakeRecipeImplementation(querier supertokens.Querier) epmodels.RecipeInterface {
+func MakeRecipeImplementation(querier supertokens.Querier, getEmailPasswordConfig func() epmodels.TypeNormalisedInput) epmodels.RecipeInterface {
 	signUp := func(email, password string, userContext supertokens.UserContext) (epmodels.SignUpResponse, error) {
 		response, err := querier.SendPostRequest("/recipe/signup", map[string]interface{}{
 			"email":    email,
@@ -158,14 +158,28 @@ func MakeRecipeImplementation(querier supertokens.Querier) epmodels.RecipeInterf
 		}
 	}
 
-	updateEmailOrPassword := func(userId string, email, password *string, userContext supertokens.UserContext) (epmodels.UpdateEmailOrPasswordResponse, error) {
+	updateEmailOrPassword := func(userId string, email, password *string, applyPasswordPolicy *bool, userContext supertokens.UserContext) (epmodels.UpdateEmailOrPasswordResponse, error) {
 		requestBody := map[string]interface{}{
 			"userId": userId,
 		}
 		if email != nil {
 			requestBody["email"] = email
 		}
 		if password != nil {
+			if applyPasswordPolicy == nil || *applyPasswordPolicy {
+				formFields := getEmailPasswordConfig().SignUpFeature.FormFields
+				for i := range formFields {
+					if formFields[i].ID == "password" {
+						err := formFields[i].Validate(*password)
+						if err != nil {
+							errResponse := epmodels.PasswordPolicyViolatedError{
+								FailureReason: *err,
+							}
+							return epmodels.UpdateEmailOrPasswordResponse{PasswordPolicyViolatedError: &errResponse}, nil
+						}
+					}
+				}
+			}
 			requestBody["password"] = password
 		}
 		response, err := querier.SendPutRequest("/recipe/user", requestBody)

recipe/emailpassword/updateEmailPass_test.go

@@ -98,10 +98,9 @@ func TestUpdateEmailPass(t *testing.T) {
 	}
 
 	email := "test2@gmail.com"
-	password := "testPass"
-
-	UpdateEmailOrPassword(data["user"].(map[string]interface{})["id"].(string), &email, &password)
+	password := "testPass1"
 
+	UpdateEmailOrPassword(data["user"].(map[string]interface{})["id"].(string), &email, &password, nil)
 	res1, err := unittesting.SignInRequest("testrandom@gmail.com", "validpass123", testServer.URL)
 
 	if err != nil {
@@ -140,6 +139,96 @@ func TestUpdateEmailPass(t *testing.T) {
 
 	assert.Equal(t, "OK", data2["status"])
 	assert.Equal(t, email, data2["user"].(map[string]interface{})["email"])
+
+	password = "test"
+	applyPasswordPolicy := true
+	res3, err := UpdateEmailOrPassword(data["user"].(map[string]interface{})["id"].(string), &email, &password, &applyPasswordPolicy)
+	assert.NotNil(t, res3.PasswordPolicyViolatedError)
+	assert.Equal(t, "Password must contain at least 8 characters, including a number", res3.PasswordPolicyViolatedError.FailureReason)
+}
+
+func TestUpdateEmailPassWithCustomValidator(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			APIDomain:     "api.supertokens.io",
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			Init(&epmodels.TypeInput{SignUpFeature: &epmodels.TypeInputSignUp{FormFields: []epmodels.TypeInputFormField{
+				{
+					ID: "password",
+					Validate: func(value interface{}) *string {
+						if len(value.(string)) > 5 {
+							return nil
+						}
+						err := "Password length must be more than 5 characters"
+						return &err
+					},
+				},
+			}}}),
+			session.Init(&sessmodels.TypeInput{
+				GetTokenTransferMethod: func(req *http.Request, forCreateNewSession bool, userContext supertokens.UserContext) sessmodels.TokenTransferMethod {
+					return sessmodels.CookieTransferMethod
+				},
+			}),
+		},
+	}
+
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	querier, err := supertokens.GetNewQuerierInstanceOrThrowError("")
+	if err != nil {
+		t.Error(err.Error())
+	}
+	cdiVersion, err := querier.GetQuerierAPIVersion()
+	if err != nil {
+		t.Error(err.Error())
+	}
+	if unittesting.MaxVersion("2.7", cdiVersion) == "2.7" {
+		return
+	}
+	mux := http.NewServeMux()
+	testServer := httptest.NewServer(supertokens.Middleware(mux))
+	defer testServer.Close()
+
+	_, err = unittesting.SignupRequest("testrandom@gmail.com", "validpass123", testServer.URL)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	res, err := unittesting.SignInRequest("testrandom@gmail.com", "validpass123", testServer.URL)
+
+	if err != nil {
+		t.Error(err.Error())
+	}
+	dataInBytes, err := io.ReadAll(res.Body)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	res.Body.Close()
+
+	var data map[string]interface{}
+	err = json.Unmarshal(dataInBytes, &data)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	email := "testrandom@gmail.com"
+	password := "test"
+
+	res1, err := UpdateEmailOrPassword(data["user"].(map[string]interface{})["id"].(string), &email, &password, nil)
+	assert.NotNil(t, res1.PasswordPolicyViolatedError)
+	assert.Equal(t, "Password length must be more than 5 characters", res1.PasswordPolicyViolatedError.FailureReason)
+
 }
 
 func TestAPICustomResponse(t *testing.T) {

recipe/thirdpartyemailpassword/main.go

@@ -91,12 +91,12 @@ func ResetPasswordUsingTokenWithContext(token, newPassword string, userContext s
 	return (*instance.RecipeImpl.ResetPasswordUsingToken)(token, newPassword, userContext)
 }
 
-func UpdateEmailOrPasswordWithContext(userId string, email *string, password *string, userContext supertokens.UserContext) (epmodels.UpdateEmailOrPasswordResponse, error) {
+func UpdateEmailOrPasswordWithContext(userId string, email *string, password *string, applyPasswordPolicy *bool, userContext supertokens.UserContext) (epmodels.UpdateEmailOrPasswordResponse, error) {
 	instance, err := GetRecipeInstanceOrThrowError()
 	if err != nil {
 		return epmodels.UpdateEmailOrPasswordResponse{}, err
 	}
-	return (*instance.RecipeImpl.UpdateEmailOrPassword)(userId, email, password, userContext)
+	return (*instance.RecipeImpl.UpdateEmailOrPassword)(userId, email, password, applyPasswordPolicy, userContext)
 }
 
 func SendEmailWithContext(input emaildelivery.EmailType, userContext supertokens.UserContext) error {
@@ -139,8 +139,8 @@ func ResetPasswordUsingToken(token, newPassword string) (epmodels.ResetPasswordU
 	return ResetPasswordUsingTokenWithContext(token, newPassword, &map[string]interface{}{})
 }
 
-func UpdateEmailOrPassword(userId string, email *string, password *string) (epmodels.UpdateEmailOrPasswordResponse, error) {
-	return UpdateEmailOrPasswordWithContext(userId, email, password, &map[string]interface{}{})
+func UpdateEmailOrPassword(userId string, email *string, password *string, applyPasswordPolicy *bool) (epmodels.UpdateEmailOrPasswordResponse, error) {
+	return UpdateEmailOrPasswordWithContext(userId, email, password, applyPasswordPolicy, &map[string]interface{}{})
 }
 
 func SendEmail(input emaildelivery.EmailType) error {