diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 9e5448150f..b7b92cd9c6 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -8,7 +8,7 @@ use Appwrite\Auth\Validator\Phone;
use Appwrite\Detector\Detector;
use Appwrite\Event\Event;
use Appwrite\Event\Mail;
-use Appwrite\Auth\SecurityPhrase;
+use Appwrite\Auth\Phrase;
use Appwrite\Extend\Exception;
use Appwrite\Network\Validator\Email;
use Utopia\Validator\Host;
@@ -990,7 +990,7 @@ App::post('/v1/account/tokens/magic-url')
->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('email', '', new Email(), 'User email.')
->param('url', '', fn($clients) => new Host($clients), 'URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
- ->param('securityPhrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of authentication flow.', true)
+ ->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true)
->inject('request')
->inject('response')
->inject('user')
@@ -999,14 +999,14 @@ App::post('/v1/account/tokens/magic-url')
->inject('locale')
->inject('queueForEvents')
->inject('queueForMails')
- ->action(function (string $userId, string $email, string $url, bool $securityPhrase, Request $request, Response $response, Document $user, Document $project, Database $dbForProject, Locale $locale, Event $queueForEvents, Mail $queueForMails) {
+ ->action(function (string $userId, string $email, string $url, bool $phrase, Request $request, Response $response, Document $user, Document $project, Database $dbForProject, Locale $locale, Event $queueForEvents, Mail $queueForMails) {
if (empty(App::getEnv('_APP_SMTP_HOST'))) {
throw new Exception(Exception::GENERAL_SMTP_DISABLED, 'SMTP disabled');
}
- if ($securityPhrase === true) {
- $securityPhrase = SecurityPhrase::generate();
+ if ($phrase === true) {
+ $phrase = Phrase::generate();
}
$roles = Authorization::getRoles();
@@ -1116,7 +1116,7 @@ App::post('/v1/account/tokens/magic-url')
->setParam('{{thanks}}', $locale->getText("emails.magicSession.thanks"))
->setParam('{{signature}}', $locale->getText("emails.magicSession.signature"));
- if (!empty($securityPhrase)) {
+ if (!empty($phrase)) {
$message->setParam('{{securityPhrase}}', $locale->getText("emails.magicSession.securityPhrase"));
} else {
$message->setParam('{{securityPhrase}}', '');
@@ -1180,7 +1180,7 @@ App::post('/v1/account/tokens/magic-url')
'agentDevice' => '' . ( $agentDevice['deviceBrand'] ?? $agentDevice['deviceBrand'] ?? 'UNKNOWN') . '',
'agentClient' => '' . ($agentClient['clientName'] ?? 'UNKNOWN') . '',
'agentOs' => '' . ($agentOs['osName'] ?? 'UNKNOWN') . '',
- 'phrase' => '' . (!empty($securityPhrase) ? $securityPhrase : '') . ''
+ 'phrase' => '' . (!empty($phrase) ? $phrase : '') . ''
];
$queueForMails
@@ -1200,8 +1200,8 @@ App::post('/v1/account/tokens/magic-url')
// Hide secret for clients
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $tokenSecret : '');
- if (!empty($securityPhrase)) {
- $token->setAttribute('securityPhrase', $securityPhrase);
+ if (!empty($phrase)) {
+ $token->setAttribute('phrase', $phrase);
}
$response
@@ -1229,7 +1229,7 @@ App::post('/v1/account/tokens/email')
->label('abuse-key', 'url:{url},email:{param-email}')
->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('email', '', new Email(), 'User email.')
- ->param('securityPhrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of authentication flow.', true)
+ ->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true)
->inject('request')
->inject('response')
->inject('user')
@@ -1238,13 +1238,13 @@ App::post('/v1/account/tokens/email')
->inject('locale')
->inject('queueForEvents')
->inject('queueForMails')
- ->action(function (string $userId, string $email, bool $securityPhrase, Request $request, Response $response, Document $user, Document $project, Database $dbForProject, Locale $locale, Event $queueForEvents, Mail $queueForMails) {
+ ->action(function (string $userId, string $email, bool $phrase, Request $request, Response $response, Document $user, Document $project, Database $dbForProject, Locale $locale, Event $queueForEvents, Mail $queueForMails) {
if (empty(App::getEnv('_APP_SMTP_HOST'))) {
throw new Exception(Exception::GENERAL_SMTP_DISABLED, 'SMTP disabled');
}
- if ($securityPhrase === true) {
- $securityPhrase = SecurityPhrase::generate();
+ if ($phrase === true) {
+ $phrase = Phrase::generate();
}
$roles = Authorization::getRoles();
@@ -1344,7 +1344,7 @@ App::post('/v1/account/tokens/email')
->setParam('{{thanks}}', $locale->getText("emails.otpSession.thanks"))
->setParam('{{signature}}', $locale->getText("emails.otpSession.signature"));
- if (!empty($securityPhrase)) {
+ if (!empty($phrase)) {
$message->setParam('{{securityPhrase}}', $locale->getText("emails.otpSession.securityPhrase"));
} else {
$message->setParam('{{securityPhrase}}', '');
@@ -1408,7 +1408,7 @@ App::post('/v1/account/tokens/email')
'agentDevice' => '' . ( $agentDevice['deviceBrand'] ?? $agentDevice['deviceBrand'] ?? 'UNKNOWN') . '',
'agentClient' => '' . ($agentClient['clientName'] ?? 'UNKNOWN') . '',
'agentOs' => '' . ($agentOs['osName'] ?? 'UNKNOWN') . '',
- 'phrase' => '' . (!empty($securityPhrase) ? $securityPhrase : '') . ''
+ 'phrase' => '' . (!empty($phrase) ? $phrase : '') . ''
];
$queueForMails
@@ -1428,8 +1428,8 @@ App::post('/v1/account/tokens/email')
// Hide secret for clients
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $tokenSecret : '');
- if (!empty($securityPhrase)) {
- $token->setAttribute('securityPhrase', $securityPhrase);
+ if (!empty($phrase)) {
+ $token->setAttribute('phrase', $phrase);
}
$response
diff --git a/src/Appwrite/Auth/SecurityPhrase.php b/src/Appwrite/Auth/Phrase.php
similarity index 99%
rename from src/Appwrite/Auth/SecurityPhrase.php
rename to src/Appwrite/Auth/Phrase.php
index bc4bc31ea1..db6c4fb591 100644
--- a/src/Appwrite/Auth/SecurityPhrase.php
+++ b/src/Appwrite/Auth/Phrase.php
@@ -2,7 +2,7 @@
namespace Appwrite\Auth;
-class SecurityPhrase
+class Phrase
{
public static function generate(): string
{
diff --git a/src/Appwrite/Utopia/Response/Model/Token.php b/src/Appwrite/Utopia/Response/Model/Token.php
index 2ee0c09e16..fa041fabed 100644
--- a/src/Appwrite/Utopia/Response/Model/Token.php
+++ b/src/Appwrite/Utopia/Response/Model/Token.php
@@ -40,7 +40,7 @@ class Token extends Model
'default' => '',
'example' => self::TYPE_DATETIME_EXAMPLE,
])
- ->addRule('securityPhrase', [
+ ->addRule('phrase', [
'type' => self::TYPE_STRING,
'description' => 'Security phrase of a token. Empty if security phrase was not requested when creating a token. It includes randomly generated phrase which is also sent in the external resource such as email.',
'default' => '',
diff --git a/tests/e2e/Services/Account/AccountBase.php b/tests/e2e/Services/Account/AccountBase.php
index 6683c63d23..55c00d43bc 100644
--- a/tests/e2e/Services/Account/AccountBase.php
+++ b/tests/e2e/Services/Account/AccountBase.php
@@ -148,7 +148,7 @@ trait AccountBase
$this->assertNotEmpty($response['body']['userId']);
$this->assertNotEmpty($response['body']['expire']);
$this->assertEmpty($response['body']['secret']);
- $this->assertEmpty($response['body']['securityPhrase']);
+ $this->assertEmpty($response['body']['phrase']);
$userId = $response['body']['userId'];
@@ -208,21 +208,21 @@ trait AccountBase
]), [
'userId' => ID::unique(),
'email' => 'otpuser@appwrite.io',
- 'securityPhrase' => true
+ 'phrase' => true
]);
$this->assertEquals($response['headers']['status-code'], 201);
- $this->assertNotEmpty($response['body']['securityPhrase']);
+ $this->assertNotEmpty($response['body']['phrase']);
$this->assertEmpty($response['body']['secret']);
$this->assertEquals($userId, $response['body']['userId']);
- $securityPhrase = $response['body']['securityPhrase'];
+ $phrase = $response['body']['phrase'];
$lastEmail = $this->getLastEmail();
$this->assertEquals('otpuser@appwrite.io', $lastEmail['to'][0]['address']);
$this->assertEquals('OTP for ' . $this->getProject()['name'] . ' Login', $lastEmail['subject']);
$this->assertStringContainsStringIgnoringCase('security phrase', $lastEmail['text']);
- $this->assertStringContainsStringIgnoringCase($securityPhrase, $lastEmail['text']);
+ $this->assertStringContainsStringIgnoringCase($phrase, $lastEmail['text']);
$response = $this->client->call(Client::METHOD_POST, '/account/tokens/email', array_merge([
'origin' => 'http://localhost',
diff --git a/tests/e2e/Services/Account/AccountCustomClientTest.php b/tests/e2e/Services/Account/AccountCustomClientTest.php
index 0b3ac5edc6..87787c9ea1 100644
--- a/tests/e2e/Services/Account/AccountCustomClientTest.php
+++ b/tests/e2e/Services/Account/AccountCustomClientTest.php
@@ -2331,7 +2331,7 @@ class AccountCustomClientTest extends Scope
$this->assertEquals(201, $response['headers']['status-code']);
$this->assertNotEmpty($response['body']['$id']);
$this->assertEmpty($response['body']['secret']);
- $this->assertEmpty($response['body']['securityPhrase']);
+ $this->assertEmpty($response['body']['phrase']);
$this->assertEquals(true, (new DatetimeValidator())->isValid($response['body']['expire']));
$userId = $response['body']['userId'];
@@ -2399,15 +2399,15 @@ class AccountCustomClientTest extends Scope
]), [
'userId' => ID::unique(),
'email' => $email,
- 'securityPhrase' => true
+ 'phrase' => true
]);
$this->assertEquals(201, $response['headers']['status-code']);
$this->assertNotEmpty($response['body']['$id']);
- $this->assertNotEmpty($response['body']['securityPhrase']);
+ $this->assertNotEmpty($response['body']['phrase']);
$lastEmail = $this->getLastEmail();
- $this->assertStringContainsStringIgnoringCase($response['body']['securityPhrase'], $lastEmail['text']);
+ $this->assertStringContainsStringIgnoringCase($response['body']['phrase'], $lastEmail['text']);
$data['token'] = $token;
$data['id'] = $userId;