CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-20 03:17:30 +12:00
Code Issues Projects Releases Wiki Activity

refactor: no session alerts for otp and magic-url logins

Browse source
This commit is contained in:
Binyamin Yawitz 2024-08-01 14:36:21 -04:00
parent 8fee03bd36
commit be1753a198
No known key found for this signature in database
2 changed files with 60 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/api/account.php
View file

@ -177,6 +177,12 @@ $createSession = function (string $userId, string $secret, Request $request, Res
default => throw new Exception(Exception::USER_INVALID_TOKEN)
});
$sendingAlerts = (match ($verifiedToken->getAttribute('type')) {
Auth::TOKEN_TYPE_MAGIC_URL,
Auth::TOKEN_TYPE_EMAIL => false,
default => true
});
$session = new Document(array_merge(
[
'$id' => ID::unique(),
@ -223,7 +229,7 @@ $createSession = function (string $userId, string $secret, Request $request, Res
throw new Exception(Exception::GENERAL_SERVER_ERROR, 'Failed saving user to DB');
}
if ($project->getAttribute('auths', [])['sessionAlerts'] ?? false) {
if (($project->getAttribute('auths', [])['sessionAlerts'] ?? false) && $sendingAlerts) {
sendSessionAlert($locale, $user, $project, $session, $queueForMails);
}

56
tests/e2e/Services/Account/AccountCustomClientTest.php
View file

@ -620,9 +620,9 @@ class AccountCustomClientTest extends Scope
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'userId' => ID::unique(),
'email' => $data['email'],
'password' => $data['password'],
'name' => $data['name'],
'email' => $data['email'],
'password' => $data['password'],
'name' => $data['name'],
]);
$this->assertEquals(201, $response['headers']['status-code']);
@ -1246,6 +1246,56 @@ class AccountCustomClientTest extends Scope
$this->assertStringContainsString($response['body']['ip'], $lastEmail['text']); // IP Address
$this->assertStringContainsString('Unknown', $lastEmail['text']); // Country
$this->assertStringContainsString($response['body']['clientName'], $lastEmail['text']); // Client name
// Verify no alert sent in OTP login
$response = $this->client->call(Client::METHOD_POST, '/account/tokens/email', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'userId' => ID::unique(),
'email' => 'otpuser2@appwrite.io'
]);
$this->assertEquals($response['headers']['status-code'], 201);
$this->assertNotEmpty($response['body']['$id']);
$this->assertNotEmpty($response['body']['$createdAt']);
$this->assertNotEmpty($response['body']['userId']);
$this->assertNotEmpty($response['body']['expire']);
$this->assertEmpty($response['body']['secret']);
$this->assertEmpty($response['body']['phrase']);
$userId = $response['body']['userId'];
$lastEmail = $this->getLastEmail();
$this->assertEquals('otpuser2@appwrite.io', $lastEmail['to'][0]['address']);
$this->assertEquals('OTP for ' . $this->getProject()['name'] . ' Login', $lastEmail['subject']);
// FInd 6 concurrent digits in email text - OTP
preg_match_all("/\b\d{6}\b/", $lastEmail['text'], $matches);
$code = ($matches[0] ?? [])[0] ?? '';
$this->assertNotEmpty($code);
$response = $this->client->call(Client::METHOD_POST, '/account/sessions/token', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'userId' => $userId,
'secret' => $code
]);
$this->assertEquals(201, $response['headers']['status-code']);
$this->assertEquals($userId, $response['body']['userId']);
$this->assertNotEmpty($response['body']['$id']);
$this->assertNotEmpty($response['body']['expire']);
$this->assertEmpty($response['body']['secret']);
$lastEmailId = $lastEmail['id'];
$lastEmail = $this->getLastEmail();
$this->assertEquals($lastEmailId, $lastEmail['id']);
}
/**