From ef3f7878dc30c3b7a61c0e6dfef4eaf94c69c828 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 1 Feb 2024 14:13:30 +0000 Subject: [PATCH] PR review changes --- app/controllers/api/account.php | 10 +++++----- src/Appwrite/Auth/{SecurityPhrase.php => Phrase.php} | 2 +- tests/e2e/Services/Account/AccountBase.php | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) rename src/Appwrite/Auth/{SecurityPhrase.php => Phrase.php} (99%) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index a5fe426d18..d1d19509e3 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -8,7 +8,7 @@ use Appwrite\Auth\Validator\Phone; use Appwrite\Detector\Detector; use Appwrite\Event\Event; use Appwrite\Event\Mail; -use Appwrite\Auth\SecurityPhrase; +use Appwrite\Auth\Phrase; use Appwrite\Extend\Exception; use Appwrite\Network\Validator\Email; use Utopia\Validator\Host; @@ -990,7 +990,7 @@ App::post('/v1/account/tokens/magic-url') ->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('email', '', new Email(), 'User email.') ->param('url', '', fn($clients) => new Host($clients), 'URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients']) - ->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of authentication flow.', true) + ->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true) ->inject('request') ->inject('response') ->inject('user') @@ -1006,7 +1006,7 @@ App::post('/v1/account/tokens/magic-url') } if ($phrase === true) { - $phrase = SecurityPhrase::generate(); + $phrase = Phrase::generate(); } $roles = Authorization::getRoles(); @@ -1229,7 +1229,7 @@ App::post('/v1/account/tokens/email') ->label('abuse-key', 'url:{url},email:{param-email}') ->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('email', '', new Email(), 'User email.') - ->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of authentication flow.', true) + ->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true) ->inject('request') ->inject('response') ->inject('user') @@ -1244,7 +1244,7 @@ App::post('/v1/account/tokens/email') } if ($phrase === true) { - $phrase = SecurityPhrase::generate(); + $phrase = Phrase::generate(); } $roles = Authorization::getRoles(); diff --git a/src/Appwrite/Auth/SecurityPhrase.php b/src/Appwrite/Auth/Phrase.php similarity index 99% rename from src/Appwrite/Auth/SecurityPhrase.php rename to src/Appwrite/Auth/Phrase.php index bc4bc31ea1..db6c4fb591 100644 --- a/src/Appwrite/Auth/SecurityPhrase.php +++ b/src/Appwrite/Auth/Phrase.php @@ -2,7 +2,7 @@ namespace Appwrite\Auth; -class SecurityPhrase +class Phrase { public static function generate(): string { diff --git a/tests/e2e/Services/Account/AccountBase.php b/tests/e2e/Services/Account/AccountBase.php index ec8cb6f837..55c00d43bc 100644 --- a/tests/e2e/Services/Account/AccountBase.php +++ b/tests/e2e/Services/Account/AccountBase.php @@ -216,13 +216,13 @@ trait AccountBase $this->assertEmpty($response['body']['secret']); $this->assertEquals($userId, $response['body']['userId']); - $securityPhrase = $response['body']['phrase']; + $phrase = $response['body']['phrase']; $lastEmail = $this->getLastEmail(); $this->assertEquals('otpuser@appwrite.io', $lastEmail['to'][0]['address']); $this->assertEquals('OTP for ' . $this->getProject()['name'] . ' Login', $lastEmail['subject']); $this->assertStringContainsStringIgnoringCase('security phrase', $lastEmail['text']); - $this->assertStringContainsStringIgnoringCase($securityPhrase, $lastEmail['text']); + $this->assertStringContainsStringIgnoringCase($phrase, $lastEmail['text']); $response = $this->client->call(Client::METHOD_POST, '/account/tokens/email', array_merge([ 'origin' => 'http://localhost',