PR review changes
This commit is contained in:
parent
a47a4240ed
commit
ef3f7878dc
3 changed files with 8 additions and 8 deletions
|
@ -8,7 +8,7 @@ use Appwrite\Auth\Validator\Phone;
|
||||||
use Appwrite\Detector\Detector;
|
use Appwrite\Detector\Detector;
|
||||||
use Appwrite\Event\Event;
|
use Appwrite\Event\Event;
|
||||||
use Appwrite\Event\Mail;
|
use Appwrite\Event\Mail;
|
||||||
use Appwrite\Auth\SecurityPhrase;
|
use Appwrite\Auth\Phrase;
|
||||||
use Appwrite\Extend\Exception;
|
use Appwrite\Extend\Exception;
|
||||||
use Appwrite\Network\Validator\Email;
|
use Appwrite\Network\Validator\Email;
|
||||||
use Utopia\Validator\Host;
|
use Utopia\Validator\Host;
|
||||||
|
@ -990,7 +990,7 @@ App::post('/v1/account/tokens/magic-url')
|
||||||
->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
|
->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
|
||||||
->param('email', '', new Email(), 'User email.')
|
->param('email', '', new Email(), 'User email.')
|
||||||
->param('url', '', fn($clients) => new Host($clients), 'URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
|
->param('url', '', fn($clients) => new Host($clients), 'URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
|
||||||
->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of authentication flow.', true)
|
->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true)
|
||||||
->inject('request')
|
->inject('request')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->inject('user')
|
->inject('user')
|
||||||
|
@ -1006,7 +1006,7 @@ App::post('/v1/account/tokens/magic-url')
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($phrase === true) {
|
if ($phrase === true) {
|
||||||
$phrase = SecurityPhrase::generate();
|
$phrase = Phrase::generate();
|
||||||
}
|
}
|
||||||
|
|
||||||
$roles = Authorization::getRoles();
|
$roles = Authorization::getRoles();
|
||||||
|
@ -1229,7 +1229,7 @@ App::post('/v1/account/tokens/email')
|
||||||
->label('abuse-key', 'url:{url},email:{param-email}')
|
->label('abuse-key', 'url:{url},email:{param-email}')
|
||||||
->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
|
->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
|
||||||
->param('email', '', new Email(), 'User email.')
|
->param('email', '', new Email(), 'User email.')
|
||||||
->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of authentication flow.', true)
|
->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true)
|
||||||
->inject('request')
|
->inject('request')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->inject('user')
|
->inject('user')
|
||||||
|
@ -1244,7 +1244,7 @@ App::post('/v1/account/tokens/email')
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($phrase === true) {
|
if ($phrase === true) {
|
||||||
$phrase = SecurityPhrase::generate();
|
$phrase = Phrase::generate();
|
||||||
}
|
}
|
||||||
|
|
||||||
$roles = Authorization::getRoles();
|
$roles = Authorization::getRoles();
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
namespace Appwrite\Auth;
|
namespace Appwrite\Auth;
|
||||||
|
|
||||||
class SecurityPhrase
|
class Phrase
|
||||||
{
|
{
|
||||||
public static function generate(): string
|
public static function generate(): string
|
||||||
{
|
{
|
|
@ -216,13 +216,13 @@ trait AccountBase
|
||||||
$this->assertEmpty($response['body']['secret']);
|
$this->assertEmpty($response['body']['secret']);
|
||||||
$this->assertEquals($userId, $response['body']['userId']);
|
$this->assertEquals($userId, $response['body']['userId']);
|
||||||
|
|
||||||
$securityPhrase = $response['body']['phrase'];
|
$phrase = $response['body']['phrase'];
|
||||||
|
|
||||||
$lastEmail = $this->getLastEmail();
|
$lastEmail = $this->getLastEmail();
|
||||||
$this->assertEquals('otpuser@appwrite.io', $lastEmail['to'][0]['address']);
|
$this->assertEquals('otpuser@appwrite.io', $lastEmail['to'][0]['address']);
|
||||||
$this->assertEquals('OTP for ' . $this->getProject()['name'] . ' Login', $lastEmail['subject']);
|
$this->assertEquals('OTP for ' . $this->getProject()['name'] . ' Login', $lastEmail['subject']);
|
||||||
$this->assertStringContainsStringIgnoringCase('security phrase', $lastEmail['text']);
|
$this->assertStringContainsStringIgnoringCase('security phrase', $lastEmail['text']);
|
||||||
$this->assertStringContainsStringIgnoringCase($securityPhrase, $lastEmail['text']);
|
$this->assertStringContainsStringIgnoringCase($phrase, $lastEmail['text']);
|
||||||
|
|
||||||
$response = $this->client->call(Client::METHOD_POST, '/account/tokens/email', array_merge([
|
$response = $this->client->call(Client::METHOD_POST, '/account/tokens/email', array_merge([
|
||||||
'origin' => 'http://localhost',
|
'origin' => 'http://localhost',
|
||||||
|
|
Loading…
Reference in a new issue