Skip to content

Commit

Permalink
resolves all pr comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@rishabhpoddar
rishabhpoddar committed Jul 16, 2024
1 parent 6d33e18 commit 239e2de
Show file tree
Hide file tree
Showing 6 changed files with 492 additions and 148 deletions.
48 changes: 18 additions & 30 deletions lib/ts/recipe/emailpassword/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,11 +91,8 @@ export type RecipeInterface = {
tenantId: string;
securityOptions?: {
enforceEmailBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
checkBreachedPassword?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext: UserContext;
}): Promise<
Expand All @@ -114,7 +111,7 @@ export type RecipeInterface = {
| "SESSION_USER_ACCOUNT_INFO_ALREADY_ASSOCIATED_WITH_ANOTHER_PRIMARY_USER_ID_ERROR";
}
| {
status: "EMAIL_BANNED_ERROR" | "BREACHED_PASSWORD_ERROR" | "IP_BANNED_ERROR";
status: "EMAIL_BANNED_ERROR" | "IP_BANNED_ERROR";
}
| {
// this can happen during account linking, if the primary user that this is going to be linked to is banned.
Expand All @@ -132,11 +129,8 @@ export type RecipeInterface = {
tenantId: string;
securityOptions?: {
enforceEmailBan?: boolean;
checkBreachedPassword?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext: UserContext;
}): Promise<
Expand All @@ -147,7 +141,7 @@ export type RecipeInterface = {
}
| { status: "EMAIL_ALREADY_EXISTS_ERROR" }
| {
status: "EMAIL_BANNED_ERROR" | "BREACHED_PASSWORD_ERROR" | "IP_BANNED_ERROR";
status: "EMAIL_BANNED_ERROR" | "IP_BANNED_ERROR";
}
>;

Expand All @@ -159,11 +153,8 @@ export type RecipeInterface = {
securityOptions?: {
enforceUserBan?: boolean;
enforceEmailBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
checkBreachedPassword?: boolean; // will be false here by default even if users want to check breached password
enforceIpBan?: boolean;
ipAddress?: string;
limitWrongCredentialsAttempt?: {
enabled?: boolean;
counterKey?: string; // by default, it is just email ID
Expand All @@ -184,7 +175,7 @@ export type RecipeInterface = {
| "SESSION_USER_ACCOUNT_INFO_ALREADY_ASSOCIATED_WITH_ANOTHER_PRIMARY_USER_ID_ERROR";
}
| {
status: "EMAIL_BANNED_ERROR" | "BREACHED_PASSWORD_ERROR" | "IP_BANNED_ERROR";
status: "EMAIL_BANNED_ERROR" | "IP_BANNED_ERROR";
}
| {
status: "USER_BANNED_ERROR";
Expand All @@ -205,11 +196,8 @@ export type RecipeInterface = {
securityOptions?: {
enforceUserBan?: boolean;
enforceEmailBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
checkBreachedPassword?: boolean; // will be false here by default even if users want to check breached password
enforceIpBan?: boolean;
ipAddress?: string;
limitWrongCredentialsAttempt?: {
enabled?: boolean;
counterKey?: string; // by default, it is just email ID
Expand All @@ -221,7 +209,7 @@ export type RecipeInterface = {
| { status: "OK"; user: User; recipeUserId: RecipeUserId }
| { status: "WRONG_CREDENTIALS_ERROR" }
| {
status: "EMAIL_BANNED_ERROR" | "BREACHED_PASSWORD_ERROR" | "IP_BANNED_ERROR";
status: "EMAIL_BANNED_ERROR" | "IP_BANNED_ERROR";
}
| {
status: "USER_BANNED_ERROR";
Expand All @@ -246,10 +234,8 @@ export type RecipeInterface = {
securityOptions?: {
enforceUserBan?: boolean;
enforceEmailBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext: UserContext;
}): Promise<
Expand Down Expand Up @@ -287,7 +273,6 @@ export type RecipeInterface = {
userContext: UserContext;
applyPasswordPolicy?: boolean;
securityOptions?: {
checkBreachedPassword?: boolean;
limitOldPasswordReuse?: {
enabled?: boolean;
numberOfOldPasswordsToCheck?: number;
Expand All @@ -303,7 +288,7 @@ export type RecipeInterface = {
reason: string;
}
| { status: "PASSWORD_POLICY_VIOLATED_ERROR"; failureReason: string }
| { status: "BREACHED_PASSWORD_ERROR" | "OLD_PASSWORD_REUSED_ERROR" }
| { status: "OLD_PASSWORD_REUSED_ERROR" }
>;
};

Expand Down Expand Up @@ -338,6 +323,7 @@ export type APIInterface = {
| undefined
| ((input: {
googleRecaptchaToken?: string;
securityServiceRequestId?: string;
formFields: {
id: string;
value: string;
Expand Down Expand Up @@ -384,6 +370,7 @@ export type APIInterface = {
| undefined
| ((input: {
googleRecaptchaToken?: string;
securityServiceRequestId?: string;
formFields: {
id: string;
value: string;
Expand Down Expand Up @@ -412,6 +399,7 @@ export type APIInterface = {
| undefined
| ((input: {
googleRecaptchaToken?: string;
securityServiceRequestId?: string;
formFields: {
id: string;
value: string;
Expand Down
27 changes: 10 additions & 17 deletions lib/ts/recipe/passwordless/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,10 +125,8 @@ export type RecipeInterface = {
enforceUserBan?: boolean; // in case this is a sign in and not a sign up
enforceEmailBan?: boolean;
enforcePhoneNumberBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}
) => Promise<
Expand Down Expand Up @@ -160,10 +158,8 @@ export type RecipeInterface = {
securityOptions?: {
enforceEmailBan?: boolean;
enforcePhoneNumberBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}) => Promise<
| {
Expand Down Expand Up @@ -194,10 +190,8 @@ export type RecipeInterface = {
enforceUserBan?: boolean;
enforceEmailBan?: boolean;
enforcePhoneNumberBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}
| {
Expand All @@ -210,10 +204,8 @@ export type RecipeInterface = {
enforceUserBan?: boolean;
enforceEmailBan?: boolean;
enforcePhoneNumberBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}
) => Promise<
Expand Down Expand Up @@ -393,6 +385,7 @@ export type APIInterface = {
options: APIOptions;
userContext: UserContext;
googleRecaptchaToken?: string;
securityServiceRequestId?: string;
}
) => Promise<
| {
Expand All @@ -408,7 +401,7 @@ export type APIInterface = {
| GeneralErrorResponse
>;

// we intentionally do not add googleRecaptcha in here cause
// we intentionally do not add googleRecaptcha or securityServiceRequestId in here cause
// it's the same device that generates the code during createCode, and if
// that's not a bot, nor is this.
resendCodePOST?: (
Expand Down
47 changes: 43 additions & 4 deletions lib/ts/recipe/session/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,12 @@ export interface VerifySessionOptions {
antiCsrfCheck?: boolean;
sessionRequired?: boolean;
checkDatabase?: boolean;
securityChecks?: {
// should be checked only if checkDatabase is true.
enforceUserBan?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
overrideGlobalClaimValidators?: (
globalClaimValidators: SessionClaimValidator[],
session: SessionContainerInterface,
Expand Down Expand Up @@ -261,6 +267,8 @@ export type RecipeInterface = {
userContext: UserContext;
securityOptions?: {
enforceUserBan?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
}): Promise<SessionContainerInterface>;

Expand Down Expand Up @@ -296,25 +304,40 @@ export type RecipeInterface = {

revokeMultipleSessions(input: { sessionHandles: string[]; userContext: UserContext }): Promise<string[]>;

// Returns false if the sessionHandle does not exist
// Returns false if the sessionHandle does not exist or security options deny this session
updateSessionDataInDatabase(input: {
sessionHandle: string;
newSessionData: any;
securityOptions?: {
enforceUserBan?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext: UserContext;
}): Promise<boolean>;

mergeIntoAccessTokenPayload(input: {
sessionHandle: string;
accessTokenPayloadUpdate: JSONObject;
securityOptions?: {
enforceUserBan?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext: UserContext;
}): Promise<boolean>;

/**
* @returns {Promise<boolean>} Returns false if the sessionHandle does not exist
* Returns undefined if the sessionHandle does not exist or security options deny this session
*/
regenerateAccessToken(input: {
accessToken: string;
newAccessTokenPayload?: any;
securityOptions?: {
enforceUserBan?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext: UserContext;
}): Promise<
| {
Expand Down Expand Up @@ -379,7 +402,15 @@ export interface SessionContainerInterface {

getSessionDataFromDatabase(userContext?: Record<string, any>): Promise<any>;

updateSessionDataInDatabase(newSessionData: any, userContext?: Record<string, any>): Promise<any>;
updateSessionDataInDatabase(input?: {
newSessionData: any;
securityOptions?: {
enforceUserBan?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext?: Record<string, any>;
}): Promise<any>;

getUserId(userContext?: Record<string, any>): string;

Expand All @@ -400,7 +431,15 @@ export interface SessionContainerInterface {

getAccessToken(userContext?: Record<string, any>): string;

mergeIntoAccessTokenPayload(accessTokenPayloadUpdate: JSONObject, userContext?: Record<string, any>): Promise<void>;
mergeIntoAccessTokenPayload(input?: {
accessTokenPayloadUpdate: JSONObject;
securityOptions?: {
enforceUserBan?: boolean;
enforceIpBan?: boolean;
ipAddress?: string;
};
userContext?: Record<string, any>;
}): Promise<void>;

getTimeCreated(userContext?: Record<string, any>): Promise<number>;

Expand Down
6 changes: 2 additions & 4 deletions lib/ts/recipe/thirdparty/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,10 +178,8 @@ export type RecipeInterface = {
securityOptions?: {
enforceUserBan?: boolean;
enforceEmailBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}): Promise<
| {
Expand Down
20 changes: 8 additions & 12 deletions lib/ts/recipe/totp/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,8 @@ export type RecipeInterface = {
userContext: UserContext;
securityOptions?: {
enforceUserBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}) => Promise<
| {
Expand Down Expand Up @@ -122,10 +120,8 @@ export type RecipeInterface = {
userContext: UserContext;
securityOptions?: {
enforceUserBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}) => Promise<
| {
Expand Down Expand Up @@ -155,10 +151,8 @@ export type RecipeInterface = {
userContext: UserContext;
securityOptions?: {
enforceUserBan?: boolean;
ipBan?: {
enabled?: boolean;
ipAddress?: string;
};
enforceIpBan?: boolean;
ipAddress?: string;
};
}) => Promise<
| {
Expand Down Expand Up @@ -247,6 +241,7 @@ export type APIInterface = {
| undefined
| ((input: {
googleRecaptchaToken?: string;
securityServiceRequestId?: string;
deviceName: string;
totp: string;
options: APIOptions;
Expand Down Expand Up @@ -276,6 +271,7 @@ export type APIInterface = {
| undefined
| ((input: {
googleRecaptchaToken?: string;
securityServiceRequestId?: string;
totp: string;
options: APIOptions;
session: SessionContainerInterface;
Expand Down
Loading

0 comments on commit 239e2de

Please sign in to comment.