Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: Account linking #670

Merged
merged 85 commits into from
Sep 20, 2023
+44,372 −23,120
Merged

feat!: Account linking #670

Show file tree
Hide file tree
Changes from 82 commits
Commits
Show all changes
85 commits
Select commit Hold shift + click to select a range
170c677
account linking changes (#425)
bhumilsarvaiya Nov 23, 2022
08c2b89
Recipe interface changes regarding account-linking (#439)
bhumilsarvaiya Nov 25, 2022
1c8b4f5
thirdparty interface changes regarding account-linking (#443)
bhumilsarvaiya Nov 28, 2022
7973b8c
passwordless interface changes for account linking (#444)
bhumilsarvaiya Nov 28, 2022
1d98e90
feat: Account linking interface update (#463)
bhumilsarvaiya Dec 30, 2022
3148dc1
merge with 13.0
bhumilsarvaiya Feb 13, 2023
d233bbc
feat: Account linking recipe implementation (#466)
bhumilsarvaiya Mar 3, 2023
3046204
chore: Account linking general refactor (#541)
nkshah2 May 2, 2023
765d915
more review comment changes
rishabhpoddar May 2, 2023
35c1e93
type changes
rishabhpoddar May 2, 2023
8b493a7
feat: Emailpassword accountlinking (#501)
bhumilsarvaiya May 7, 2023
b678e7d
merges with latest (#559)
rishabhpoddar May 8, 2023
211c898
Emailverification accountlinking (#528)
bhumilsarvaiya May 11, 2023
651d2e7
merges (#560)
rishabhpoddar May 11, 2023
b14e25d
merges
rishabhpoddar May 11, 2023
81d0055
builds pretty
rishabhpoddar May 11, 2023
559539b
merges with latest
rishabhpoddar May 11, 2023
808f75c
merges
rishabhpoddar May 11, 2023
89baf8e
merges with latest
rishabhpoddar May 11, 2023
9a093cb
Account linking test fixes (#566)
rishabhpoddar May 17, 2023
de00244
Account linking recipe primary user id types (#568)
rishabhpoddar May 19, 2023
73f3b7c
merges with latest
rishabhpoddar May 30, 2023
39c9636
Account linking tests (#572)
rishabhpoddar Jun 1, 2023
f77d909
Merge branch '14.1' into account-linking
rishabhpoddar Jun 3, 2023
2130c6e
removes use of account linking claim (#577)
rishabhpoddar Jun 4, 2023
a26c48b
adds mock reset to make tests pass
rishabhpoddar Jun 4, 2023
683ed8b
merges with latest
rishabhpoddar Jun 7, 2023
777f363
account linking third party (#579)
rishabhpoddar Jun 11, 2023
8296c17
Merge branch '14.1' into account-linking
rishabhpoddar Jun 14, 2023
b2ba9b2
changes to sign in flow for third party and email password to check f…
rishabhpoddar Jun 15, 2023
8c5c992
fixes a test
rishabhpoddar Jun 15, 2023
8d00959
removes unnecessary console log
rishabhpoddar Jun 15, 2023
802bb26
fixes a bug
rishabhpoddar Jun 16, 2023
17e2002
a few fixes and edge cases
rishabhpoddar Jun 16, 2023
e791146
Merge branch '14.1' into account-linking
rishabhpoddar Jun 20, 2023
b7a58e3
small bug fix
rishabhpoddar Jun 21, 2023
147be98
removes unused function
rishabhpoddar Jun 29, 2023
aa12c03
small changes
rishabhpoddar Jun 29, 2023
37ec32e
Merge remote-tracking branch 'origin/15.0' into account-linking
porcellus Aug 2, 2023
05719a3
feat: smaller test&test based fixes for merge issues
porcellus Aug 2, 2023
96e9fb4
feat: implement passwordless in account-linking (#664)
porcellus Aug 4, 2023
0522927
feat: integrate with CDI 4.0 (#665)
porcellus Aug 6, 2023
24ef7a3
fix: minor fix for getsession api in dashboard recipe (#666)
iresharma Aug 7, 2023
9ceaae6
fix: add missing serialization in userDetailsGET
porcellus Aug 7, 2023
dd87174
feat: fixing checklist items (#669)
porcellus Aug 8, 2023
7b4d4d1
feat: checklist progress + updated/extended tests
porcellus Aug 18, 2023
82ddf38
test: extended account linking tests based on the checklist
porcellus Aug 21, 2023
a4e186c
feat: add some error codes to messages including contact support
porcellus Aug 21, 2023
c9c9082
feat: Account unlink endpoint for dashboard (#674)
iresharma Aug 21, 2023
a21bf65
Merge remote-tracking branch 'origin/15.1' into account-linking
porcellus Aug 22, 2023
a284b04
feat(account_linkig): optimize to have less core calls/update interfa…
rishabhpoddar Sep 1, 2023
966e9d9
test: test util improvements
porcellus Sep 1, 2023
9ab4f61
docs: moved account-linking example app to auth-react
porcellus Sep 4, 2023
5093a2a
feat: update error codes
porcellus Sep 4, 2023
59e933a
fix: emailExistsGET should check if the login method has the right email
porcellus Sep 4, 2023
7a7315b
feat: allow sign-in in more cases
porcellus Sep 6, 2023
f0c8bc1
feat: remove EMAIL_ALREADY_USED_IN_ANOTHER_ACCOUNT
porcellus Sep 7, 2023
244a225
feat: update types based on CDI changes
porcellus Sep 7, 2023
f3fcaf8
feat: ignore protected props in createNewSession* (#690)
porcellus Sep 11, 2023
dcf849f
feat: update return type of update user in pwless
porcellus Sep 12, 2023
37c66d3
feat: add separate error codes for sign in/up not allowed in EP
porcellus Sep 12, 2023
9463064
fix: make connection refused detection in querier a bit more general
porcellus Sep 12, 2023
2a82e65
feat: remove tenantId from isEmailChangeAllowed inputs
porcellus Sep 12, 2023
8cf2eef
feat: make user (dis)association fns take recipeUserId instead of userId
porcellus Sep 12, 2023
8db8133
test: update tests for new behaviour + some cleanup
porcellus Sep 12, 2023
2a6cb57
Merge branch 'account-linking' of github.com:supertokens/supertokens-…
porcellus Sep 12, 2023
0bf3742
Merge remote-tracking branch 'origin/15.2' into account-linking
porcellus Sep 12, 2023
d737abd
fix: fix returning SIGN_UP_NOT_ALLOWED to the client
porcellus Sep 12, 2023
c57a784
fix: update the error message for ERR_CODE_007
porcellus Sep 12, 2023
e110712
feat: remove DISASSOCIATION_NOT_ALLOWED_ERROR
porcellus Sep 12, 2023
f723447
chore: update changelog
porcellus Sep 12, 2023
67efb36
feat: update param name to match CDI
porcellus Sep 13, 2023
5da23d8
chore: bump dashboard version
porcellus Sep 13, 2023
dc681e3
fix: update types based on the CDI
porcellus Sep 13, 2023
74ba078
test: update tests
porcellus Sep 13, 2023
bb74f9b
test: update auth-react-server for tests
porcellus Sep 13, 2023
ff5f182
test: update test server to better handle in-memory tests
porcellus Sep 14, 2023
825888f
chore: extended changelog
porcellus Sep 14, 2023
4f1a681
test: update integration test server
porcellus Sep 14, 2023
1140130
test: add an extended test checking if protected props are ignored in…
porcellus Sep 16, 2023
68c4803
fix: return FIELD_ERROR even if AL is on if there is a conflicting EP…
porcellus Sep 16, 2023
340d80f
Apply suggestions from code review
porcellus Sep 16, 2023
56255ee
docs: extended changelog & implemented review comments
porcellus Sep 16, 2023
d2b8684
docs: make migration guide more consistent
porcellus Sep 16, 2023
617d882
Update .github/PULL_REQUEST_TEMPLATE.md
rishabhpoddar Sep 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
- [ ] If have added a new web framework, update the `add-ts-no-check.js` file to include that
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add changelog. In that, also mention that the way we check for sign up condition in functions override (like in email password sign up), has changed, and that you should also check for loginMethods length. Show code snippet too

- [ ] If added a new recipe / api interface, then make sure that the implementation of it uses NON arrow functions only (like `someFunc: function () {..}`).
- [ ] If added a new recipe, then make sure to expose it inside the recipe folder present in the root of this repo. We also need to expose its types.
- [ ] If added a new **auth recipe**, make sure to change the function implementation of `assertNewUserInfoPassedContainsTheRightFields` in accountlinking/recipe.ts to take into account that recipe's input types during sign in / up.
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved

## Remaining TODOs for this PR

Expand Down
182 changes: 182 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,188 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [unreleased]

## [16.0.0] - 2023-08-XX

rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
### Breaking changes

rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
- Now only supporting CDI 4.0. Compatible with core version >= 7.0
- Now supporting FDI 1.18
- removed the recipe specific `User` type, now all functions are using the new generic `User` type
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- removed the recipe specific `User` type, now all functions are using the new generic `User` type
- Removed the recipe specific `User` type, now all functions are using the new generic `User` type

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also link to this page: supertokens.com/docs/thirdpartyemailpassword/user-object

- The `fetchValue` callback of claims now take a new `recipeUserId` param
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
- Now ignoring protected props in the payload in `createNewSession` and `createNewSessionWithoutRequestResponse`
- `createdNewUser` has been renamed to `createdNewRecipeUser` in sign up related APIs and functions

- EmailPassword:
- removed `getUserById`, `getUserByEmail`. You should use `supertokens.getUser`, and `supertokens. listUsersByAccountInfo` instead
- added `consumePasswordResetToken`. This function allows the consumption of the reset password token without changing the password. It will return OK if the token was valid.
- added an overrideable `createNewRecipeUser` function that is called during sign up and password reset flow (in case a new email password user is being created on the fly). This is mostly for internal use.
- `recipeUserId` is added to the input of `getContent` of the email delivery config
- `email` was added to the input of `createResetPasswordToken` , `sendResetPasswordEmail`, `createResetPasswordLink`
- `updateEmailOrPassword` :
- now takes `recipeUserId` instead of `userId`
- can return the new `EMAIL_CHANGE_NOT_ALLOWED_ERROR` status
- `signIn`:
- returns `recipeUserId`
- `signUp`:
- returns `recipeUserId`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • these return the whole new user object now right? Not just recipeUserId.
  • Also, these functions now attempt to link accounts as well

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Yup, but they already did that, only the type change (which is mentioned elsewhere)
  • They do, but only if you turn on account-linking which is a whole separate docs. I'll add a few lines about that pointing to the right docs.

- `signInPOST`:
- can return status `SIGN_IN_NOT_ALLOWED`
- `signUpPOST`:
- can return status `SIGN_UP_NOT_ALLOWED`
- `generatePasswordResetTokenPOST`:
- can now return `PASSWORD_RESET_NOT_ALLOWED`
- `passwordResetPOST`:
- now returns the `user` and the `email` whose password was reset
- can now return `PASSWORD_POLICY_VIOLATED_ERROR`
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
- EmailVerification:
- `createEmailVerificationToken`, `createEmailVerificationLink`, `isEmailVerified`, `revokeEmailVerificationTokens` , `unverifyEmail`:
- now takes `recipeUserId` instead of `userId`
- `sendEmailVerificationEmail` :
- now takes an additional `recipeUserId` parameter
- `verifyEmailUsingToken`:
- now takes a new `attemptAccountLinking` parameter
- returns the `recipeUserId` instead of `id`
- `sendEmail` now requires a new `recipeUserId` as part of the user info
- `getEmailForUserId` config option was renamed to `getEmailForRecipeUserId`
- `verifyEmailPOST`, `generateEmailVerifyTokenPOST`: returns an optional `newSession` in case the current user session needs to be updated
- Passwordless:
- removed `getUserById`, `getUserByEmail`, `getUserByPhoneNumber`
- `updateUser` :
- now takes `recipeUserId` instead of `userId`
- can return `"EMAIL_CHANGE_NOT_ALLOWED_ERROR` and `PHONE_NUMBER_CHANGE_NOT_ALLOWED_ERROR` statuses
- `createCodePOST` and `consumeCodePOST` can now return `SIGN_IN_UP_NOT_ALLOWED`
- Session:
- access tokens and session objects now contain the recipe user id
- Support for new access token version
- `recipeUserId` is now added to the payload of the `TOKEN_THEFT_DETECTED` error
- `createNewSession`: now takes `recipeUserId` instead of `userId`
- Removed `validateClaimsInJWTPayload`
- `revokeAllSessionsForUser` now takes an optional `revokeSessionsForLinkedAccounts` param
- `getAllSessionHandlesForUser` now takes an optional `fetchSessionsForAllLinkedAccounts` param
- `regenerateAccessToken` return value now includes `recipeUserId`
- `getGlobalClaimValidators` and `validateClaims` now get a new `recipeUserId` param
- Added `getRecipeUserId` to the session class
- ThirdParty:
- The `signInUp` override:
- gets a new `isVerified` param
- can return new status: `SIGN_IN_UP_NOT_ALLOWED`
- `manuallyCreateOrUpdateUser`:
- gets a new `isVerified` param
- can return new statuses: `EMAIL_CHANGE_NOT_ALLOWED_ERROR`, `SIGN_IN_UP_NOT_ALLOWED`
- Removed `getUserByThirdPartyInfo`, `getUsersByEmail`, `getUserById`
- `signInUpPOST` can now return `SIGN_IN_UP_NOT_ALLOWED`
- ThirdPartyEmailPassword:
- Removed `getUserByThirdPartyInfo`, `getUsersByEmail`, `getUserById`
- `thirdPartyManuallyCreateOrUpdateUser`:
- now get a new `isVerified` param
- can return new statuses: `EMAIL_CHANGE_NOT_ALLOWED_ERROR`, `SIGN_IN_UP_NOT_ALLOWED`
- The `thirdPartySignInUp` override:
- now get a new `isVerified` param
- can return new status: `SIGN_IN_UP_NOT_ALLOWED`
- `email` was added to the input of `createResetPasswordToken` , `sendResetPasswordEmail`, `createResetPasswordLink`
- added an overrideable `createNewEmailPasswordRecipeUser` function that is called during email password sign up and in the “invitation link” flow
- added `consumePasswordResetToken`
- `updateEmailOrPassword` :
- now takes `recipeUserId` instead of `userId`
- can return the new `EMAIL_CHANGE_NOT_ALLOWED_ERROR` status
- added an overrideable `createNewEmailPasswordRecipeUser` function that is called during sign up and in the “invitation link” flow
- `emailPasswordSignIn`:
- returns `recipeUserId`
- `emailPasswordSignUp`:
- returns `recipeUserId`
- `emailPasswordSignInPOST`:
- can return status `SIGN_IN_NOT_ALLOWED`
- `emailPasswordSignUpPOST`:
- can return status `SIGN_UP_NOT_ALLOWED`
- `generatePasswordResetTokenPOST`:
- can now return `PASSWORD_RESET_NOT_ALLOWED`
- `passwordResetPOST`:
- now returns the `user` and the `email` whose password was reset
- can now return `PASSWORD_POLICY_VIOLATED_ERROR`
- `thirdPartySignInUpPOST` can now return `SIGN_IN_UP_NOT_ALLOWED`
- ThirdPartyPasswordless:
- Removed `getUserByThirdPartyInfo`, `getUsersByEmail`, `getUserByPhoneNumber`, `getUserById`
- `thirdPartyManuallyCreateOrUpdateUser`:
- gets a new `isVerified` param
- can return new statuses: `EMAIL_CHANGE_NOT_ALLOWED_ERROR`, `SIGN_IN_UP_NOT_ALLOWED`
- The `thirdPartySignInUp` override:
- gets a new `isVerified` param
- can return new status: `SIGN_IN_UP_NOT_ALLOWED`
- `updatePasswordlessUser`:
- now takes `recipeUserId` instead of `userId`
- can return `"EMAIL_CHANGE_NOT_ALLOWED_ERROR` and `PHONE_NUMBER_CHANGE_NOT_ALLOWED_ERROR` statuses
- `thirdPartySignInUpPOST` can now return `SIGN_IN_UP_NOT_ALLOWED`
- `createCodePOST` and `consumeCodePOST` can now return `SIGN_IN_UP_NOT_ALLOWED`
- Multitenancy:
- `associateUserToTenant` can now return `ASSOCIATION_NOT_ALLOWED_ERROR`
- `associateUserToTenant` and `disassociateUserFromTenant` now take `RecipeUserId` instead of a string user id

### Changes

- Added `RecipeUserId` and a generic `User` class
- Added `getUser`, `listUsersByAccountInfo`, `convertToRecipeUserId` to the main exports
- Updated compilation target of typescript to ES2017 to make debugging easier.
- Added account-linking recipe

### Migration guide

#### New User structure

We've added a generic `User` class instead of the old recipe specific ones. The mapping of old props to new in case you are not using account-linking:

- `user.id` stays `user.id` (or `user.loginMethods[0].recipeUserId` in case you need `RecipeUserId`)
- `user.email` becomes `user.emails[0]`
- `user.phoneNumber` becomes `user.phoneNumbers[0]`
- `user.thirdParty` becomes `user.thirdParty[0]`
- `user.timeJoined` is still `user.timeJoined`
- `user.tenantIds` is still `user.tenantIds`

#### RecipeUserId

Some functions now require you to pass a `RecipeUserId` instead of a string user id. If you are using our auth recipes, you can find the recipeUserId as: `user.loginMethods[0].recipeUserId` (you'll need to worry about selecting the right login method after enabling account linking). Alternatively, if you already have a string user id you can convert it to a `RecipeUserId` using `supertokens.convertToRecipeUserId(userIdString)`

#### Checking if a user signed up or signed in

- In the emailpassword sign up / passwordless consumeCode / social login signinup APIs, you can check if a user signed up by:

```
// Here res refers to the result the function/api functions mentioned above.
const isNewUser = res.createdNewRecipeUser && res.user.loginMethod.length === 1;
```

- You can check if a new primary user was created by `EmailPassword.signUp`, `signUpPOST` or `createNewRecipeUser` (and their ThirdParyEmailPassword counterparts) by:

```
const isNewPrimaryUser = res.user.loginMethod.length === 1;
```
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

huh? Not sure why this is needed. Did you mean that you can check if a new user signed in?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this is different from the above, since EP signup doesn't have createdNewRecipeUser


#### Changing user emails

- We recommend that you check if the email change of a user is allowed, before calling the update function
- Check [here](https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/change-email-post-login) for more information

```
import {isEmailChangeAllowed} from "supertokens-node/recipe/accountlinking";
/// ...
app.post("/change-email", verifySession(), async (req: SessionRequest, res: express.Response) => {
let session = req.session!;
let email = req.body.email;

// ...
if (!(await isEmailChangeAllowed(session.getRecipeUserId(), email, false))) {
// this can come here if you have enabled the account linking feature, and
// if there is a security risk in changing this user's email.
}

// Update the email
let resp = await ThirdPartyEmailPassword.updateEmailOrPassword({
recipeUserId: session.getRecipeUserId(),
email: email,
});
// ...
});
```

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to have a section on frontend / core migration needed - that these are the versions of the frontend and core.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The supported FE version didn't change if you are not using account linking, and the core is mentioned above. I can add a section/link here pointing to the account linking recipe docs.

## [15.2.0] - 2023-09-11

### Added
Expand Down
2 changes: 1 addition & 1 deletion coreDriverInterfaceSupported.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{
"_comment": "contains a list of core-driver interfaces branch names that this core supports",
"versions": ["3.0"]
"versions": ["4.0"]
}
1 change: 0 additions & 1 deletion docs/.nojekyll
View file
Open in desktop

This file was deleted.

Loading
Loading