Merge pull request #502 from nhost/bug/magic-link-registration

Magic Link validation fixes

src/routes/auth/login.ts

@@ -4,7 +4,7 @@ import { v4 as uuidv4 } from 'uuid'
 import { asyncWrapper, selectAccount } from '@shared/helpers'
 import { newJwtExpiry, createHasuraJwt } from '@shared/jwt'
 import { setRefreshToken } from '@shared/cookies'
-import { loginAnonymouslySchema, loginSchema, magicLinkLoginSchema } from '@shared/validation'
+import { loginAnonymouslySchema, loginSchema, loginSchemaMagicLink } from '@shared/validation'
 import { insertAccount, setNewTicket } from '@shared/queries'
 import { request } from '@shared/request'
 import { AccountData, UserData, Session } from '@shared/types'
@@ -69,7 +69,7 @@ async function loginAccount({ body, headers }: Request, res: Response): Promise<
   }
 
   // else, login users normally
-  const { password } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? magicLinkLoginSchema : loginSchema).validateAsync(body)
+  const { password } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? loginSchemaMagicLink : loginSchema).validateAsync(body)
 
   const account = await selectAccount(body)
 

src/routes/auth/register.ts

@@ -6,7 +6,7 @@ import { newJwtExpiry, createHasuraJwt } from '@shared/jwt'
 import { emailClient } from '@shared/email'
 import { insertAccount } from '@shared/queries'
 import { setRefreshToken } from '@shared/cookies'
-import { registerSchema, magicLinkRegisterSchema } from '@shared/validation'
+import { registerSchema, registerSchemaMagicLink } from '@shared/validation'
 import { request } from '@shared/request'
 import { v4 as uuidv4 } from 'uuid'
 import { InsertAccountData, UserData, Session } from '@shared/types'
@@ -21,7 +21,7 @@ async function registerAccount(req: Request, res: Response): Promise<unknown> {
     password,
     user_data = {},
     register_options = {}
-  } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? magicLinkRegisterSchema : registerSchema).validateAsync(body)
+  } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? registerSchemaMagicLink : registerSchema).validateAsync(body)
 
   if (await selectAccount(body)) {
     return res.boom.badRequest('Account already exists.')
@@ -169,4 +169,4 @@ async function registerAccount(req: Request, res: Response): Promise<unknown> {
   return res.send(session)
 }
 
-export default asyncWrapper(registerAccount)
+export default asyncWrapper(registerAccount)

src/shared/validation.ts

@@ -36,17 +36,19 @@ const extendedJoi: ExtendedJoi = Joi.extend((joi) => ({
   }
 }))
 
-const passwordRule = Joi.string().min(REGISTRATION.MIN_PASSWORD_LENGTH).max(128).required()
+const passwordRule = Joi.string().min(REGISTRATION.MIN_PASSWORD_LENGTH).max(128);
+const passwordRuleRequired = passwordRule.required();
 
 const emailRule = extendedJoi.string().email().required().allowedDomains()
 
 const accountFields = {
   email: emailRule,
-  password: passwordRule
+  password: passwordRuleRequired
 }
 
-const magicLinkAccountFields = {
+const accountFieldsMagicLink = {
   email: emailRule,
+  password: passwordRule
 }
 
 export const userDataFields = {
@@ -77,8 +79,8 @@ export const registerSchema = Joi.object({
   cookie: Joi.boolean()
 })
 
-export const magicLinkRegisterSchema = Joi.object({
-  ...magicLinkAccountFields,
+export const registerSchemaMagicLink = Joi.object({
+  ...accountFieldsMagicLink,
   ...userDataFields,
   cookie: Joi.boolean()
 })
@@ -127,8 +129,9 @@ export const loginSchema = extendedJoi.object({
   password: Joi.string().required(),
   cookie: Joi.boolean()
 })
-export const magicLinkLoginSchema = extendedJoi.object({
+export const loginSchemaMagicLink = extendedJoi.object({
   email: emailRule,
+  password: Joi.string(),
   cookie: Joi.boolean()
 })
 export const forgotSchema = Joi.object({ email: emailRule })