From 75b4ce3dde3290f70ad28044a5175cb182346936 Mon Sep 17 00:00:00 2001 From: elitan Date: Fri, 30 Apr 2021 16:37:53 +0200 Subject: [PATCH] Magic Link validation fixes --- src/routes/auth/login.ts | 4 ++-- src/routes/auth/register.ts | 6 +++--- src/shared/validation.ts | 15 +++++++++------ 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts index 040243f0..533cf205 100644 --- a/src/routes/auth/login.ts +++ b/src/routes/auth/login.ts @@ -4,7 +4,7 @@ import { v4 as uuidv4 } from 'uuid' import { asyncWrapper, selectAccount } from '@shared/helpers' import { newJwtExpiry, createHasuraJwt } from '@shared/jwt' import { setRefreshToken } from '@shared/cookies' -import { loginAnonymouslySchema, loginSchema, magicLinkLoginSchema } from '@shared/validation' +import { loginAnonymouslySchema, loginSchema, loginSchemaMagicLink } from '@shared/validation' import { insertAccount, setNewTicket } from '@shared/queries' import { request } from '@shared/request' import { AccountData, UserData, Session } from '@shared/types' @@ -69,7 +69,7 @@ async function loginAccount({ body, headers }: Request, res: Response): Promise< } // else, login users normally - const { password } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? magicLinkLoginSchema : loginSchema).validateAsync(body) + const { password } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? loginSchemaMagicLink : loginSchema).validateAsync(body) const account = await selectAccount(body) diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts index 78c624d2..50f2d1fc 100644 --- a/src/routes/auth/register.ts +++ b/src/routes/auth/register.ts @@ -6,7 +6,7 @@ import { newJwtExpiry, createHasuraJwt } from '@shared/jwt' import { emailClient } from '@shared/email' import { insertAccount } from '@shared/queries' import { setRefreshToken } from '@shared/cookies' -import { registerSchema, magicLinkRegisterSchema } from '@shared/validation' +import { registerSchema, registerSchemaMagicLink } from '@shared/validation' import { request } from '@shared/request' import { v4 as uuidv4 } from 'uuid' import { InsertAccountData, UserData, Session } from '@shared/types' @@ -21,7 +21,7 @@ async function registerAccount(req: Request, res: Response): Promise { password, user_data = {}, register_options = {} - } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? magicLinkRegisterSchema : registerSchema).validateAsync(body) + } = await (AUTHENTICATION.ENABLE_MAGIC_LINK ? registerSchemaMagicLink : registerSchema).validateAsync(body) if (await selectAccount(body)) { return res.boom.badRequest('Account already exists.') @@ -169,4 +169,4 @@ async function registerAccount(req: Request, res: Response): Promise { return res.send(session) } -export default asyncWrapper(registerAccount) \ No newline at end of file +export default asyncWrapper(registerAccount) diff --git a/src/shared/validation.ts b/src/shared/validation.ts index fdc4067c..0b90c5c5 100644 --- a/src/shared/validation.ts +++ b/src/shared/validation.ts @@ -36,17 +36,19 @@ const extendedJoi: ExtendedJoi = Joi.extend((joi) => ({ } })) -const passwordRule = Joi.string().min(REGISTRATION.MIN_PASSWORD_LENGTH).max(128).required() +const passwordRule = Joi.string().min(REGISTRATION.MIN_PASSWORD_LENGTH).max(128); +const passwordRuleRequired = passwordRule.required(); const emailRule = extendedJoi.string().email().required().allowedDomains() const accountFields = { email: emailRule, - password: passwordRule + password: passwordRuleRequired } -const magicLinkAccountFields = { +const accountFieldsMagicLink = { email: emailRule, + password: passwordRule } export const userDataFields = { @@ -77,8 +79,8 @@ export const registerSchema = Joi.object({ cookie: Joi.boolean() }) -export const magicLinkRegisterSchema = Joi.object({ - ...magicLinkAccountFields, +export const registerSchemaMagicLink = Joi.object({ + ...accountFieldsMagicLink, ...userDataFields, cookie: Joi.boolean() }) @@ -127,8 +129,9 @@ export const loginSchema = extendedJoi.object({ password: Joi.string().required(), cookie: Joi.boolean() }) -export const magicLinkLoginSchema = extendedJoi.object({ +export const loginSchemaMagicLink = extendedJoi.object({ email: emailRule, + password: Joi.string(), cookie: Joi.boolean() }) export const forgotSchema = Joi.object({ email: emailRule })