From 8c99469d8853ab949081758f13d39e77ee1cf9a3 Mon Sep 17 00:00:00 2001
From: Mo <mo@standardnotes.com>
Date: Wed, 7 Dec 2022 07:58:26 -0600
Subject: [PATCH] refactor: future-proof code verifier check on sign in (#363)

---
 .prettierrc                                   |  6 +++++
 .../auth/src/Domain/UseCase/SignIn.spec.ts    | 24 ++++++++++++++++++-
 packages/auth/src/Domain/UseCase/SignIn.ts    |  9 +++++--
 3 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 .prettierrc

diff --git a/.prettierrc b/.prettierrc
new file mode 100644
index 000000000..c9cb3989c
--- /dev/null
+++ b/.prettierrc
@@ -0,0 +1,6 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all",
+  "printWidth": 120,
+  "semi": false
+}
diff --git a/packages/auth/src/Domain/UseCase/SignIn.spec.ts b/packages/auth/src/Domain/UseCase/SignIn.spec.ts
index f6496ed63..fa441de0f 100644
--- a/packages/auth/src/Domain/UseCase/SignIn.spec.ts
+++ b/packages/auth/src/Domain/UseCase/SignIn.spec.ts
@@ -98,7 +98,29 @@ describe('SignIn', () => {
     expect(domainEventPublisher.publish).toHaveBeenCalled()
   })
 
-  it('should not sign in a user without code verifier', async () => {
+  it('should not sign in 004 user without code verifier', async () => {
+    expect(
+      await createUseCase().execute({
+        email: 'test@test.te',
+        password: 'qweqwe123123',
+        userAgent: 'Google Chrome',
+        apiVersion: '20190520',
+        ephemeralSession: false,
+      }),
+    ).toEqual({
+      success: false,
+      errorCode: 410,
+      errorMessage: 'Please update your client application.',
+    })
+  })
+
+  it('should not sign in 005 user without code verifier', async () => {
+    user = {
+      uuid: '1-2-3',
+      email: 'test@test.com',
+      version: '005',
+    } as jest.Mocked<User>
+
     expect(
       await createUseCase().execute({
         email: 'test@test.te',
diff --git a/packages/auth/src/Domain/UseCase/SignIn.ts b/packages/auth/src/Domain/UseCase/SignIn.ts
index ab1449089..251a8f55e 100644
--- a/packages/auth/src/Domain/UseCase/SignIn.ts
+++ b/packages/auth/src/Domain/UseCase/SignIn.ts
@@ -15,7 +15,7 @@ import { UseCaseInterface } from './UseCaseInterface'
 import { PKCERepositoryInterface } from '../User/PKCERepositoryInterface'
 import { CrypterInterface } from '../Encryption/CrypterInterface'
 import { SignInDTOV2Challenged } from './SignInDTOV2Challenged'
-import { ProtocolVersion } from '@standardnotes/common'
+import { leftVersionGreaterThanOrEqualToRight, ProtocolVersion } from '@standardnotes/common'
 import { HttpStatusCode } from '@standardnotes/api'
 import { EmailLevel } from '@standardnotes/domain-core'
 import { getBody, getSubject } from '../Email/UserSignedIn'
@@ -59,7 +59,12 @@ export class SignIn implements UseCaseInterface {
       }
     }
 
-    if (user.version === ProtocolVersion.V004 && !performingCodeChallengedSignIn) {
+    const userVersionIs004OrGreater = leftVersionGreaterThanOrEqualToRight(
+      user.version as ProtocolVersion,
+      ProtocolVersion.V004,
+    )
+
+    if (userVersionIs004OrGreater && !performingCodeChallengedSignIn) {
       return {
         success: false,
         errorMessage: 'Please update your client application.',