refactor: future-proof code verifier check on sign in (#363)

2022-12-07 07:58:26 -06:00 · 2022-12-07 07:58:26 -06:00 · 8c99469d88
commit 8c99469d88
parent 8ec1311dfc
3 changed files with 36 additions and 3 deletions
--- a/.prettierrc
+++ b/.prettierrc
@ -0,0 +1,6 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all",
+  "printWidth": 120,
+  "semi": false
+}
--- a/packages/auth/src/Domain/UseCase/SignIn.spec.ts
+++ b/packages/auth/src/Domain/UseCase/SignIn.spec.ts
@ -98,7 +98,29 @@ describe('SignIn', () => {
    expect(domainEventPublisher.publish).toHaveBeenCalled()
  })

-  it('should not sign in a user without code verifier', async () => {
+  it('should not sign in 004 user without code verifier', async () => {
+    expect(
+      await createUseCase().execute({
+        email: 'test@test.te',
+        password: 'qweqwe123123',
+        userAgent: 'Google Chrome',
+        apiVersion: '20190520',
+        ephemeralSession: false,
+      }),
+    ).toEqual({
+      success: false,
+      errorCode: 410,
+      errorMessage: 'Please update your client application.',
+    })
+  })
+
+  it('should not sign in 005 user without code verifier', async () => {
+    user = {
+      uuid: '1-2-3',
+      email: 'test@test.com',
+      version: '005',
+    } as jest.Mocked<User>
+
    expect(
      await createUseCase().execute({
        email: 'test@test.te',
--- a/packages/auth/src/Domain/UseCase/SignIn.ts
+++ b/packages/auth/src/Domain/UseCase/SignIn.ts
@ -15,7 +15,7 @@ import { UseCaseInterface } from './UseCaseInterface'
 import { PKCERepositoryInterface } from '../User/PKCERepositoryInterface'
 import { CrypterInterface } from '../Encryption/CrypterInterface'
 import { SignInDTOV2Challenged } from './SignInDTOV2Challenged'
-import { ProtocolVersion } from '@standardnotes/common'
+import { leftVersionGreaterThanOrEqualToRight, ProtocolVersion } from '@standardnotes/common'
 import { HttpStatusCode } from '@standardnotes/api'
 import { EmailLevel } from '@standardnotes/domain-core'
 import { getBody, getSubject } from '../Email/UserSignedIn'
@ -59,7 +59,12 @@ export class SignIn implements UseCaseInterface {
      }
    }

-    if (user.version === ProtocolVersion.V004 && !performingCodeChallengedSignIn) {
+    const userVersionIs004OrGreater = leftVersionGreaterThanOrEqualToRight(
+      user.version as ProtocolVersion,
+      ProtocolVersion.V004,
+    )
+
+    if (userVersionIs004OrGreater && !performingCodeChallengedSignIn) {
      return {
        success: false,
        errorMessage: 'Please update your client application.',