refactor: future-proof code verifier check on sign in (#363)

This commit is contained in:
Mo 2022-12-07 07:58:26 -06:00 committed by GitHub
parent 8ec1311dfc
commit 8c99469d88
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 3 deletions

6
.prettierrc Normal file
View file

@ -0,0 +1,6 @@
{
"singleQuote": true,
"trailingComma": "all",
"printWidth": 120,
"semi": false
}

View file

@ -98,7 +98,29 @@ describe('SignIn', () => {
expect(domainEventPublisher.publish).toHaveBeenCalled()
})
it('should not sign in a user without code verifier', async () => {
it('should not sign in 004 user without code verifier', async () => {
expect(
await createUseCase().execute({
email: 'test@test.te',
password: 'qweqwe123123',
userAgent: 'Google Chrome',
apiVersion: '20190520',
ephemeralSession: false,
}),
).toEqual({
success: false,
errorCode: 410,
errorMessage: 'Please update your client application.',
})
})
it('should not sign in 005 user without code verifier', async () => {
user = {
uuid: '1-2-3',
email: 'test@test.com',
version: '005',
} as jest.Mocked<User>
expect(
await createUseCase().execute({
email: 'test@test.te',

View file

@ -15,7 +15,7 @@ import { UseCaseInterface } from './UseCaseInterface'
import { PKCERepositoryInterface } from '../User/PKCERepositoryInterface'
import { CrypterInterface } from '../Encryption/CrypterInterface'
import { SignInDTOV2Challenged } from './SignInDTOV2Challenged'
import { ProtocolVersion } from '@standardnotes/common'
import { leftVersionGreaterThanOrEqualToRight, ProtocolVersion } from '@standardnotes/common'
import { HttpStatusCode } from '@standardnotes/api'
import { EmailLevel } from '@standardnotes/domain-core'
import { getBody, getSubject } from '../Email/UserSignedIn'
@ -59,7 +59,12 @@ export class SignIn implements UseCaseInterface {
}
}
if (user.version === ProtocolVersion.V004 && !performingCodeChallengedSignIn) {
const userVersionIs004OrGreater = leftVersionGreaterThanOrEqualToRight(
user.version as ProtocolVersion,
ProtocolVersion.V004,
)
if (userVersionIs004OrGreater && !performingCodeChallengedSignIn) {
return {
success: false,
errorMessage: 'Please update your client application.',