Update resend otp

2023-07-23 10:03:37 +05:30
parent 6077702626
commit 27e3ed82e4
20 changed files with 162 additions and 130 deletions
--- a/server/resolvers/login.go
+++ b/server/resolvers/login.go
@@ -106,7 +106,7 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 	}

 	isMFADisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMultiFactorAuthentication)
-	if err != nil || !isEmailServiceEnabled {
+	if err != nil || !isMFADisabled {
 		log.Debug("MFA service not enabled: ", err)
 	}

--- a/server/resolvers/mobile_login.go
+++ b/server/resolvers/mobile_login.go
@@ -95,24 +95,33 @@ func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*m
 		roles = params.Roles
 	}

-	disablePhoneVerification, _ := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisablePhoneVerification)
+	disablePhoneVerification, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisablePhoneVerification)
+	if err != nil {
+		log.Debug("Error getting disable phone verification: ", err)
+	}
 	if disablePhoneVerification {
 		now := time.Now().Unix()
 		user.PhoneNumberVerifiedAt = &now
 	}
-	if !disablePhoneVerification {
+	isSMSServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsSMSServiceEnabled)
+	if err != nil || !isSMSServiceEnabled {
+		log.Debug("SMS service not enabled: ", err)
+	}
+	if disablePhoneVerification {
+		now := time.Now().Unix()
+		user.PhoneNumberVerifiedAt = &now
+	}
+	isMFADisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMultiFactorAuthentication)
+	if err != nil || !isMFADisabled {
+		log.Debug("MFA service not enabled: ", err)
+	}
+	if !disablePhoneVerification && isSMSServiceEnabled && !isMFADisabled {
 		duration, _ := time.ParseDuration("10m")
 		smsCode := utils.GenerateOTP()

 		smsBody := strings.Builder{}
 		smsBody.WriteString("Your verification code is: ")
 		smsBody.WriteString(smsCode)
-
-		// TODO: For those who enabled the webhook to call their sms vendor separately - sending the otp to their api
-		if err != nil {
-			log.Debug("error while upserting user: ", err.Error())
-			return nil, err
-		}
 		_, err := db.Provider.UpsertOTP(ctx, &models.OTP{
 			PhoneNumber: params.PhoneNumber,
 			Otp:         smsCode,
@@ -123,7 +132,7 @@ func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*m
 			return nil, err
 		}
 		go func() {
-
+			utils.RegisterEvent(ctx, constants.UserLoginWebhookEvent, constants.AuthRecipeMethodMobileBasicAuth, *user)
 			smsproviders.SendSMS(params.PhoneNumber, smsBody.String())
 		}()
 		return &model.AuthResponse{
@@ -137,50 +146,6 @@ func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*m
 		scope = params.Scope
 	}

-	/*
-		// TODO use sms authentication for MFA
-		isEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
-		if err != nil || !isEmailServiceEnabled {
-			log.Debug("Email service not enabled: ", err)
-		}
-
-		isMFADisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMultiFactorAuthentication)
-		if err != nil || !isEmailServiceEnabled {
-			log.Debug("MFA service not enabled: ", err)
-		}
-
-		// If email service is not enabled continue the process in any way
-		if refs.BoolValue(user.IsMultiFactorAuthEnabled) && isEmailServiceEnabled && !isMFADisabled {
-			otp := utils.GenerateOTP()
-			otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
-				Email:     user.Email,
-				Otp:       otp,
-				ExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
-			})
-			if err != nil {
-				log.Debug("Failed to add otp: ", err)
-				return nil, err
-			}
-
-			go func() {
-				// exec it as go routine so that we can reduce the api latency
-				go email.SendEmail([]string{params.PhoneNumber}, constants.VerificationTypeOTP, map[string]interface{}{
-					"user":         user.ToMap(),
-					"organization": utils.GetOrganization(),
-					"otp":          otpData.Otp,
-				})
-				if err != nil {
-					log.Debug("Failed to send otp email: ", err)
-				}
-			}()
-
-			return &model.AuthResponse{
-				Message:             "Please check the OTP in your inbox",
-				ShouldShowOtpScreen: refs.NewBoolRef(true),
-			}, nil
-		}
-	*/
-
 	code := ""
 	codeChallenge := ""
 	nonce := ""
--- a/server/resolvers/mobile_signup.go
+++ b/server/resolvers/mobile_signup.go
@@ -187,6 +187,10 @@ func MobileSignupResolver(ctx context.Context, params *model.MobileSignUpInput)
 		now := time.Now().Unix()
 		user.PhoneNumberVerifiedAt = &now
 	}
+	isSMSServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsSMSServiceEnabled)
+	if err != nil || !isSMSServiceEnabled {
+		log.Debug("SMS service not enabled: ", err)
+	}

 	user.SignupMethods = constants.AuthRecipeMethodMobileBasicAuth
 	user, err = db.Provider.AddUser(ctx, user)
@@ -195,7 +199,7 @@ func MobileSignupResolver(ctx context.Context, params *model.MobileSignUpInput)
 		log.Debug("Failed to add user: ", err)
 		return res, err
 	}
-	if !disablePhoneVerification {
+	if !disablePhoneVerification && isSMSServiceEnabled {
 		duration, _ := time.ParseDuration("10m")
 		smsCode := utils.GenerateOTP()

--- a/server/resolvers/resend_otp.go
+++ b/server/resolvers/resend_otp.go
@@ -12,23 +12,49 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/email"
+	emailHelper "github.com/authorizerdev/authorizer/server/email"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/refs"
+	"github.com/authorizerdev/authorizer/server/smsproviders"
 	"github.com/authorizerdev/authorizer/server/utils"
 )

 // ResendOTPResolver is a resolver for resend otp mutation
 func ResendOTPResolver(ctx context.Context, params model.ResendOTPRequest) (*model.Response, error) {
+	email := strings.ToLower(strings.Trim(refs.StringValue(params.Email), " "))
+	phoneNumber := strings.Trim(refs.StringValue(params.PhoneNumber), " ")
 	log := log.WithFields(log.Fields{
-		"email": params.Email,
+		"email":        email,
+		"phone_number": phoneNumber,
 	})
-	params.Email = strings.ToLower(params.Email)
-	user, err := db.Provider.GetUserByEmail(ctx, params.Email)
+	if email == "" && phoneNumber == "" {
+		log.Debug("Email or phone number is required")
+		return nil, errors.New("email or phone number is required")
+	}
+	var user models.User
+	var err error
+	if email != "" {
+		isEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
+		if err != nil || !isEmailServiceEnabled {
+			log.Debug("Email service not enabled: ", err)
+			return nil, errors.New("email service not enabled")
+		}
+		user, err = db.Provider.GetUserByEmail(ctx, email)
+	} else {
+		isSMSServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
+		if err != nil || !isSMSServiceEnabled {
+			log.Debug("Email service not enabled: ", err)
+			return nil, errors.New("email service not enabled")
+		}
+		// TODO fix after refs fixes
+		var u *models.User
+		u, err = db.Provider.GetUserByPhoneNumber(ctx, phoneNumber)
+		user = *u
+	}
 	if err != nil {
 		log.Debug("Failed to get user by email: ", err)
-		return nil, fmt.Errorf(`user with this email not found`)
+		return nil, fmt.Errorf(`user with this email/phone not found`)
 	}

 	if user.RevokedTimestamp != nil {
@@ -36,35 +62,38 @@ func ResendOTPResolver(ctx context.Context, params model.ResendOTPRequest) (*mod
 		return nil, fmt.Errorf(`user access has been revoked`)
 	}

-	if user.EmailVerifiedAt == nil {
+	if email != "" && user.EmailVerifiedAt == nil {
 		log.Debug("User email is not verified")
 		return nil, fmt.Errorf(`email not verified`)
 	}

+	if phoneNumber != "" && user.PhoneNumberVerifiedAt == nil {
+		log.Debug("User phone number is not verified")
+		return nil, fmt.Errorf(`phone number not verified`)
+	}
+
 	if !refs.BoolValue(user.IsMultiFactorAuthEnabled) {
 		log.Debug("User multi factor authentication is not enabled")
 		return nil, fmt.Errorf(`multi factor authentication not enabled`)
 	}

-	isEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
-	if err != nil || !isEmailServiceEnabled {
-		log.Debug("Email service not enabled: ", err)
-		return nil, errors.New("email service not enabled")
-	}
-
 	isMFADisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMultiFactorAuthentication)
 	if err != nil || isMFADisabled {
 		log.Debug("MFA service not enabled: ", err)
 		return nil, errors.New("multi factor authentication is disabled for this instance")
 	}

-	// get otp by email
-	otpData, err := db.Provider.GetOTPByEmail(ctx, params.Email)
+	// get otp by email or phone number
+	var otpData *models.OTP
+	if email != "" {
+		otpData, err = db.Provider.GetOTPByEmail(ctx, refs.StringValue(params.Email))
+	} else {
+		otpData, err = db.Provider.GetOTPByPhoneNumber(ctx, refs.StringValue(params.PhoneNumber))
+	}
 	if err != nil {
 		log.Debug("Failed to get otp for given email: ", err)
 		return nil, err
 	}
-
 	if otpData == nil {
 		log.Debug("No otp found for given email: ", params.Email)
 		return &model.Response{
@@ -73,28 +102,30 @@ func ResendOTPResolver(ctx context.Context, params model.ResendOTPRequest) (*mod
 	}

 	otp := utils.GenerateOTP()
-	otpData, err = db.Provider.UpsertOTP(ctx, &models.OTP{
+	if _, err := db.Provider.UpsertOTP(ctx, &models.OTP{
 		Email:     user.Email,
 		Otp:       otp,
 		ExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
-	})
-	if err != nil {
-		log.Debug("Error generating new otp: ", err)
+	}); err != nil {
+		log.Debug("Error upserting otp: ", err)
 		return nil, err
 	}

-	go func() {
+	if email != "" {
 		// exec it as go routine so that we can reduce the api latency
-		go email.SendEmail([]string{params.Email}, constants.VerificationTypeOTP, map[string]interface{}{
+		go emailHelper.SendEmail([]string{email}, constants.VerificationTypeOTP, map[string]interface{}{
 			"user":         user.ToMap(),
 			"organization": utils.GetOrganization(),
 			"otp":          otp,
 		})
-		if err != nil {
-			log.Debug("Error sending otp email: ", otp)
-		}
-	}()
-
+	} else {
+		smsBody := strings.Builder{}
+		smsBody.WriteString("Your verification code is: ")
+		smsBody.WriteString(otp)
+		// exec it as go routine so that we can reduce the api latency
+		go smsproviders.SendSMS(phoneNumber, smsBody.String())
+	}
+	log.Info("OTP has been resent")
 	return &model.Response{
 		Message: `OTP has been sent. Please check your inbox`,
 	}, nil
--- a/server/resolvers/update_env.go
+++ b/server/resolvers/update_env.go
@@ -267,6 +267,13 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
 		updatedData[constants.EnvKeyIsEmailServiceEnabled] = true
 	}

+	if updatedData[constants.EnvKeyTwilioAPIKey] == "" || updatedData[constants.EnvKeyTwilioAPISecret] == "" || updatedData[constants.EnvKeyTwilioAccountSID] == "" || updatedData[constants.EnvKeyTwilioSender] == "" {
+		updatedData[constants.EnvKeyIsSMSServiceEnabled] = false
+		if !updatedData[constants.EnvKeyIsSMSServiceEnabled].(bool) {
+			updatedData[constants.EnvKeyDisablePhoneVerification] = true
+		}
+	}
+
 	if !currentData[constants.EnvKeyEnforceMultiFactorAuthentication].(bool) && updatedData[constants.EnvKeyEnforceMultiFactorAuthentication].(bool) && !updatedData[constants.EnvKeyDisableMultiFactorAuthentication].(bool) {
 		go db.Provider.UpdateUsers(ctx, map[string]interface{}{
 			"is_multi_factor_auth_enabled": true,