Add new use cases to authorize user, register SPs, and get id tokens #22
Conversation
| authorizeUserDTO = { | ||
| req: httpMocks.createRequest(), | ||
| params: { | ||
| client_id: 'i291u92jksdn', |
There was a problem hiding this comment.
are the ids supposed to be hex strings or just any alphanumeric string?
There was a problem hiding this comment.
Hex strings, but since it doesn't matter for the controller unit test I just made it that. Adding use-case unit tests soon.
There was a problem hiding this comment.
I think the test should reflect real life then and use a hex string. (I'm a massive hypocrite because waterpark is filled with unrealistic test IDs)
| jest.mock('../authorize-user-use-case') | ||
| jest.mock('../authorize-user-use-case') |
There was a problem hiding this comment.
Seeing double
| jest.mock('../authorize-user-use-case') | |
| jest.mock('../authorize-user-use-case') | |
| jest.mock('../authorize-user-use-case') |
There was a problem hiding this comment.
BTW I've noticed that jest.mock doesn't actually need to be called if we use jest.spyOn on the object rather than on its class prototype.
i.e. here, you can set up a variable authorizeUserUseCase = authorizeUser.authorizeUserUseCase, then call jest.spyOn(authorizeUserUseCase, 'execute') instead of jest.spyOn(AuthorizeUserUseCase.prototype, 'execute').
| authorizeUserDTO = { | ||
| req: httpMocks.createRequest(), | ||
| params: { | ||
| client_id: 'i291u92jksdn', |
There was a problem hiding this comment.
I think the test should reflect real life then and use a hex string. (I'm a massive hypocrite because waterpark is filled with unrealistic test IDs)
| }).options({ abortEarly: false }) | ||
|
|
||
| export const AuthorizeUserDTOSchema = Joi.object<AuthorizeUserDTO>({ | ||
| req: Joi.object().required(), |
There was a problem hiding this comment.
If I understand correctly, the req object is only needed for its .user field. Can we narrow this part of the schema then?
There was a problem hiding this comment.
The issue is that by narrowing the schema at this point, I wouldn't be able to redirect the user to /login if the user doesn't exist, like done in the use-case (we return a 400 for all schema errors currently). The overridable method you showed me earlier would let me change that. Is that something I should include here?
There was a problem hiding this comment.
Since loolabs/waterpark#221 is merged now, feel free to copy over https://github.com/loolabs/waterpark/blob/main/server/src/shared/app/typed-controller.ts and its dependencies to try it out. A word of warning -- it uses Zod. You might be able to modify it to use Joi validation.
| } | ||
| const authCode = AuthCode.create({ | ||
| clientId: params.client_id, | ||
| userId: user.userId.id.toString(), |
There was a problem hiding this comment.
userId.id? I think we changed something in waterpark to reduce the level of object nesting here. cc @KTong821
| @@ -60,47 +54,41 @@ export class CreateUserUseCase implements UseCaseWithDTO<CreateUserDTO, CreateUs | |||
| try { | |||
| const userAlreadyExists = await this.userRepo.exists(email) | |||
|
|
|||
| if (userAlreadyExists && userAlreadyExists.isOk()){ | |||
| if (userAlreadyExists && userAlreadyExists.isOk()) { | |||
There was a problem hiding this comment.
I'm pretty sure userAlreadyExists is always truthy. Did you mean
| if (userAlreadyExists && userAlreadyExists.isOk()) { | |
| if (userAlreadyExists.isOk() && userAlreadyExists.value) { |
| return Result.err(new AppError.UnexpectedError(updatedUser.error.message)) | ||
|
|
||
| if(!dto.params || !dto.params.scope){ | ||
| if (!dto.params || !dto.params.scope) { |
There was a problem hiding this comment.
I think there was discussion in the past about spliting the use case into separate use cases, and then moving this if/else splitting into the controller to decide which use case to call
There was a problem hiding this comment.
You're right - will add that when I add the /logout use-case. Coming soon to a commit near you.
| super() | ||
| this.message = `No account with the id ${id} exists` |
There was a problem hiding this comment.
| super() | |
| this.message = `No account with the id ${id} exists` | |
| super(`No account with the id ${id} exists`) |
| super() | ||
| this.message = `Incorrect email/password combination provided.` |
There was a problem hiding this comment.
| super() | |
| this.message = `Incorrect email/password combination provided.` | |
| super(`Incorrect email/password combination provided.`) |
| public constructor(hashedValue?: string) { | ||
| if(hashedValue){ | ||
| if (hashedValue) { |
There was a problem hiding this comment.
you might run into truthiness problems with empty strings
| if (hashedValue) { | |
| if (hashedValue !== undefined) { |
| private getRandomCode() { | ||
| /*motivation for a 256 bit (= 32 byte) crypographic key can be found here | ||
| /*motivation for a 256 bit (= 32 byte) cryptographic key can be found here | ||
| https://www.geeksforgeeks.org/node-js-crypto-randombytes-method/ | ||
| */ | ||
| const authCodeBuffer = crypto.randomBytes(32) | ||
| return authCodeBuffer.toString('hex') | ||
| } |
There was a problem hiding this comment.
this function can just be an unexported global function in this file, rather than a member method
| res.redirect(params.getFormattedUrlWithParams(url)) | ||
| return res |
There was a problem hiding this comment.
I'm curious what the change here does; what is the difference between the two implementations?
There was a problem hiding this comment.
It was overwriting the 302 redirect status of the res. This status code is what instructs the frontend browser to change its page target.
| if(len(sys.argv)!=2): | ||
| print("Invalid number of cmd line arguments provided.") | ||
| client_id = base64.b64decode(sys.argv[1]) |
There was a problem hiding this comment.
no need to reinvent the wheel, let's use argparse instead
| const createUserErr = createUserResult as Err< | ||
| CreateUserSuccess, | ||
| UserValueObjectErrors.InvalidEmail | ||
| > | ||
| expect(createUserErr.error instanceof UserValueObjectErrors.InvalidEmail).toBe(true) |
There was a problem hiding this comment.
another (also-ugly, but typesafe) way to do it is
| const createUserErr = createUserResult as Err< | |
| CreateUserSuccess, | |
| UserValueObjectErrors.InvalidEmail | |
| > | |
| expect(createUserErr.error instanceof UserValueObjectErrors.InvalidEmail).toBe(true) | |
| if (!createUserResult.isErr()) throw new Error('this is impossible') | |
| expect(createUserResult.error instanceof UserValueObjectErrors.InvalidEmail).toBe(true) |
| super() | ||
| this.message = `The provided client name ${clientName} is already in use.` |
There was a problem hiding this comment.
| super() | |
| this.message = `The provided client name ${clientName} is already in use.` | |
| super(`The provided client name ${clientName} is already in use.`) |
|
|
||
| export const getTokenDTOSchema = Joi.object<GetTokenDTO>({ | ||
| //Example: Authorization: Basic 3904238orfiefiekfhjri3u24r789 | ||
| authHeader: Joi.string().pattern(new RegExp('^Basic .+$')).required(), |
There was a problem hiding this comment.
I think the regex could be a bit more specific than that
| super() | ||
| this.message = `Incorrect authentication credentials provided.` |
There was a problem hiding this comment.
| super() | |
| this.message = `Incorrect authentication credentials provided.` | |
| super(`Incorrect authentication credentials provided.`) |
| export const loginUserDTOParamsSchema = Joi.object<LoginUserDTOParams>({ | ||
| client_id: Joi.string().required(), | ||
| scope: Joi.string().required(), | ||
| response_type: Joi.string().required(), | ||
| redirect_uri: Joi.string().required() | ||
| }).options({ abortEarly: false }) | ||
|
|
There was a problem hiding this comment.
what is the reason for dropping this?
| @@ -30,29 +29,6 @@ describe('User AggregateRoot', () => { | |||
| expect(DomainEvents.markAggregateForDispatch).toBeCalled() | |||
| }) | |||
|
|
|||
| test('it adds a UserLoggedIn domain event on user login', () => { | |||
Closes #10, #11, #13.