refactor: Replace TOTP_NOT_ENABLED_ERROR status and make deviceName optional

src/main/java/io/supertokens/inmemorydb/Start.java

@@ -68,7 +68,6 @@
 import io.supertokens.pluginInterface.totp.TOTPStorage;
 import io.supertokens.pluginInterface.totp.TOTPUsedCode;
 import io.supertokens.pluginInterface.totp.exception.DeviceAlreadyExistsException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.pluginInterface.totp.exception.UsedCodeAlreadyExistsException;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
@@ -1257,7 +1256,7 @@ public int countUsersEnabledTotpAndActiveSince(AppIdentifier appIdentifier, long
             throw new StorageQueryException(e);
         }
     }
-    
+
     @Override
     public int countUsersEnabledMfa(AppIdentifier appIdentifier) throws StorageQueryException {
         try {
@@ -1266,7 +1265,7 @@ public int countUsersEnabledMfa(AppIdentifier appIdentifier) throws StorageQuery
             throw new StorageQueryException(e);
         }
     }
-    
+
     @Override
     public int countUsersEnabledMfaAndActiveSince(AppIdentifier appIdentifier, long time)
             throws StorageQueryException {
@@ -2673,7 +2672,7 @@ public TOTPDevice[] getDevices_Transaction(TransactionConnection con, AppIdentif
     @Override
     public void insertUsedCode_Transaction(TransactionConnection con, TenantIdentifier tenantIdentifier,
                                            TOTPUsedCode usedCodeObj)
-            throws StorageQueryException, TotpNotEnabledException, UsedCodeAlreadyExistsException,
+            throws StorageQueryException, UnknownDeviceException, UsedCodeAlreadyExistsException,
             TenantOrAppNotFoundException {
         Connection sqlCon = (Connection) con.getConnection();
         try {
@@ -2687,7 +2686,7 @@ public void insertUsedCode_Transaction(TransactionConnection con, TenantIdentifi
                     Config.getConfig(this).getTotpUsersTable(),
                     new String[]{"app_id", "user_id"},
                     new Object[]{tenantIdentifier.getAppId(), usedCodeObj.userId})) {
-                throw new TotpNotEnabledException();
+                throw new UnknownDeviceException();
 
             } else if (isForeignKeyConstraintError(
                     e.getMessage(),

src/main/java/io/supertokens/totp/Totp.java

@@ -15,7 +15,6 @@
 import io.supertokens.pluginInterface.totp.TOTPDevice;
 import io.supertokens.pluginInterface.totp.TOTPUsedCode;
 import io.supertokens.pluginInterface.totp.exception.DeviceAlreadyExistsException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.pluginInterface.totp.exception.UsedCodeAlreadyExistsException;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
@@ -107,6 +106,11 @@ public static TOTPDevice registerDevice(AppIdentifierWithStorage appIdentifierWi
         }
 
         TOTPSQLStorage totpStorage = appIdentifierWithStorage.getTOTPStorage();
+
+        if (deviceName == null) {
+            TOTPDevice[] devices = totpStorage.getDevices(appIdentifierWithStorage, userId);
+            deviceName = "TOTP Device " + (devices.length + 1);
+        }
 
         String secret = generateSecret();
         TOTPDevice device = new TOTPDevice(userId, deviceName, secret, period, skew, false);
@@ -118,7 +122,7 @@ public static TOTPDevice registerDevice(AppIdentifierWithStorage appIdentifierWi
     private static void checkAndStoreCode(TenantIdentifierWithStorage tenantIdentifierWithStorage, Main main,
                                           String userId, TOTPDevice[] devices,
                                           String code)
-            throws InvalidTotpException, TotpNotEnabledException,
+            throws InvalidTotpException, UnknownDeviceException,
             LimitReachedException, StorageQueryException, StorageTransactionLogicException,
             TenantOrAppNotFoundException {
         // Note that the TOTP cron runs every 1 hour, so all the expired tokens can stay
@@ -241,7 +245,7 @@ private static void checkAndStoreCode(TenantIdentifierWithStorage tenantIdentifi
                         try {
                             totpSQLStorage.insertUsedCode_Transaction(con, tenantIdentifierWithStorage, newCode);
                             totpSQLStorage.commitTransaction(con);
-                        } catch (UsedCodeAlreadyExistsException | TotpNotEnabledException e) {
+                        } catch (UsedCodeAlreadyExistsException | UnknownDeviceException e) {
                             throw new StorageTransactionLogicException(e);
                         }
 
@@ -264,8 +268,8 @@ private static void checkAndStoreCode(TenantIdentifierWithStorage tenantIdentifi
                     throw (LimitReachedException) e.actualException;
                 } else if (e.actualException instanceof InvalidTotpException) {
                     throw (InvalidTotpException) e.actualException;
-                } else if (e.actualException instanceof TotpNotEnabledException) {
-                    throw (TotpNotEnabledException) e.actualException;
+                } else if (e.actualException instanceof UnknownDeviceException) {
+                    throw (UnknownDeviceException) e.actualException;
                 } else if (e.actualException instanceof UsedCodeAlreadyExistsException) {
                     // retry the transaction after a small delay:
                     int delayInMs = (int) (Math.random() * 10 + 1);
@@ -339,7 +343,7 @@ public static boolean verifyDevice(TenantIdentifierWithStorage tenantIdentifierW
         // This behaviour is okay so we can ignore it.
         try{
             checkAndStoreCode(tenantIdentifierWithStorage, main, userId, new TOTPDevice[]{matchingDevice}, code);
-        } catch (TotpNotEnabledException e) {
+        } catch (UnknownDeviceException e) {
             // User must have deleted the device in parallel.
             throw new UnknownDeviceException();
         }
@@ -393,7 +397,7 @@ public static void verifyCode(TenantIdentifierWithStorage tenantIdentifierWithSt
         // can ignore it.
         try{
             checkAndStoreCode(tenantIdentifierWithStorage, main, userId, devices, code);
-        } catch (TotpNotEnabledException e) {
+        } catch (UnknownDeviceException e) {
             // User must have deleted the device in parallel
             // since they cannot un-verify a device (no API exists)
             throw new InvalidTotpException();

src/main/java/io/supertokens/webserver/api/totp/CreateOrUpdateTotpDeviceAPI.java

@@ -41,7 +41,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
         JsonObject input = InputParser.parseJsonObjectOrThrowError(req);
 
         String userId = InputParser.parseStringOrThrowError(input, "userId", false);
-        String deviceName = InputParser.parseStringOrThrowError(input, "deviceName", false);
+        String deviceName = InputParser.parseStringOrThrowError(input, "deviceName", true);
         Integer skew = InputParser.parseIntOrThrowError(input, "skew", false);
         Integer period = InputParser.parseIntOrThrowError(input, "period", false);
 
@@ -51,7 +51,8 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
         if (userId.isEmpty()) {
             throw new ServletException(new BadRequestException("userId cannot be empty"));
         }
-        if (deviceName.isEmpty()) {
+        if (deviceName != null && deviceName.isEmpty()) {
+            // Only Null or valid device name are allowed
             throw new ServletException(new BadRequestException("deviceName cannot be empty"));
         }
         if (skew < 0) {
@@ -86,6 +87,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
             TOTPDevice device = Totp.registerDevice(appIdentifierWithStorage, main, userId, deviceName, skew, period);
 
             result.addProperty("status", "OK");
+            result.addProperty("deviceName", device.deviceName);
             result.addProperty("secret", device.secretKey);
             super.sendJsonResponse(200, result, resp);
         } catch (DeviceAlreadyExistsException e) {

src/test/java/io/supertokens/test/StorageLayerTest.java

@@ -11,7 +11,7 @@
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 import io.supertokens.pluginInterface.totp.TOTPDevice;
 import io.supertokens.pluginInterface.totp.TOTPUsedCode;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
+import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.pluginInterface.totp.exception.UsedCodeAlreadyExistsException;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
 import io.supertokens.storageLayer.StorageLayer;
@@ -47,15 +47,15 @@ public static void insertUsedCodeUtil(TOTPSQLStorage storage, TOTPUsedCode usedC
                     storage.insertUsedCode_Transaction(con, new TenantIdentifier(null, null, null), usedCode);
                     storage.commitTransaction(con);
                     return null;
-                } catch (TotpNotEnabledException | UsedCodeAlreadyExistsException e) {
+                } catch (UnknownDeviceException | UsedCodeAlreadyExistsException e) {
                     throw new StorageTransactionLogicException(e);
                 } catch (TenantOrAppNotFoundException e) {
                     throw new IllegalStateException(e);
                 }
             });
         } catch (StorageTransactionLogicException e) {
             Exception actual = e.actualException;
-            if (actual instanceof TotpNotEnabledException || actual instanceof UsedCodeAlreadyExistsException) {
+            if (actual instanceof UnknownDeviceException || actual instanceof UsedCodeAlreadyExistsException) {
                 throw actual;
             } else {
                 throw e;

src/test/java/io/supertokens/test/totp/TOTPRecipeTest.java

@@ -23,18 +23,13 @@
 import io.supertokens.cronjobs.deleteExpiredTotpTokens.DeleteExpiredTotpTokens;
 import io.supertokens.featureflag.EE_FEATURES;
 import io.supertokens.featureflag.FeatureFlagTestContent;
-import io.supertokens.featureflag.exceptions.InvalidLicenseKeyException;
-import io.supertokens.httpRequest.HttpResponseException;
-import io.supertokens.pluginInterface.STORAGE_TYPE;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
 import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
-import io.supertokens.pluginInterface.STORAGE_TYPE;
 import io.supertokens.pluginInterface.totp.TOTPDevice;
 import io.supertokens.pluginInterface.totp.TOTPStorage;
 import io.supertokens.pluginInterface.totp.TOTPUsedCode;
 import io.supertokens.pluginInterface.totp.exception.DeviceAlreadyExistsException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
 import io.supertokens.storageLayer.StorageLayer;

src/test/java/io/supertokens/test/totp/TOTPStorageTest.java

@@ -14,7 +14,6 @@
 import io.supertokens.pluginInterface.totp.TOTPStorage;
 import io.supertokens.pluginInterface.totp.TOTPUsedCode;
 import io.supertokens.pluginInterface.totp.exception.DeviceAlreadyExistsException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.pluginInterface.totp.exception.UsedCodeAlreadyExistsException;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
@@ -27,8 +26,6 @@
 import org.junit.Test;
 import org.junit.rules.TestRule;
 
-import java.io.IOException;
-
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThrows;
 
@@ -89,15 +86,15 @@ private static TOTPUsedCode[] getAllUsedCodesUtil(TOTPStorage storage, String us
     }
 
     public static void insertUsedCodesUtil(TOTPSQLStorage storage, TOTPUsedCode[] usedCodes)
-            throws StorageQueryException, StorageTransactionLogicException, TotpNotEnabledException,
+            throws StorageQueryException, StorageTransactionLogicException, UnknownDeviceException,
             UsedCodeAlreadyExistsException {
         try {
             storage.startTransaction(con -> {
                 try {
                     for (TOTPUsedCode usedCode : usedCodes) {
                         storage.insertUsedCode_Transaction(con, new TenantIdentifier(null, null, null), usedCode);
                     }
-                } catch (TotpNotEnabledException | UsedCodeAlreadyExistsException e) {
+                } catch (UnknownDeviceException | UsedCodeAlreadyExistsException e) {
                     throw new StorageTransactionLogicException(e);
                 } catch (TenantOrAppNotFoundException e) {
                     throw new IllegalStateException(e);
@@ -108,8 +105,8 @@ public static void insertUsedCodesUtil(TOTPSQLStorage storage, TOTPUsedCode[] us
             });
         } catch (StorageTransactionLogicException e) {
             Exception actual = e.actualException;
-            if (actual instanceof TotpNotEnabledException) {
-                throw (TotpNotEnabledException) actual;
+            if (actual instanceof UnknownDeviceException) {
+                throw (UnknownDeviceException) actual;
             } else if (actual instanceof UsedCodeAlreadyExistsException) {
                 throw (UsedCodeAlreadyExistsException) actual;
             }
@@ -404,7 +401,7 @@ public void insertUsedCodeTest() throws Exception {
 
         // Try to insert code when user doesn't have any device (i.e. TOTP not enabled)
         {
-            assertThrows(TotpNotEnabledException.class,
+            assertThrows(UnknownDeviceException.class,
                     () -> insertUsedCodesUtil(storage, new TOTPUsedCode[]{
                             new TOTPUsedCode("new-user-without-totp", "1234", true, nextDay,
                                     System.currentTimeMillis())
@@ -423,7 +420,7 @@ public void insertUsedCodeTest() throws Exception {
         }
 
         // Try to insert code when user doesn't exist:
-        assertThrows(TotpNotEnabledException.class,
+        assertThrows(UnknownDeviceException.class,
                 () -> insertUsedCodesUtil(storage, new TOTPUsedCode[]{
                         new TOTPUsedCode("non-existent-user", "1234", true, nextDay,
                                 System.currentTimeMillis())

src/test/java/io/supertokens/test/totp/api/CreateTotpDeviceAPITest.java

@@ -88,17 +88,15 @@ public void testApi() throws Exception {
 
         JsonObject body = new JsonObject();
 
-        // Missing userId/deviceName/skew/period
+        // Missing userId/skew/period
         {
             Exception e = createDeviceRequest(process, body);
             checkFieldMissingErrorResponse(e, "userId");
+
+            body.addProperty("deviceName", "");
 
             body.addProperty("userId", "");
             e = createDeviceRequest(process, body);
-            checkFieldMissingErrorResponse(e, "deviceName");
-
-            body.addProperty("deviceName", "");
-            e = createDeviceRequest(process, body);
             checkFieldMissingErrorResponse(e, "skew");
 
             body.addProperty("skew", -1);
@@ -138,6 +136,7 @@ public void testApi() throws Exception {
                     Utils.getCdiVersionStringLatestForTests(),
                     "totp");
             assert res.get("status").getAsString().equals("OK");
+            assert res.get("deviceName").getAsString().equals("d1");
 
             // try again with same device:
             JsonObject res2 = HttpRequestForTesting.sendJsonPOSTRequest(
@@ -151,6 +150,21 @@ public void testApi() throws Exception {
                     Utils.getCdiVersionStringLatestForTests(),
                     "totp");
             assert res2.get("status").getAsString().equals("DEVICE_ALREADY_EXISTS_ERROR");
+
+            // try without passing deviceName:
+            body.remove("deviceName");
+            JsonObject res3 = HttpRequestForTesting.sendJsonPOSTRequest(
+                    process.getProcess(),
+                    "",
+                    "http://localhost:3567/recipe/totp/device",
+                    body,
+                    1000,
+                    1000,
+                    null,
+                    Utils.getCdiVersionStringLatestForTests(),
+                    "totp");
+            assert res3.get("status").getAsString().equals("OK");
+            assert res3.get("deviceName").getAsString().equals("TOTP Device 2");
         }
 
         process.kill();