refactor: Replace TOTP_NOT_ENABLED_ERROR status and make deviceName optional

src/main/java/io/supertokens/inmemorydb/Start.java

@@ -68,7 +68,6 @@
 import io.supertokens.pluginInterface.totp.TOTPStorage;
 import io.supertokens.pluginInterface.totp.TOTPUsedCode;
 import io.supertokens.pluginInterface.totp.exception.DeviceAlreadyExistsException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.pluginInterface.totp.exception.UsedCodeAlreadyExistsException;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
@@ -1257,7 +1256,7 @@ public int countUsersEnabledTotpAndActiveSince(AppIdentifier appIdentifier, long
             throw new StorageQueryException(e);
         }
     }
-    
+
     @Override
     public int countUsersEnabledMfa(AppIdentifier appIdentifier) throws StorageQueryException {
         try {
@@ -1266,7 +1265,7 @@ public int countUsersEnabledMfa(AppIdentifier appIdentifier) throws StorageQuery
             throw new StorageQueryException(e);
         }
     }
-    
+
     @Override
     public int countUsersEnabledMfaAndActiveSince(AppIdentifier appIdentifier, long time)
             throws StorageQueryException {
@@ -2673,7 +2672,7 @@ public TOTPDevice[] getDevices_Transaction(TransactionConnection con, AppIdentif
     @Override
     public void insertUsedCode_Transaction(TransactionConnection con, TenantIdentifier tenantIdentifier,
                                            TOTPUsedCode usedCodeObj)
-            throws StorageQueryException, TotpNotEnabledException, UsedCodeAlreadyExistsException,
+            throws StorageQueryException, UnknownDeviceException, UsedCodeAlreadyExistsException,
             TenantOrAppNotFoundException {
         Connection sqlCon = (Connection) con.getConnection();
         try {
@@ -2687,7 +2686,7 @@ public void insertUsedCode_Transaction(TransactionConnection con, TenantIdentifi
                     Config.getConfig(this).getTotpUsersTable(),
                     new String[]{"app_id", "user_id"},
                     new Object[]{tenantIdentifier.getAppId(), usedCodeObj.userId})) {
-                throw new TotpNotEnabledException();
+                throw new UnknownDeviceException();
 
             } else if (isForeignKeyConstraintError(
                     e.getMessage(),

src/main/java/io/supertokens/totp/Totp.java

@@ -15,7 +15,6 @@
 import io.supertokens.pluginInterface.totp.TOTPDevice;
 import io.supertokens.pluginInterface.totp.TOTPUsedCode;
 import io.supertokens.pluginInterface.totp.exception.DeviceAlreadyExistsException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.pluginInterface.totp.exception.UsedCodeAlreadyExistsException;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
@@ -107,6 +106,11 @@ public static TOTPDevice registerDevice(AppIdentifierWithStorage appIdentifierWi
         }
 
         TOTPSQLStorage totpStorage = appIdentifierWithStorage.getTOTPStorage();
+
+        if (deviceName == null) {
+            TOTPDevice[] devices = totpStorage.getDevices(appIdentifierWithStorage, userId);
+            deviceName = "TOTP Device " + (devices.length + 1);
+        }
 
         String secret = generateSecret();
         TOTPDevice device = new TOTPDevice(userId, deviceName, secret, period, skew, false);
@@ -118,7 +122,7 @@ public static TOTPDevice registerDevice(AppIdentifierWithStorage appIdentifierWi
     private static void checkAndStoreCode(TenantIdentifierWithStorage tenantIdentifierWithStorage, Main main,
                                           String userId, TOTPDevice[] devices,
                                           String code)
-            throws InvalidTotpException, TotpNotEnabledException,
+            throws InvalidTotpException, UnknownDeviceException,
             LimitReachedException, StorageQueryException, StorageTransactionLogicException,
             TenantOrAppNotFoundException {
         // Note that the TOTP cron runs every 1 hour, so all the expired tokens can stay
@@ -241,7 +245,7 @@ private static void checkAndStoreCode(TenantIdentifierWithStorage tenantIdentifi
                         try {
                             totpSQLStorage.insertUsedCode_Transaction(con, tenantIdentifierWithStorage, newCode);
                             totpSQLStorage.commitTransaction(con);
-                        } catch (UsedCodeAlreadyExistsException | TotpNotEnabledException e) {
+                        } catch (UsedCodeAlreadyExistsException | UnknownDeviceException e) {
                             throw new StorageTransactionLogicException(e);
                         }
 
@@ -264,8 +268,8 @@ private static void checkAndStoreCode(TenantIdentifierWithStorage tenantIdentifi
                     throw (LimitReachedException) e.actualException;
                 } else if (e.actualException instanceof InvalidTotpException) {
                     throw (InvalidTotpException) e.actualException;
-                } else if (e.actualException instanceof TotpNotEnabledException) {
-                    throw (TotpNotEnabledException) e.actualException;
+                } else if (e.actualException instanceof UnknownDeviceException) {
+                    throw (UnknownDeviceException) e.actualException;
                 } else if (e.actualException instanceof UsedCodeAlreadyExistsException) {
                     // retry the transaction after a small delay:
                     int delayInMs = (int) (Math.random() * 10 + 1);
@@ -284,7 +288,7 @@ private static void checkAndStoreCode(TenantIdentifierWithStorage tenantIdentifi
     @TestOnly
     public static boolean verifyDevice(Main main,
                                        String userId, String deviceName, String code)
-            throws TotpNotEnabledException, UnknownDeviceException, InvalidTotpException,
+            throws UnknownDeviceException, InvalidTotpException,
             LimitReachedException, StorageQueryException, StorageTransactionLogicException {
         try {
             return verifyDevice(new TenantIdentifierWithStorage(null, null, null, StorageLayer.getStorage(main)), main,
@@ -296,7 +300,7 @@ public static boolean verifyDevice(Main main,
 
     public static boolean verifyDevice(TenantIdentifierWithStorage tenantIdentifierWithStorage, Main main,
                                        String userId, String deviceName, String code)
-            throws TotpNotEnabledException, UnknownDeviceException, InvalidTotpException,
+            throws UnknownDeviceException, InvalidTotpException,
             LimitReachedException, StorageQueryException, StorageTransactionLogicException,
             TenantOrAppNotFoundException {
         // Here boolean return value tells whether the device has been
@@ -312,7 +316,7 @@ public static boolean verifyDevice(TenantIdentifierWithStorage tenantIdentifierW
         // Check if the user has any devices:
         TOTPDevice[] devices = totpStorage.getDevices(tenantIdentifierWithStorage.toAppIdentifier(), userId);
         if (devices.length == 0) {
-            throw new TotpNotEnabledException();
+            throw new UnknownDeviceException();
         }
 
         // Check if the requested device exists:
@@ -337,8 +341,12 @@ public static boolean verifyDevice(TenantIdentifierWithStorage tenantIdentifierW
         // verified in the devices table (because it was deleted/renamed). So the user
         // gets a UnknownDevceException.
         // This behaviour is okay so we can ignore it.
-        checkAndStoreCode(tenantIdentifierWithStorage, main, userId, new TOTPDevice[]{matchingDevice},
-                code);
+        try{
+            checkAndStoreCode(tenantIdentifierWithStorage, main, userId, new TOTPDevice[]{matchingDevice}, code);
+        } catch (UnknownDeviceException e) {
+            // User must have deleted the device in parallel.
+            throw new UnknownDeviceException();
+        }
         // Will reach here only if the code is valid:
         totpStorage.markDeviceAsVerified(tenantIdentifierWithStorage.toAppIdentifier(), userId, deviceName);
         return true; // Newly verified
@@ -347,7 +355,7 @@ public static boolean verifyDevice(TenantIdentifierWithStorage tenantIdentifierW
     @TestOnly
     public static void verifyCode(Main main, String userId,
                                   String code, boolean allowUnverifiedDevices)
-            throws TotpNotEnabledException, InvalidTotpException, LimitReachedException,
+            throws InvalidTotpException, LimitReachedException,
             StorageQueryException, StorageTransactionLogicException, FeatureNotEnabledException {
         try {
             verifyCode(new TenantIdentifierWithStorage(null, null, null, StorageLayer.getStorage(main)), main,
@@ -359,7 +367,7 @@ public static void verifyCode(Main main, String userId,
 
     public static void verifyCode(TenantIdentifierWithStorage tenantIdentifierWithStorage, Main main, String userId,
                                   String code, boolean allowUnverifiedDevices)
-            throws TotpNotEnabledException, InvalidTotpException, LimitReachedException,
+            throws InvalidTotpException, LimitReachedException,
             StorageQueryException, StorageTransactionLogicException, FeatureNotEnabledException,
             TenantOrAppNotFoundException {
 
@@ -374,7 +382,8 @@ public static void verifyCode(TenantIdentifierWithStorage tenantIdentifierWithSt
         // Check if the user has any devices:
         TOTPDevice[] devices = totpStorage.getDevices(tenantIdentifierWithStorage.toAppIdentifier(), userId);
         if (devices.length == 0) {
-            throw new TotpNotEnabledException();
+            // No devices found. So we can't verify the code anyway.
+            throw new InvalidTotpException();
         }
 
         // Filter out unverified devices:
@@ -386,13 +395,19 @@ public static void verifyCode(TenantIdentifierWithStorage tenantIdentifierWithSt
         // another API call. We will still check the code against the updated set of
         // devices and store it in the used codes table. This behaviour is okay so we
         // can ignore it.
-        checkAndStoreCode(tenantIdentifierWithStorage, main, userId, devices, code);
+        try{
+            checkAndStoreCode(tenantIdentifierWithStorage, main, userId, devices, code);
+        } catch (UnknownDeviceException e) {
+            // User must have deleted the device in parallel
+            // since they cannot un-verify a device (no API exists)
+            throw new InvalidTotpException();
+        }
     }
 
     @TestOnly
     public static void removeDevice(Main main, String userId,
                                     String deviceName)
-            throws StorageQueryException, UnknownDeviceException, TotpNotEnabledException,
+            throws StorageQueryException, UnknownDeviceException,
             StorageTransactionLogicException {
         try {
             removeDevice(new AppIdentifierWithStorage(null, null, StorageLayer.getStorage(main)),
@@ -407,7 +422,7 @@ public static void removeDevice(Main main, String userId,
      */
     public static void removeDevice(AppIdentifierWithStorage appIdentifierWithStorage, String userId,
                                     String deviceName)
-            throws StorageQueryException, UnknownDeviceException, TotpNotEnabledException,
+            throws StorageQueryException, UnknownDeviceException,
             StorageTransactionLogicException, TenantOrAppNotFoundException {
         TOTPSQLStorage storage = appIdentifierWithStorage.getTOTPStorage();
 
@@ -432,12 +447,6 @@ public static void removeDevice(AppIdentifierWithStorage appIdentifierWithStorag
             return;
         } catch (StorageTransactionLogicException e) {
             if (e.actualException instanceof UnknownDeviceException) {
-                // Check if any device exists for the user:
-                TOTPDevice[] devices = storage.getDevices(appIdentifierWithStorage, userId);
-                if (devices.length == 0) {
-                    throw new TotpNotEnabledException();
-                }
-
                 throw (UnknownDeviceException) e.actualException;
             }
 
@@ -448,8 +457,7 @@ public static void removeDevice(AppIdentifierWithStorage appIdentifierWithStorag
     @TestOnly
     public static void updateDeviceName(Main main, String userId,
                                         String oldDeviceName, String newDeviceName)
-            throws StorageQueryException, DeviceAlreadyExistsException, UnknownDeviceException,
-            TotpNotEnabledException {
+            throws StorageQueryException, DeviceAlreadyExistsException, UnknownDeviceException {
         try {
             updateDeviceName(new AppIdentifierWithStorage(null, null, StorageLayer.getStorage(main)),
                     userId, oldDeviceName, newDeviceName);
@@ -460,25 +468,14 @@ public static void updateDeviceName(Main main, String userId,
 
     public static void updateDeviceName(AppIdentifierWithStorage appIdentifierWithStorage, String userId,
                                         String oldDeviceName, String newDeviceName)
-            throws StorageQueryException, DeviceAlreadyExistsException, UnknownDeviceException,
-            TotpNotEnabledException, TenantOrAppNotFoundException {
+            throws StorageQueryException, DeviceAlreadyExistsException, UnknownDeviceException, TenantOrAppNotFoundException {
         TOTPSQLStorage totpStorage = appIdentifierWithStorage.getTOTPStorage();
-        try {
-            totpStorage.updateDeviceName(appIdentifierWithStorage, userId, oldDeviceName, newDeviceName);
-        } catch (UnknownDeviceException e) {
-            // Check if any device exists for the user:
-            TOTPDevice[] devices = totpStorage.getDevices(appIdentifierWithStorage, userId);
-            if (devices.length == 0) {
-                throw new TotpNotEnabledException();
-            } else {
-                throw e;
-            }
-        }
+        totpStorage.updateDeviceName(appIdentifierWithStorage, userId, oldDeviceName, newDeviceName);
     }
 
     @TestOnly
     public static TOTPDevice[] getDevices(Main main, String userId)
-            throws StorageQueryException, TotpNotEnabledException {
+            throws StorageQueryException {
         try {
             return getDevices(new AppIdentifierWithStorage(null, null, StorageLayer.getStorage(main)),
                     userId);
@@ -488,13 +485,10 @@ public static TOTPDevice[] getDevices(Main main, String userId)
     }
 
     public static TOTPDevice[] getDevices(AppIdentifierWithStorage appIdentifierWithStorage, String userId)
-            throws StorageQueryException, TotpNotEnabledException, TenantOrAppNotFoundException {
+            throws StorageQueryException, TenantOrAppNotFoundException {
         TOTPSQLStorage totpStorage = appIdentifierWithStorage.getTOTPStorage();
 
         TOTPDevice[] devices = totpStorage.getDevices(appIdentifierWithStorage, userId);
-        if (devices.length == 0) {
-            throw new TotpNotEnabledException();
-        }
         return devices;
     }
 

src/main/java/io/supertokens/webserver/api/totp/CreateOrUpdateTotpDeviceAPI.java

@@ -11,7 +11,6 @@
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 import io.supertokens.pluginInterface.totp.TOTPDevice;
 import io.supertokens.pluginInterface.totp.exception.DeviceAlreadyExistsException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.totp.Totp;
 import io.supertokens.useridmapping.UserIdType;
@@ -42,7 +41,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
         JsonObject input = InputParser.parseJsonObjectOrThrowError(req);
 
         String userId = InputParser.parseStringOrThrowError(input, "userId", false);
-        String deviceName = InputParser.parseStringOrThrowError(input, "deviceName", false);
+        String deviceName = InputParser.parseStringOrThrowError(input, "deviceName", true);
         Integer skew = InputParser.parseIntOrThrowError(input, "skew", false);
         Integer period = InputParser.parseIntOrThrowError(input, "period", false);
 
@@ -52,7 +51,8 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
         if (userId.isEmpty()) {
             throw new ServletException(new BadRequestException("userId cannot be empty"));
         }
-        if (deviceName.isEmpty()) {
+        if (deviceName != null && deviceName.isEmpty()) {
+            // Only Null or valid device name are allowed
             throw new ServletException(new BadRequestException("deviceName cannot be empty"));
         }
         if (skew < 0) {
@@ -87,6 +87,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
             TOTPDevice device = Totp.registerDevice(appIdentifierWithStorage, main, userId, deviceName, skew, period);
 
             result.addProperty("status", "OK");
+            result.addProperty("deviceName", device.deviceName);
             result.addProperty("secret", device.secretKey);
             super.sendJsonResponse(200, result, resp);
         } catch (DeviceAlreadyExistsException e) {
@@ -143,9 +144,6 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
 
             result.addProperty("status", "OK");
             super.sendJsonResponse(200, result, resp);
-        } catch (TotpNotEnabledException e) {
-            result.addProperty("status", "TOTP_NOT_ENABLED_ERROR");
-            super.sendJsonResponse(200, result, resp);
         } catch (UnknownDeviceException e) {
             result.addProperty("status", "UNKNOWN_DEVICE_ERROR");
             super.sendJsonResponse(200, result, resp);

src/main/java/io/supertokens/webserver/api/totp/GetTotpDevicesAPI.java

@@ -10,7 +10,6 @@
 import io.supertokens.pluginInterface.multitenancy.AppIdentifierWithStorage;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 import io.supertokens.pluginInterface.totp.TOTPDevice;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.totp.Totp;
 import io.supertokens.useridmapping.UserIdType;
 import io.supertokens.webserver.InputParser;
@@ -80,9 +79,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
             result.addProperty("status", "OK");
             result.add("devices", devicesArray);
             super.sendJsonResponse(200, result, resp);
-        } catch (TotpNotEnabledException e) {
-            result.addProperty("status", "TOTP_NOT_ENABLED_ERROR");
-            super.sendJsonResponse(200, result, resp);
         } catch (StorageQueryException | TenantOrAppNotFoundException e) {
             throw new ServletException(e);
         }

src/main/java/io/supertokens/webserver/api/totp/RemoveTotpDeviceAPI.java

@@ -9,7 +9,6 @@
 import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
 import io.supertokens.pluginInterface.multitenancy.AppIdentifierWithStorage;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
-import io.supertokens.pluginInterface.totp.exception.TotpNotEnabledException;
 import io.supertokens.pluginInterface.totp.exception.UnknownDeviceException;
 import io.supertokens.totp.Totp;
 import io.supertokens.useridmapping.UserIdType;
@@ -75,9 +74,6 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
             result.addProperty("status", "OK");
             result.addProperty("didDeviceExist", true);
             super.sendJsonResponse(200, result, resp);
-        } catch (TotpNotEnabledException e) {
-            result.addProperty("status", "TOTP_NOT_ENABLED_ERROR");
-            super.sendJsonResponse(200, result, resp);
         } catch (UnknownDeviceException e) {
             result.addProperty("status", "OK");
             result.addProperty("didDeviceExist", false);