rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-11-01 11:06:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(users): Fix bugs caused by the new token only flows (#4607)

Browse Source
This commit is contained in:
Mani Chandra
2024-05-09 19:39:02 +05:30
committed by GitHub
parent c0bb117f24
commit a0f11d79ad
3 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/router/src/consts.rs
View File

@ -70,7 +70,9 @@ pub const LOCKER_REDIS_EXPIRY_SECONDS: u32 = 60 * 15; // 15 minutes
pub const JWT_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24 * 2; // 2 days pub const JWT_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24 * 2; // 2 days
pub const SINGLE_PURPOSE_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24; // 1 day // This should be one day, but it is causing issue while checking token in blacklist.
// TODO: This should be fixed in future.
pub const SINGLE_PURPOSE_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24 * 2; // 2 days
pub const JWT_TOKEN_COOKIE_NAME: &str = "login_token"; pub const JWT_TOKEN_COOKIE_NAME: &str = "login_token";

4
crates/router/src/core/user.rs
View File

@ -1445,9 +1445,13 @@ pub async fn verify_email_token_only_flow(
.change_context(UserErrors::InternalServerError)? .change_context(UserErrors::InternalServerError)?
.into(); .into();
if matches!(user_token.origin, domain::Origin::VerifyEmail)
|| matches!(user_token.origin, domain::Origin::MagicLink)
{
let _ = auth::blacklist::insert_email_token_in_blacklist(&state, &token) let _ = auth::blacklist::insert_email_token_in_blacklist(&state, &token)
.await .await
.map_err(|e| logger::error!(?e)); .map_err(|e| logger::error!(?e));
}
let current_flow = let current_flow =
domain::CurrentFlow::new(user_token.origin, domain::SPTFlow::VerifyEmail.into())?; domain::CurrentFlow::new(user_token.origin, domain::SPTFlow::VerifyEmail.into())?;

28
crates/router/src/types/domain/user.rs
View File

@ -1,4 +1,8 @@
use std::{collections::HashSet, ops, str::FromStr}; use std::{
collections::HashSet,
ops::{self, Not},
str::FromStr,
};
use api_models::{ use api_models::{
admin as admin_api, organization as api_org, user as user_api, user_role as user_role_api, admin as admin_api, organization as api_org, user as user_api, user_role as user_role_api,
@ -172,8 +176,7 @@ impl UserPassword {
has_upper_case = has_upper_case || c.is_uppercase(); has_upper_case = has_upper_case || c.is_uppercase();
has_lower_case = has_lower_case || c.is_lowercase(); has_lower_case = has_lower_case || c.is_lowercase();
has_numeric_value = has_numeric_value || c.is_numeric(); has_numeric_value = has_numeric_value || c.is_numeric();
has_special_character = has_special_character = has_special_character || !c.is_alphanumeric();
has_special_character || !(c.is_alphanumeric() && c.is_whitespace());
has_whitespace = has_whitespace || c.is_whitespace(); has_whitespace = has_whitespace || c.is_whitespace();
} }
@ -510,6 +513,7 @@ pub struct NewUser {
email: UserEmail, email: UserEmail,
password: UserPassword, password: UserPassword,
new_merchant: NewUserMerchant, new_merchant: NewUserMerchant,
is_temporary_password: bool,
} }
impl NewUser { impl NewUser {
@ -614,12 +618,20 @@ impl TryFrom<NewUser> for storage_user::UserNew {
fn try_from(value: NewUser) -> UserResult<Self> { fn try_from(value: NewUser) -> UserResult<Self> {
let hashed_password = password::generate_password_hash(value.password.get_secret())?; let hashed_password = password::generate_password_hash(value.password.get_secret())?;
let now = common_utils::date_time::now();
Ok(Self { Ok(Self {
user_id: value.get_user_id(), user_id: value.get_user_id(),
name: value.get_name(), name: value.get_name(),
email: value.get_email().into_inner(), email: value.get_email().into_inner(),
password: hashed_password, password: hashed_password,
..Default::default() is_verified: false,
created_at: Some(now),
last_modified_at: Some(now),
preferred_merchant_id: None,
totp_status: TotpStatus::NotSet,
totp_secret: None,
totp_recovery_codes: None,
last_password_modified_at: value.is_temporary_password.not().then_some(now),
}) })
} }
} }
@ -640,6 +652,7 @@ impl TryFrom<user_api::SignUpWithMerchantIdRequest> for NewUser {
password, password,
user_id, user_id,
new_merchant, new_merchant,
is_temporary_password: false,
}) })
} }
} }
@ -660,6 +673,7 @@ impl TryFrom<user_api::SignUpRequest> for NewUser {
email, email,
password, password,
new_merchant, new_merchant,
is_temporary_password: false,
}) })
} }
} }
@ -680,6 +694,7 @@ impl TryFrom<user_api::ConnectAccountRequest> for NewUser {
email, email,
password, password,
new_merchant, new_merchant,
is_temporary_password: true,
}) })
} }
} }
@ -700,6 +715,7 @@ impl TryFrom<user_api::CreateInternalUserRequest> for NewUser {
email, email,
password, password,
new_merchant, new_merchant,
is_temporary_password: false,
}) })
} }
} }
@ -717,6 +733,9 @@ impl TryFrom<UserMerchantCreateRequestWithToken> for NewUser {
email: user.0.email.clone().try_into()?, email: user.0.email.clone().try_into()?,
password: UserPassword::new_password_without_validation(user.0.password)?, password: UserPassword::new_password_without_validation(user.0.password)?,
new_merchant, new_merchant,
// This is true because we are not creating a user with this request. And if it is set
// to false, last_password_modified_at will be overwritten if this user is inserted.
is_temporary_password: true,
}) })
} }
} }
@ -736,6 +755,7 @@ impl TryFrom<InviteeUserRequestWithInvitedUserToken> for NewUser {
email, email,
password, password,
new_merchant, new_merchant,
is_temporary_password: true,
}) })
} }
} }