supertokens-node
Advanced tools
Comparing version 17.0.2 to 17.0.3
@@ -332,2 +332,8 @@ // @ts-nocheck | ||
>; | ||
filterOutInvalidFirstFactorsOrThrowIfAllAreInvalid: ( | ||
factorIds: string[], | ||
tenantId: string, | ||
hasSession: boolean, | ||
userContext: UserContext | ||
) => Promise<string[]>; | ||
}; |
@@ -113,3 +113,3 @@ "use strict"; | ||
// then we do not want to include a link in the email. | ||
const validFirstFactors = await filterOutInvalidFirstFactorsOrThrowIfAllAreInvalid( | ||
const validFirstFactors = await exports.AuthUtils.filterOutInvalidFirstFactorsOrThrowIfAllAreInvalid( | ||
factorIds, | ||
@@ -816,2 +816,35 @@ tenantId, | ||
}, | ||
filterOutInvalidFirstFactorsOrThrowIfAllAreInvalid: async function (factorIds, tenantId, hasSession, userContext) { | ||
let validFactorIds = []; | ||
for (const id of factorIds) { | ||
// This util takes the tenant config into account (if it exists), then the MFA (static) config if it was initialized and set. | ||
let validRes = await utils_2.isValidFirstFactor(tenantId, id, userContext); | ||
if (validRes.status === "TENANT_NOT_FOUND_ERROR") { | ||
if (hasSession) { | ||
throw new error_1.default({ | ||
type: error_1.default.UNAUTHORISED, | ||
message: "Tenant not found", | ||
}); | ||
} else { | ||
throw new Error("Tenant not found error."); | ||
} | ||
} else if (validRes.status === "OK") { | ||
validFactorIds.push(id); | ||
} | ||
} | ||
if (validFactorIds.length === 0) { | ||
if (!hasSession) { | ||
throw new error_1.default({ | ||
type: error_1.default.UNAUTHORISED, | ||
message: "A valid session is required to authenticate with secondary factors", | ||
}); | ||
} else { | ||
throw new error_2.default({ | ||
type: error_2.default.BAD_INPUT_ERROR, | ||
message: "First factor sign in/up called for a non-first factor with an active session.", | ||
}); | ||
} | ||
} | ||
return validFactorIds; | ||
}, | ||
}; | ||
@@ -925,34 +958,1 @@ async function filterOutInvalidSecondFactorsOrThrowIfAllAreInvalid( | ||
} | ||
async function filterOutInvalidFirstFactorsOrThrowIfAllAreInvalid(factorIds, tenantId, hasSession, userContext) { | ||
let validFactorIds = []; | ||
for (const id of factorIds) { | ||
// This util takes the tenant config into account (if it exists), then the MFA (static) config if it was initialized and set. | ||
let validRes = await utils_2.isValidFirstFactor(tenantId, id, userContext); | ||
if (validRes.status === "TENANT_NOT_FOUND_ERROR") { | ||
if (hasSession) { | ||
throw new error_1.default({ | ||
type: error_1.default.UNAUTHORISED, | ||
message: "Tenant not found", | ||
}); | ||
} else { | ||
throw new Error("Tenant not found error."); | ||
} | ||
} else if (validRes.status === "OK") { | ||
validFactorIds.push(id); | ||
} | ||
} | ||
if (validFactorIds.length === 0) { | ||
if (!hasSession) { | ||
throw new error_1.default({ | ||
type: error_1.default.UNAUTHORISED, | ||
message: "A valid session is required to authenticate with secondary factors", | ||
}); | ||
} else { | ||
throw new error_2.default({ | ||
type: error_2.default.BAD_INPUT_ERROR, | ||
message: "First factor sign in/up called for a non-first factor with an active session.", | ||
}); | ||
} | ||
} | ||
return validFactorIds; | ||
} |
@@ -297,2 +297,11 @@ "use strict"; | ||
factorIds = utils_1.getEnabledPwlessFactors(input.options.config); | ||
if (accountInfo.email !== undefined) { | ||
factorIds = factorIds.filter((factor) => | ||
[multifactorauth_1.FactorIds.OTP_EMAIL, multifactorauth_1.FactorIds.LINK_EMAIL].includes(factor) | ||
); | ||
} else { | ||
factorIds = factorIds.filter((factor) => | ||
[multifactorauth_1.FactorIds.OTP_PHONE, multifactorauth_1.FactorIds.LINK_PHONE].includes(factor) | ||
); | ||
} | ||
} | ||
@@ -430,3 +439,3 @@ const preAuthChecks = await authUtils_1.AuthUtils.preAuthChecks({ | ||
deviceId: response.deviceId, | ||
flowType: input.options.config.flowType, | ||
flowType: flowType, | ||
preAuthSessionId: response.preAuthSessionId, | ||
@@ -537,3 +546,31 @@ }; | ||
let userInputCode = undefined; | ||
const flowType = input.options.config.flowType; | ||
// This mirrors how we construct factorIds in createCodePOST | ||
let factorIds; | ||
if (input.session !== undefined) { | ||
if (deviceInfo.email !== undefined) { | ||
factorIds = [multifactorauth_1.FactorIds.OTP_EMAIL]; | ||
} else { | ||
factorIds = [multifactorauth_1.FactorIds.OTP_PHONE]; | ||
} | ||
// We do not do further filtering here, since we know the exact factor id and the fact that it was created | ||
// which means it was allowed and the user is allowed to re-send it. | ||
// We will execute all check when the code is consumed anyway. | ||
} else { | ||
factorIds = utils_1.getEnabledPwlessFactors(input.options.config); | ||
factorIds = await authUtils_1.AuthUtils.filterOutInvalidFirstFactorsOrThrowIfAllAreInvalid( | ||
factorIds, | ||
input.tenantId, | ||
false, | ||
input.userContext | ||
); | ||
} | ||
// This is correct because in createCodePOST we only allow OTP_EMAIL | ||
let flowType = input.options.config.flowType; | ||
if (factorIds.every((id) => id.startsWith("link"))) { | ||
flowType = "MAGIC_LINK"; | ||
} else if (factorIds.every((id) => id.startsWith("otp"))) { | ||
flowType = "USER_INPUT_CODE"; | ||
} else { | ||
flowType = "USER_INPUT_CODE_AND_MAGIC_LINK"; | ||
} | ||
if (flowType === "MAGIC_LINK" || flowType === "USER_INPUT_CODE_AND_MAGIC_LINK") { | ||
@@ -540,0 +577,0 @@ magicLink = |
// @ts-nocheck | ||
export declare const version = "17.0.2"; | ||
export declare const version = "17.0.3"; | ||
export declare const cdiSupported: string[]; | ||
export declare const dashboardVersion = "0.11"; |
@@ -18,5 +18,5 @@ "use strict"; | ||
*/ | ||
exports.version = "17.0.2"; | ||
exports.version = "17.0.3"; | ||
exports.cdiSupported = ["5.0"]; | ||
// Note: The actual script import for dashboard uses v{DASHBOARD_VERSION} | ||
exports.dashboardVersion = "0.11"; |
{ | ||
"name": "supertokens-node", | ||
"version": "17.0.2", | ||
"version": "17.0.3", | ||
"description": "NodeJS driver for SuperTokens core", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
Sorry, the diff of this file is too big to display
2069662
45197