From ac0f0015998301ea982867df7bb028cec4e0620c Mon Sep 17 00:00:00 2001 From: Baozier Date: Wed, 20 Nov 2024 20:35:42 -0500 Subject: [PATCH] Change verification/mfa/reset code to be 6 digits (#193) --- package.json | 2 +- .../__tests__/normal/identity-main.test.tsx | 2 +- .../__tests__/normal/identity-mfa.test.tsx | 24 +++++++++---------- .../__tests__/normal/identity-other.test.tsx | 18 +++++++------- .../__tests__/normal/identity-policy.test.tsx | 4 ++-- server/src/__tests__/normal/user.test.tsx | 2 +- server/src/configs/locale.ts | 4 ++-- server/src/dtos/identity.ts | 12 +++++----- server/src/services/email.tsx | 8 +++---- server/src/services/sms.ts | 2 +- server/src/utils/crypto.ts | 4 ++-- server/src/views/scripts/validate.ts | 2 +- 12 files changed, 42 insertions(+), 42 deletions(-) diff --git a/package.json b/package.json index 7df79ea1..57da5f54 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "melody-auth", - "version": "1.1.0", + "version": "1.1.1", "description": "A turnkey OAuth & authentication system.", "license": "MIT", "author": "Baozier", diff --git a/server/src/__tests__/normal/identity-main.test.tsx b/server/src/__tests__/normal/identity-main.test.tsx index d80acb45..2f4d7385 100644 --- a/server/src/__tests__/normal/identity-main.test.tsx +++ b/server/src/__tests__/normal/identity-main.test.tsx @@ -703,7 +703,7 @@ describe( expect(codeStore.request.clientId).toBe(appRecord.clientId) const verificationCode = await mockedKV.get(`${adapterConfig.BaseKVKey.EmailVerificationCode}-1`) ?? '' - expect(verificationCode.length).toBe(8) + expect(verificationCode.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) diff --git a/server/src/__tests__/normal/identity-mfa.test.tsx b/server/src/__tests__/normal/identity-mfa.test.tsx index 8d071e31..f1c36711 100644 --- a/server/src/__tests__/normal/identity-mfa.test.tsx +++ b/server/src/__tests__/normal/identity-mfa.test.tsx @@ -813,7 +813,7 @@ describe( const code = getCodeFromParams(params) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.SmsMfaCode}-${code}`) ?? '' - expect(mfaCode.length).toBe(8) + expect(mfaCode.length).toBe(6) const callArgs = mockFetch.mock.calls[0] as any[] const body = (callArgs[1] as unknown as { body: any }).body @@ -1097,7 +1097,7 @@ describe( expect(user.smsPhoneNumberVerified).toBe(0) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.SmsMfaCode}-${reqBody.code}`) ?? '' - expect(mfaCode.length).toBe(8) + expect(mfaCode.length).toBe(6) const callArgs = mockFetch.mock.calls[0] as any[] const body = (callArgs[1] as unknown as { body: any }).body @@ -1150,7 +1150,7 @@ describe( expect(user.smsPhoneNumberVerified).toBe(0) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.SmsMfaCode}-${reqBody.code}`) ?? '' - expect(mfaCode.length).toBe(8) + expect(mfaCode.length).toBe(6) const callArgs = mockFetch.mock.calls[0] as any[] const body = (callArgs[1] as unknown as { body: any }).body @@ -1244,7 +1244,7 @@ describe( expect(res.status).toBe(200) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.SmsMfaCode}-${reqBody.code}`) ?? '' - expect(mfaCode.length).toBe(8) + expect(mfaCode.length).toBe(6) const callArgs = mockFetch.mock.calls[0] as any[] const body = (callArgs[1] as unknown as { body: any }).body @@ -1495,7 +1495,7 @@ describe( ) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.SmsMfaCode}-${reqBody.code}`) - expect(mfaCode?.length).toBe(8) + expect(mfaCode?.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) const res = await app.request( @@ -1674,7 +1674,7 @@ describe( expect(document.getElementsByTagName('form').length).toBe(1) const code = getCodeFromParams(params) - expect((await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${code}`) ?? '').length).toBe(8) + expect((await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${code}`) ?? '').length).toBe(6) }, ) @@ -1811,7 +1811,7 @@ describe( const json = await res.json() expect(json).toStrictEqual({ success: true }) - expect((await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${body.code}`) ?? '').length).toBe(8) + expect((await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${body.code}`) ?? '').length).toBe(6) }, ) @@ -1912,7 +1912,7 @@ describe( const code = getCodeFromParams(params) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${code}`) - expect(mfaCode?.length).toBe(8) + expect(mfaCode?.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) const callArgs = mockFetch.mock.calls[0] as any[] @@ -2017,7 +2017,7 @@ describe( const code = getCodeFromParams(params) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${code}`) - expect(mfaCode?.length).toBe(8) + expect(mfaCode?.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) global.fetch = fetchMock @@ -2080,7 +2080,7 @@ describe( const code = getCodeFromParams(params) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${code}`) - expect(mfaCode?.length).toBe(8) + expect(mfaCode?.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) global.fetch = fetchMock @@ -2139,7 +2139,7 @@ describe( const code = getCodeFromParams(params) const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${code}`) - expect(mfaCode?.length).toBe(8) + expect(mfaCode?.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) const callArgs = mockFetch.mock.calls[0] as any[] @@ -2257,7 +2257,7 @@ describe( const code = body.code const mfaCode = await mockedKV.get(`${adapterConfig.BaseKVKey.EmailMfaCode}-${body.code}`) - expect(mfaCode?.length).toBe(8) + expect(mfaCode?.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) diff --git a/server/src/__tests__/normal/identity-other.test.tsx b/server/src/__tests__/normal/identity-other.test.tsx index e4f4ffed..907d16f5 100644 --- a/server/src/__tests__/normal/identity-other.test.tsx +++ b/server/src/__tests__/normal/identity-other.test.tsx @@ -59,7 +59,7 @@ describe( await prepareUserAccount() const currentUser = await db.prepare('select * from "user" where id = 1').get() as userModel.Raw expect(currentUser.emailVerified).toBe(0) - expect((await mockedKV.get(`${adapterConfig.BaseKVKey.EmailVerificationCode}-1`) ?? '').length).toBe(8) + expect((await mockedKV.get(`${adapterConfig.BaseKVKey.EmailVerificationCode}-1`) ?? '').length).toBe(6) const res = await app.request( `${routeConfig.IdentityRoute.VerifyEmail}?id=${currentUser.authId}&locale=en`, @@ -176,7 +176,7 @@ describe( method: 'POST', body: JSON.stringify({ id: currentUser.authId, - code: 'abcdefgh', + code: 'abcdef', }), }, mock(db), @@ -349,7 +349,7 @@ describe( expect(json).toStrictEqual({ success: true }) const code = await mockedKV.get(`${adapterConfig.BaseKVKey.PasswordResetCode}-1`) ?? '' - expect(code.length).toBe(8) + expect(code.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) @@ -415,7 +415,7 @@ describe( expect(json).toStrictEqual({ success: true }) const code = await mockedKV.get(`${adapterConfig.BaseKVKey.PasswordResetCode}-1`) ?? '' - expect(code.length).toBe(8) + expect(code.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) @@ -449,7 +449,7 @@ describe( expect(json).toStrictEqual({ success: true }) const code = await mockedKV.get(`${adapterConfig.BaseKVKey.PasswordResetCode}-1`) ?? '' - expect(code.length).toBe(8) + expect(code.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) @@ -504,7 +504,7 @@ describe( expect(json).toStrictEqual({ success: true }) const code = await mockedKV.get(`${adapterConfig.BaseKVKey.PasswordResetCode}-1`) ?? '' - expect(code.length).toBe(8) + expect(code.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) @@ -581,7 +581,7 @@ describe( expect(json).toStrictEqual({ success: true }) const code = await mockedKV.get(`${adapterConfig.BaseKVKey.PasswordResetCode}-1`) ?? '' - expect(code.length).toBe(8) + expect(code.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) @@ -664,7 +664,7 @@ describe( expect(json).toStrictEqual({ success: true }) const code = await mockedKV.get(`${adapterConfig.BaseKVKey.PasswordResetCode}-1`) ?? '' - expect(code.length).toBe(8) + expect(code.length).toBe(6) expect(sendEmailMock).toBeCalledTimes(1) const callArgs = sendEmailMock.mock.calls[0] as any[] @@ -777,7 +777,7 @@ describe( const body = { email: 'test@email.com', password: 'Password2!', - code: 'abcdefgh', + code: 'abcdef', } const res = await app.request( diff --git a/server/src/__tests__/normal/identity-policy.test.tsx b/server/src/__tests__/normal/identity-policy.test.tsx index 2d26b89c..0ea7895f 100644 --- a/server/src/__tests__/normal/identity-policy.test.tsx +++ b/server/src/__tests__/normal/identity-policy.test.tsx @@ -287,7 +287,7 @@ describe( const json = await res.json() expect(json).toStrictEqual({ success: true }) - expect((await mockedKV.get(`${adapterConfig.BaseKVKey.ChangeEmailCode}-1-test_new@email.com`) ?? '').length).toBe(8) + expect((await mockedKV.get(`${adapterConfig.BaseKVKey.ChangeEmailCode}-1-test_new@email.com`) ?? '').length).toBe(6) }, ) @@ -452,7 +452,7 @@ describe( locale: 'en', code: 'abc', email: 'test@email.com', - verificationCode: '12345678', + verificationCode: '123456', }), }, mock(db), diff --git a/server/src/__tests__/normal/user.test.tsx b/server/src/__tests__/normal/user.test.tsx index 2909dc08..cbe03668 100644 --- a/server/src/__tests__/normal/user.test.tsx +++ b/server/src/__tests__/normal/user.test.tsx @@ -638,7 +638,7 @@ describe( expect(json).toStrictEqual({ success: true }) const code = await mockedKV.get(`${adapterConfig.BaseKVKey.EmailVerificationCode}-1`) ?? '' - expect(code.length).toBe(8) + expect(code.length).toBe(6) expect(mockFetch).toBeCalledTimes(1) diff --git a/server/src/configs/locale.ts b/server/src/configs/locale.ts index 8e09df73..afd7b8d2 100644 --- a/server/src/configs/locale.ts +++ b/server/src/configs/locale.ts @@ -94,8 +94,8 @@ export const validateError = Object.freeze({ fr: 'Le code OTP ne peut être composé que de 6 chiffres.', }, verificationCodeLengthIssue: { - en: 'Verification code can only be 8 characters.', - fr: 'Le code de vérification doit contenir 8 caractères.', + en: 'Verification code can only be 6 characters.', + fr: 'Le code de vérification doit contenir 6 caractères.', }, }) diff --git a/server/src/dtos/identity.ts b/server/src/dtos/identity.ts index 4e2e2dce..dd0499ab 100644 --- a/server/src/dtos/identity.ts +++ b/server/src/dtos/identity.ts @@ -170,8 +170,8 @@ export class PostChangeEmailCodeReqDto extends GetAuthorizeFollowUpReqDto { export class PostChangeEmailReqDto extends PostChangeEmailCodeReqDto { @IsString() @Length( - 8, - 8, + 6, + 6, ) verificationCode: string @@ -216,8 +216,8 @@ export class PostVerifyEmailReqDto { @IsString() @Length( - 8, - 8, + 6, + 6, ) code: string @@ -230,8 +230,8 @@ export class PostVerifyEmailReqDto { export class PostAuthorizeResetReqDto { @IsString() @Length( - 8, - 8, + 6, + 6, ) code: string diff --git a/server/src/services/email.tsx b/server/src/services/email.tsx index fafa6aeb..254b7a26 100644 --- a/server/src/services/email.tsx +++ b/server/src/services/email.tsx @@ -209,7 +209,7 @@ export const sendEmailVerification = async ( if (!user.email) return null checkEmailSetup(c) - const verificationCode = cryptoUtil.genRandom8DigitString() + const verificationCode = cryptoUtil.genRandom6DigitString() const content = ( { checkSmsSetup(c) - const mfaCode = cryptoUtil.genRandom8DigitString() + const mfaCode = cryptoUtil.genRandom6DigitString() const content = `${localeConfig.smsMfaMsg.body[locale]}: ${mfaCode}` const res = await sendSms( diff --git a/server/src/utils/crypto.ts b/server/src/utils/crypto.ts index 414617c8..b239b114 100644 --- a/server/src/utils/crypto.ts +++ b/server/src/utils/crypto.ts @@ -5,8 +5,8 @@ import base32Encode from 'base32-encode' import base32Decode from 'base32-decode' import { AuthorizeCodeChallengeMethod } from 'dtos/oauth' -export const genRandom8DigitString = (): string => { - return (Math.floor(10000000 + Math.random() * 90000000)).toString() +export const genRandom6DigitString = (): string => { + return (Math.floor(100000 + Math.random() * 900000)).toString() } const genRandomBytes = (length: number) => { diff --git a/server/src/views/scripts/validate.ts b/server/src/views/scripts/validate.ts index 1a5083cd..145cdf6d 100644 --- a/server/src/views/scripts/validate.ts +++ b/server/src/views/scripts/validate.ts @@ -6,7 +6,7 @@ import { export const verificationCode = (locale: typeConfig.Locale) => html` var msg; var codeVal = document.getElementById('form-code').value.trim(); - if (codeVal.length !== 8) msg = "${localeConfig.validateError.verificationCodeLengthIssue[locale]}"; + if (codeVal.length !== 6) msg = "${localeConfig.validateError.verificationCodeLengthIssue[locale]}"; if (msg) { var errorEl = document.getElementById('error-code'); errorEl.classList.remove('hidden');