From 34b28c87c14e8e0b55276e5a21b6f5473c436e24 Mon Sep 17 00:00:00 2001 From: Antariksh Date: Fri, 11 Jun 2021 12:01:19 +0800 Subject: [PATCH 1/2] feat(verification): up expiry time to 30min --- .../verification/__tests__/verification.service.spec.ts | 4 ++-- src/app/services/mail/__tests__/mail.service.spec.ts | 3 ++- .../modules/forms/base/componentViews/verifiable-field.html | 2 +- src/shared/util/verification.ts | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/app/modules/verification/__tests__/verification.service.spec.ts b/src/app/modules/verification/__tests__/verification.service.spec.ts index 2d8adaa53e..8a2cf5b428 100644 --- a/src/app/modules/verification/__tests__/verification.service.spec.ts +++ b/src/app/modules/verification/__tests__/verification.service.spec.ts @@ -612,8 +612,8 @@ describe('Verification service', () => { signedData: MOCK_SIGNED_DATA, hashRetries: 0, hashedOtp: MOCK_HASHED_OTP, - // hash created 15min ago - hashCreatedAt: subMinutes(new Date(), 15), + // hash created 60min ago + hashCreatedAt: subMinutes(new Date(), 60), }) const expiredOtpTransaction = await VerificationModel.create({ formId: mockFormId, diff --git a/src/app/services/mail/__tests__/mail.service.spec.ts b/src/app/services/mail/__tests__/mail.service.spec.ts index dc2c8be9bf..38c920d85d 100644 --- a/src/app/services/mail/__tests__/mail.service.spec.ts +++ b/src/app/services/mail/__tests__/mail.service.spec.ts @@ -11,6 +11,7 @@ import { SendAutoReplyEmailsArgs, } from 'src/app/services/mail/mail.types' import * as MailUtils from 'src/app/services/mail/mail.utils' +import { HASH_EXPIRE_AFTER_SECONDS } from 'src/shared/util/verification' import { BounceType, IPopulatedForm, ISubmissionSchema } from 'src/types' const MOCK_VALID_EMAIL = 'to@example.com' @@ -78,7 +79,7 @@ describe('mail.service', () => { html: MailUtils.generateVerificationOtpHtml({ appName: MOCK_APP_NAME, otp: MOCK_OTP, - minutesToExpiry: 10, + minutesToExpiry: HASH_EXPIRE_AFTER_SECONDS / 60, }), headers: { // Hardcode in tests in case something changes this. diff --git a/src/public/modules/forms/base/componentViews/verifiable-field.html b/src/public/modules/forms/base/componentViews/verifiable-field.html index 7ac3a88c64..17e191a573 100644 --- a/src/public/modules/forms/base/componentViews/verifiable-field.html +++ b/src/public/modules/forms/base/componentViews/verifiable-field.html @@ -56,7 +56,7 @@
{{ (vm.field.fieldType === 'mobile' ? 'A text message' : 'An email') + ' with a verification code was just sent to you. The code will be - valid for 10 minutes.' }} + valid for 30 minutes.' }}
diff --git a/src/shared/util/verification.ts b/src/shared/util/verification.ts index f8d5b3f2e6..3f361a96a3 100644 --- a/src/shared/util/verification.ts +++ b/src/shared/util/verification.ts @@ -3,7 +3,7 @@ import { BasicField } from '../../types' export const VERIFIED_FIELDTYPES = [BasicField.Email, BasicField.Mobile] export const SALT_ROUNDS = 10 export const TRANSACTION_EXPIRE_AFTER_SECONDS = 14400 // 4 hours -export const HASH_EXPIRE_AFTER_SECONDS = 600 // 10 minutes +export const HASH_EXPIRE_AFTER_SECONDS = 60 * 30 // 30 minutes export const WAIT_FOR_OTP_SECONDS = 30 /** * WAIT_FOR_OTP_SECONDS tolerance. Server allows OTPs to be requested every From 7c87bf3af16347b630581427bc9223a84846dea3 Mon Sep 17 00:00:00 2001 From: Antariksh Date: Fri, 11 Jun 2021 12:13:22 +0800 Subject: [PATCH 2/2] chore: bump version to 5.13.1 --- CHANGELOG.md | 14 ++++++++------ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 57289854ff..d2d6e9791f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,14 @@ All notable changes to this project will be documented in this file. Dates are d Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). +#### [v5.13.1](https://github.com/opengovsg/FormSG/compare/v5.13.0...v5.13.1) + +- feat(verification): up expiry time to 30min [`34b28c8`](https://github.com/opengovsg/FormSG/commit/34b28c87c14e8e0b55276e5a21b6f5473c436e24) + #### [v5.13.0](https://github.com/opengovsg/FormSG/compare/v5.12.1...v5.13.0) +> 8 June 2021 + - fix: use correct argument key when counting form submissions [`#2101`](https://github.com/opengovsg/FormSG/pull/2101) - chore(adminsubmissionsservice): renamed form to submissions to reflect context [`#2098`](https://github.com/opengovsg/FormSG/pull/2098) - feat: enable retries for webhooks [`#2093`](https://github.com/opengovsg/FormSG/pull/2093) @@ -38,6 +44,7 @@ Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). - fix(deps): update mongoose to 5.12.12, update model types [`#2046`](https://github.com/opengovsg/FormSG/pull/2046) - chore(deps-dev): bump type-fest from 0.20.2 to 1.2.0 [`#2049`](https://github.com/opengovsg/FormSG/pull/2049) - test(betas): provide coverage [`23f9a9f`](https://github.com/opengovsg/FormSG/commit/23f9a9fe9675eab1d25c1983a08a7c76e0139d52) +- chore: bump version to v5.13.0 [`4516bbc`](https://github.com/opengovsg/FormSG/commit/4516bbcaf2ef2d99830cb5abb0ee26e2d53b31c2) #### [v5.12.1](https://github.com/opengovsg/FormSG/compare/v5.12.0...v5.12.1) @@ -88,7 +95,7 @@ Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). - fix(verification): loosen OTP waiting time by 2 seconds [`#1957`](https://github.com/opengovsg/FormSG/pull/1957) - chore: bump version to 5.12.0 [`85759bc`](https://github.com/opengovsg/FormSG/commit/85759bc9dc01f73da3cbd0ec73c636e58e983948) -#### [v5.11.0](https://github.com/opengovsg/FormSG/compare/v5.10.1...v5.11.0) +#### [v5.11.0](https://github.com/opengovsg/FormSG/compare/v5.10.0...v5.11.0) > 25 May 2021 @@ -156,11 +163,6 @@ Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). - chore(deps-dev): bump @typescript-eslint/eslint-plugin [`#1868`](https://github.com/opengovsg/FormSG/pull/1868) - fix(deps): bump @sentry/integrations from 6.3.5 to 6.3.6 [`#1850`](https://github.com/opengovsg/FormSG/pull/1850) - chore: bump version to 5.11.0 [`54b1958`](https://github.com/opengovsg/FormSG/commit/54b1958d0968e670ef145461d9d7859384d573ef) - -#### [v5.10.1](https://github.com/opengovsg/FormSG/compare/v5.10.0...v5.10.1) - -> 17 May 2021 - - chore: bump version to v5.10.1 [`0442cd7`](https://github.com/opengovsg/FormSG/commit/0442cd72637019fb1e43bce5f8f5abe14ee79f8c) - fix: allow for unknown keys in updateEndPage validator [`617d86a`](https://github.com/opengovsg/FormSG/commit/617d86a28910eec6ebd3249a2de636086429d6a6) diff --git a/package-lock.json b/package-lock.json index 12dff19c87..4ac6f2061d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "FormSG", - "version": "5.13.0", + "version": "5.13.1", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 3a0d8fb3dc..7a44e7c5c2 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "FormSG", "description": "Form Manager for Government", - "version": "5.13.0", + "version": "5.13.1", "homepage": "https://form.gov.sg", "authors": [ "FormSG "