-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: migrate /auth endpoint handling to Typescript #215
Conversation
This is so that this function can be repurposed to also fetch the agency whilst validating.
# Conflicts: # src/app/controllers/authentication.server.controller.js # src/app/modules/user/user.service.ts # src/loaders/express/index.ts
# Conflicts: # src/app/controllers/authentication.server.controller.js
# Conflicts: # src/app/controllers/authentication.server.controller.js # src/app/routes/authentication.server.routes.js # src/loaders/express/index.ts # tests/unit/backend/controllers/authentication.server.controller.spec.js
Ready for review. Please don't be scared by the high line count, it's just because it has a lot of new tests. |
|
if (verifyErr) { | ||
logger.warn({ | ||
message: | ||
verifyErr instanceof InvalidOtpError | ||
? 'Login OTP is invalid' | ||
: 'Error occurred when trying to validate login OTP', | ||
meta: logMeta, | ||
error: verifyErr, | ||
}) | ||
|
||
if (verifyErr instanceof InvalidOtpError) { | ||
return res.status(verifyErr.status).send(verifyErr.message) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (verifyErr) { | |
logger.warn({ | |
message: | |
verifyErr instanceof InvalidOtpError | |
? 'Login OTP is invalid' | |
: 'Error occurred when trying to validate login OTP', | |
meta: logMeta, | |
error: verifyErr, | |
}) | |
if (verifyErr instanceof InvalidOtpError) { | |
return res.status(verifyErr.status).send(verifyErr.message) | |
} | |
if (verifyErr) { | |
logger.warn({ | |
message: | |
verifyErr instanceof InvalidOtpError | |
? 'Login OTP is invalid' | |
: 'Error occurred when trying to validate login OTP', | |
meta: logMeta, | |
error: verifyErr, | |
return res.status(verifyErr.status).send(verifyErr.message) | |
} |
Would this be safer? Although we have tests, I would like to minimise the chance of a future engineer refactoring wrongly or introducing a vulnerability to the login.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will change the check to instanceof ApplicationError
, and all known errors should be an ApplicationError. However, we will still need the check, since normal errors don't have err.status
.
EDIT: Updated the check in 9db99b4
|
||
// OTP is valid, proceed to login user. | ||
try { | ||
const agency = await AuthService.getAgencyWithEmail(email) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here we see that the middleware pattern with validateDomain
results in an additional network call to the database to fetch the agency object again. can we revisit our discussion? because (1) adhering to a pattern at the cost of performance seems dogmatic, and (2) the controller can help to set the context in which an agency lookup failure occurs, so duplicate logging may not be a real issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can discuss after syncup later; but I also agree. I've experimented with passing agency into locals like before in b6a48db; seems like the best way to save some db calls. Take a look.
This prevents developers from using ApplicationError directly and are forced to extend from the class (in Typescript).
# Conflicts: # src/app/controllers/authentication.server.controller.js
# Conflicts: # src/app/models/user.server.model.ts
Problem
This PR tries to encapsulate the
/auth
route under a newauth
module located inmodules/auth
.The first Typescript integration tests are also written for
auth.routes
, using a new testing directory directly inside the module folder for closer integration. The varioustsconfig
andeslintrc
files has been updated to accommodate this change.Related to #144
Solution
Features:
auth
module containingauth/auth.route
auth/auth.middlewares
auth/auth.controller
auth/auth.service
auth/auth.errors
Improvements:
Tests
Add unit tests for:
auth/auth.middlewares
auth/auth.controller
auth/auth.service
Add integration tests for:
auth/auth.route
Release Tests
<youremail>[email protected]