From 7fa61b64361ee8b9ad4ec54dd4ec1e9f6036360f Mon Sep 17 00:00:00 2001 From: Evert Pot Date: Thu, 25 Jul 2024 23:17:08 -0400 Subject: [PATCH] Allow 'generate-token' to create identity-specific tokens. --- schemas/verification-token-generate.json | 5 +++++ src/api-types.ts | 4 ++++ src/services.ts | 2 ++ src/verification-token/controller/generate.ts | 15 ++++++++++----- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/schemas/verification-token-generate.json b/schemas/verification-token-generate.json index b535e609..29442b9d 100644 --- a/schemas/verification-token-generate.json +++ b/schemas/verification-token-generate.json @@ -11,6 +11,11 @@ "expiresIn": { "description": "Specify how long the token is valid for, in seconds.", "type": "number" + }, + "identity": { + "description": "If set, the token will be associated with a specific email address or phone number. When this token is validated later, the email address or phone number will be marked as 'verified' for the user.", + "type": "string", + "format": "uri" } } } diff --git a/src/api-types.ts b/src/api-types.ts index 666d08ad..1eb905c6 100644 --- a/src/api-types.ts +++ b/src/api-types.ts @@ -328,4 +328,8 @@ export interface VerificationTokenGenerateRequest { * Specify how long the token is valid for, in seconds. */ expiresIn?: number; + /** + * If set, the token will be associated with a specific email address or phone number. When this token is validated later, the email address or phone number will be marked as 'verified' for the user. + */ + identity?: string; } diff --git a/src/services.ts b/src/services.ts index 3652e627..e5e551ee 100644 --- a/src/services.ts +++ b/src/services.ts @@ -5,3 +5,5 @@ export * as privilege from './privilege/service.js'; export * as resetPassword from './reset-password/service.js'; export * as log from './log/service.js'; export * as appClient from './app-client/service.js'; +export * as oauth2 from './oauth2/service.js'; +export * as verificationToken from './verification-token/service.js'; diff --git a/src/verification-token/controller/generate.ts b/src/verification-token/controller/generate.ts index 75f6f6b3..a51a29d5 100644 --- a/src/verification-token/controller/generate.ts +++ b/src/verification-token/controller/generate.ts @@ -1,10 +1,9 @@ import Controller from '@curveball/controller'; import { Context } from '@curveball/core'; -import { PrincipalService } from '../../principal/service.js'; -import { createToken } from '../service.js'; import * as hal from '../formats/hal.js'; import { resolve } from 'url'; import { VerificationTokenGenerateRequest } from '../../api-types.js'; +import * as services from '../../services.js'; class OneTimeTokenController extends Controller { @@ -13,13 +12,19 @@ class OneTimeTokenController extends Controller { ctx.request.validate('https://curveballjs.org/schemas/a12nserver/verification-token-generate.json'); ctx.privileges.require('a12n:one-time-token:generate'); - const principalService = new PrincipalService(ctx.privileges); + const principalService = new services.principal.PrincipalService(ctx.privileges); const user = await principalService.findByExternalId(ctx.params.id, 'user'); - const token = await createToken( + let identity = null; + + if (ctx.request.body.identity) { + identity = await services.principalIdentity.findByUri(user, ctx.request.body.identity); + } + + const token = await services.verificationToken.createToken( user, ctx.request.body.expiresIn ?? null, - null, + identity, ); const url = resolve(ctx.request.origin, 'reset-password/token/' + token.token);