otp changes - added sentTo field, allow e.Record to be nil when requesting OTP, etc.

2025-11-28 08:47:55 +02:00 · 2024-11-13 18:34:43 +02:00
parent 10a5c685ab
commit 9f606bdeca
12 changed files with 339 additions and 27 deletions
--- a/apis/record_auth_otp_request_test.go
+++ b/apis/record_auth_otp_request_test.go
@@ -86,7 +86,10 @@ func TestRecordRequestOTP(t *testing.T) {
 			ExpectedContent: []string{
 				`"otpId":"`, // some fake random generated string
 			},
-			ExpectedEvents: map[string]int{"*": 0},
+			ExpectedEvents: map[string]int{
+				"*":                         0,
+				"OnRecordRequestOTPRequest": 1,
+			},
 			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
 				if app.TestMailer.TotalSend() != 0 {
 					t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend())
@@ -137,6 +140,57 @@ func TestRecordRequestOTP(t *testing.T) {
 				"OnModelCreate":              1,
 				"OnModelCreateExecute":       1,
 				"OnModelAfterCreateSuccess":  1,
+				"OnModelValidate":            2, // + 1 for the OTP update after the email send
+				"OnRecordCreate":             1,
+				"OnRecordCreateExecute":      1,
+				"OnRecordAfterCreateSuccess": 1,
+				"OnRecordValidate":           2,
+				// OTP update
+				"OnModelUpdate":              1,
+				"OnModelUpdateExecute":       1,
+				"OnModelAfterUpdateSuccess":  1,
+				"OnRecordUpdate":             1,
+				"OnRecordUpdateExecute":      1,
+				"OnRecordAfterUpdateSuccess": 1,
+			},
+			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
+				if app.TestMailer.TotalSend() != 1 {
+					t.Fatalf("Expected 1 email, got %d", app.TestMailer.TotalSend())
+				}
+
+				// ensure that sentTo is set
+				otps, err := app.FindRecordsByFilter(core.CollectionNameOTPs, "sentTo='test@example.com'", "", 0, 0)
+				if err != nil || len(otps) != 1 {
+					t.Fatalf("Expected to find 1 OTP with sentTo %q, found %d", "test@example.com", len(otps))
+				}
+			},
+		},
+		{
+			Name:   "existing auth record with intercepted email (with < 9 non-expired)",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/request-otp",
+			Body:   strings.NewReader(`{"email":"test@example.com"}`),
+			Delay:  100 * time.Millisecond,
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				// prevent email sent
+				app.OnMailerRecordOTPSend("users").BindFunc(func(e *core.MailerRecordEvent) error {
+					return nil
+				})
+			},
+			ExpectedStatus: 200,
+			ExpectedContent: []string{
+				`"otpId":"`,
+			},
+			NotExpectedContent: []string{
+				`"otpId":"otp_`,
+			},
+			ExpectedEvents: map[string]int{
+				"*":                          0,
+				"OnRecordRequestOTPRequest":  1,
+				"OnMailerRecordOTPSend":      1,
+				"OnModelCreate":              1,
+				"OnModelCreateExecute":       1,
+				"OnModelAfterCreateSuccess":  1,
 				"OnModelValidate":            1,
 				"OnRecordCreate":             1,
 				"OnRecordCreateExecute":      1,
@@ -144,8 +198,14 @@ func TestRecordRequestOTP(t *testing.T) {
 				"OnRecordValidate":           1,
 			},
 			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
-				if app.TestMailer.TotalSend() != 1 {
-					t.Fatalf("Expected 1 email, got %d", app.TestMailer.TotalSend())
+				if app.TestMailer.TotalSend() != 0 {
+					t.Fatalf("Expected 0 emails, got %d", app.TestMailer.TotalSend())
+				}
+
+				// ensure that there is no OTP with user email as sentTo
+				otps, err := app.FindRecordsByFilter(core.CollectionNameOTPs, "sentTo='test@example.com'", "", 0, 0)
+				if err != nil || len(otps) != 0 {
+					t.Fatalf("Expected to find 0 OTPs with sentTo %q, found %d", "test@example.com", len(otps))
 				}
 			},
 		},