delay default response body write for *Request hooks wrapped in a transaction

2025-11-30 00:58:30 +02:00 · 2025-04-27 16:25:51 +03:00
parent 1a3efe96ac
commit dc350f0a3e
38 changed files with 759 additions and 149 deletions
--- a/apis/record_auth_with_otp_test.go
+++ b/apis/record_auth_with_otp_test.go
@@ -419,6 +419,53 @@ func TestRecordAuthWithOTP(t *testing.T) {
 				}
 			},
 		},
+		{
+			Name:   "OnRecordAuthWithOTPRequest tx body write check",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/auth-with-otp",
+			Body: strings.NewReader(`{
+				"otpId":"` + strings.Repeat("a", 15) + `",
+				"password":"123456"
+			}`),
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				user, err := app.FindAuthRecordByEmail("users", "test@example.com")
+				if err != nil {
+					t.Fatal(err)
+				}
+
+				// disable MFA
+				user.Collection().MFA.Enabled = false
+				if err = app.Save(user.Collection()); err != nil {
+					t.Fatal(err)
+				}
+
+				otp := core.NewOTP(app)
+				otp.Id = strings.Repeat("a", 15)
+				otp.SetCollectionRef(user.Collection().Id)
+				otp.SetRecordRef(user.Id)
+				otp.SetPassword("123456")
+				if err := app.Save(otp); err != nil {
+					t.Fatal(err)
+				}
+
+				app.OnRecordAuthWithOTPRequest().BindFunc(func(e *core.RecordAuthWithOTPRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordAuthWithOTPRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},

 		// rate limit checks
 		// -----------------------------------------------------------