chore: Add serverPassword param to endpoints (#2919) [skip e2e]

* chore: send server password param to delete account endpoint * chore: send server password param to disable mfa endpoint * chore: modify tests * chore: force challenge prompt for mfa disable * chore: fix eslint errors * chore: add server passsword to get recovery codes * chore: fix tests * chore: pass server password as header
2025-08-26 09:04:03 -03:00
parent cf4d2196de
commit 54af28aa04
29 changed files with 298 additions and 62 deletions
--- a/packages/api/src/Domain/Client/Auth/AuthApiService.ts
+++ b/packages/api/src/Domain/Client/Auth/AuthApiService.ts
@@ -22,7 +22,9 @@ export class AuthApiService implements AuthApiServiceInterface {
    this.operationsInProgress = new Map()
  }

-  async generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
+  async generateRecoveryCodes(dto: {
+    serverPassword: string
+  }): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
    if (this.operationsInProgress.get(AuthApiOperations.GenerateRecoveryCodes)) {
      throw new ApiCallError(ErrorMessage.GenericInProgress)
    }
@@ -30,7 +32,9 @@ export class AuthApiService implements AuthApiServiceInterface {
    this.operationsInProgress.set(AuthApiOperations.GenerateRecoveryCodes, true)

    try {
-      const response = await this.authServer.generateRecoveryCodes()
+      const response = await this.authServer.generateRecoveryCodes({
+        headers: [{ key: 'x-server-password', value: dto.serverPassword }],
+      })

      return response
    } catch (error) {
--- a/packages/api/src/Domain/Client/Auth/AuthApiServiceInterface.ts
+++ b/packages/api/src/Domain/Client/Auth/AuthApiServiceInterface.ts
@@ -6,7 +6,7 @@ import {
 } from '../../Response'

 export interface AuthApiServiceInterface {
-  generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
+  generateRecoveryCodes(dto: { serverPassword: string }): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
  recoveryKeyParams(dto: {
    username: string
    codeChallenge: string
--- a/packages/api/src/Domain/Client/User/UserApiService.ts
+++ b/packages/api/src/Domain/Client/User/UserApiService.ts
@@ -27,13 +27,19 @@ export class UserApiService implements UserApiServiceInterface {
    this.operationsInProgress = new Map()
  }

-  async deleteAccount(userUuid: string): Promise<HttpResponse<UserDeletionResponseBody>> {
+  async deleteAccount(dto: {
+    userUuid: string
+    serverPassword: string
+  }): Promise<HttpResponse<UserDeletionResponseBody>> {
    this.lockOperation(UserApiOperations.DeletingAccount)

    try {
-      const response = await this.userServer.deleteAccount({
-        userUuid: userUuid,
-      })
+      const response = await this.userServer.deleteAccount(
+        {
+          userUuid: dto.userUuid,
+        },
+        { headers: [{ key: 'x-server-password', value: dto.serverPassword }] },
+      )

      this.unlockOperation(UserApiOperations.DeletingAccount)

--- a/packages/api/src/Domain/Client/User/UserApiServiceInterface.ts
+++ b/packages/api/src/Domain/Client/User/UserApiServiceInterface.ts
@@ -22,5 +22,8 @@ export interface UserApiServiceInterface {
    requestType: UserRequestType
  }): Promise<HttpResponse<UserRequestResponseBody>>

-  deleteAccount(userUuid: string): Promise<HttpResponse<UserDeletionResponseBody>>
+  deleteAccount(dto: {
+    userUuid: string
+    serverPassword: string | undefined
+  }): Promise<HttpResponse<UserDeletionResponseBody>>
 }
--- a/packages/api/src/Domain/Http/HttpService.ts
+++ b/packages/api/src/Domain/Http/HttpService.ts
@@ -91,6 +91,7 @@ export class HttpService implements HttpServiceInterface {
      params,
      verb: HttpVerb.Get,
      authentication: options?.authentication ?? this.getSessionAccessToken(),
+      customHeaders: options?.headers,
    })
  }

@@ -123,6 +124,7 @@ export class HttpService implements HttpServiceInterface {
      params,
      verb: HttpVerb.Put,
      authentication: options?.authentication ?? this.getSessionAccessToken(),
+      customHeaders: options?.headers,
    })
  }

@@ -141,6 +143,7 @@ export class HttpService implements HttpServiceInterface {
      params,
      verb: HttpVerb.Delete,
      authentication: options?.authentication ?? this.getSessionAccessToken(),
+      customHeaders: options?.headers,
    })
  }

--- a/packages/api/src/Domain/Request/Recovery/GenerateRecoveryCodesRequestParams.ts
+++ b/packages/api/src/Domain/Request/Recovery/GenerateRecoveryCodesRequestParams.ts
@@ -0,0 +1,3 @@
+export interface GenerateRecoveryCodesRequestParams {
+  serverPassword: string
+}
--- a/packages/api/src/Domain/Request/index.ts
+++ b/packages/api/src/Domain/Request/index.ts
@@ -2,6 +2,7 @@ export * from './Authenticator/DeleteAuthenticatorRequestParams'
 export * from './Authenticator/GenerateAuthenticatorAuthenticationOptionsRequestParams'
 export * from './Authenticator/ListAuthenticatorsRequestParams'
 export * from './Authenticator/VerifyAuthenticatorRegistrationResponseRequestParams'
+export * from './Recovery/GenerateRecoveryCodesRequestParams'
 export * from './Recovery/RecoveryKeyParamsRequestParams'
 export * from './Recovery/SignInWithRecoveryCodesRequestParams'
 export * from './Revision/DeleteRevisionRequestParams'
--- a/packages/api/src/Domain/Server/Auth/AuthServer.ts
+++ b/packages/api/src/Domain/Server/Auth/AuthServer.ts
@@ -8,12 +8,13 @@ import {
 } from '../../Response'
 import { AuthServerInterface } from './AuthServerInterface'
 import { Paths } from './Paths'
+import { HttpRequestOptions } from '../../Http/HttpRequestOptions'

 export class AuthServer implements AuthServerInterface {
  constructor(private httpService: HttpServiceInterface) {}

-  async generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
-    return this.httpService.post(Paths.v1.generateRecoveryCodes)
+  async generateRecoveryCodes(options?: HttpRequestOptions): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
+    return this.httpService.post(Paths.v1.generateRecoveryCodes, undefined, options)
  }

  async recoveryKeyParams(
--- a/packages/api/src/Domain/Server/Auth/AuthServerInterface.ts
+++ b/packages/api/src/Domain/Server/Auth/AuthServerInterface.ts
@@ -5,9 +5,10 @@ import {
  RecoveryKeyParamsResponseBody,
  SignInWithRecoveryCodesResponseBody,
 } from '../../Response'
+import { HttpRequestOptions } from '../../Http/HttpRequestOptions'

 export interface AuthServerInterface {
-  generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
+  generateRecoveryCodes(options?: HttpRequestOptions): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
  recoveryKeyParams(params: RecoveryKeyParamsRequestParams): Promise<HttpResponse<RecoveryKeyParamsResponseBody>>
  signInWithRecoveryCodes(
    params: SignInWithRecoveryCodesRequestParams,
--- a/packages/api/src/Domain/Server/User/UserServer.ts
+++ b/packages/api/src/Domain/Server/User/UserServer.ts
@@ -8,12 +8,16 @@ import { UserRegistrationResponseBody } from '../../Response/User/UserRegistrati
 import { Paths } from './Paths'
 import { UserServerInterface } from './UserServerInterface'
 import { UserUpdateRequestParams } from '../../Request/User/UserUpdateRequestParams'
+import { HttpRequestOptions } from '../../Http/HttpRequestOptions'

 export class UserServer implements UserServerInterface {
  constructor(private httpService: HttpServiceInterface) {}

-  async deleteAccount(params: UserDeletionRequestParams): Promise<HttpResponse<UserDeletionResponseBody>> {
-    return this.httpService.delete(Paths.v1.deleteAccount(params.userUuid), params)
+  async deleteAccount(
+    params: UserDeletionRequestParams,
+    options?: HttpRequestOptions,
+  ): Promise<HttpResponse<UserDeletionResponseBody>> {
+    return this.httpService.delete(Paths.v1.deleteAccount(params.userUuid), params, options)
  }

  async register(params: UserRegistrationRequestParams): Promise<HttpResponse<UserRegistrationResponseBody>> {
--- a/packages/api/src/Domain/Server/User/UserServerInterface.ts
+++ b/packages/api/src/Domain/Server/User/UserServerInterface.ts
@@ -5,9 +5,13 @@ import { UserDeletionResponseBody } from '../../Response/User/UserDeletionRespon
 import { UserRegistrationResponseBody } from '../../Response/User/UserRegistrationResponseBody'
 import { UserUpdateResponse } from '../../Response/User/UserUpdateResponse'
 import { UserUpdateRequestParams } from '../../Request/User/UserUpdateRequestParams'
+import { HttpRequestOptions } from '../../Http/HttpRequestOptions'

 export interface UserServerInterface {
  register(params: UserRegistrationRequestParams): Promise<HttpResponse<UserRegistrationResponseBody>>
-  deleteAccount(params: UserDeletionRequestParams): Promise<HttpResponse<UserDeletionResponseBody>>
+  deleteAccount(
+    params: UserDeletionRequestParams,
+    options?: HttpRequestOptions,
+  ): Promise<HttpResponse<UserDeletionResponseBody>>
  update(params: UserUpdateRequestParams): Promise<HttpResponse<UserUpdateResponse>>
 }