feat(snjs): add authenticator use cases (#2145)
* feat(snjs): add authenticator use case * feat(snjs): add use cases for listing, deleting and verifying authenticators * fix(snjs): spec for deleting authenticator
This commit is contained in:
Karol Sójko
@@ -1,12 +1,14 @@
|
||||
import { Username, Uuid } from '@standardnotes/domain-core'
|
||||
|
||||
export interface AuthenticatorClientInterface {
|
||||
list(): Promise<Array<{ id: string; name: string }>>
|
||||
delete(authenticatorId: string): Promise<boolean>
|
||||
generateRegistrationOptions(userUuid: string, username: string): Promise<Record<string, unknown> | null>
|
||||
delete(authenticatorId: Uuid): Promise<boolean>
|
||||
generateRegistrationOptions(userUuid: Uuid, username: Username): Promise<Record<string, unknown> | null>
|
||||
verifyRegistrationResponse(
|
||||
userUuid: string,
|
||||
userUuid: Uuid,
|
||||
name: string,
|
||||
registrationCredential: Record<string, unknown>,
|
||||
): Promise<boolean>
|
||||
generateAuthenticationOptions(): Promise<Record<string, unknown> | null>
|
||||
verifyAuthenticationResponse(userUuid: string, authenticationCredential: Record<string, unknown>): Promise<boolean>
|
||||
verifyAuthenticationResponse(userUuid: Uuid, authenticationCredential: Record<string, unknown>): Promise<boolean>
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
/* istanbul ignore file */
|
||||
|
||||
import { AuthenticatorApiServiceInterface } from '@standardnotes/api'
|
||||
import { Username, Uuid } from '@standardnotes/domain-core'
|
||||
|
||||
import { InternalEventBusInterface } from '../Internal/InternalEventBusInterface'
|
||||
import { AbstractService } from '../Service/AbstractService'
|
||||
@@ -28,9 +29,9 @@ export class AuthenticatorManager extends AbstractService implements Authenticat
|
||||
}
|
||||
}
|
||||
|
||||
async delete(authenticatorId: string): Promise<boolean> {
|
||||
async delete(authenticatorId: Uuid): Promise<boolean> {
|
||||
try {
|
||||
const result = await this.authenticatorApiService.delete(authenticatorId)
|
||||
const result = await this.authenticatorApiService.delete(authenticatorId.value)
|
||||
|
||||
if (result.data.error) {
|
||||
return false
|
||||
@@ -42,9 +43,9 @@ export class AuthenticatorManager extends AbstractService implements Authenticat
|
||||
}
|
||||
}
|
||||
|
||||
async generateRegistrationOptions(userUuid: string, username: string): Promise<Record<string, unknown> | null> {
|
||||
async generateRegistrationOptions(userUuid: Uuid, username: Username): Promise<Record<string, unknown> | null> {
|
||||
try {
|
||||
const result = await this.authenticatorApiService.generateRegistrationOptions(userUuid, username)
|
||||
const result = await this.authenticatorApiService.generateRegistrationOptions(userUuid.value, username.value)
|
||||
|
||||
if (result.data.error) {
|
||||
return null
|
||||
@@ -57,13 +58,13 @@ export class AuthenticatorManager extends AbstractService implements Authenticat
|
||||
}
|
||||
|
||||
async verifyRegistrationResponse(
|
||||
userUuid: string,
|
||||
userUuid: Uuid,
|
||||
name: string,
|
||||
registrationCredential: Record<string, unknown>,
|
||||
): Promise<boolean> {
|
||||
try {
|
||||
const result = await this.authenticatorApiService.verifyRegistrationResponse(
|
||||
userUuid,
|
||||
userUuid.value,
|
||||
name,
|
||||
registrationCredential,
|
||||
)
|
||||
@@ -93,11 +94,14 @@ export class AuthenticatorManager extends AbstractService implements Authenticat
|
||||
}
|
||||
|
||||
async verifyAuthenticationResponse(
|
||||
userUuid: string,
|
||||
userUuid: Uuid,
|
||||
authenticationCredential: Record<string, unknown>,
|
||||
): Promise<boolean> {
|
||||
try {
|
||||
const result = await this.authenticatorApiService.verifyAuthenticationResponse(userUuid, authenticationCredential)
|
||||
const result = await this.authenticatorApiService.verifyAuthenticationResponse(
|
||||
userUuid.value,
|
||||
authenticationCredential,
|
||||
)
|
||||
|
||||
if (result.data.error) {
|
||||
return false
|
||||
|
||||
@@ -1,9 +1,7 @@
|
||||
import {
|
||||
AuthApiService,
|
||||
AuthenticatorApiService,
|
||||
AuthenticatorApiServiceInterface,
|
||||
AuthenticatorServer,
|
||||
AuthenticatorServerInterface,
|
||||
AuthServer,
|
||||
HttpService,
|
||||
HttpServiceInterface,
|
||||
@@ -98,6 +96,10 @@ import { LegacySessionStorageMapper } from '@Lib/Services/Mapping/LegacySessionS
|
||||
import { SignInWithRecoveryCodes } from '@Lib/Domain/UseCase/SignInWithRecoveryCodes/SignInWithRecoveryCodes'
|
||||
import { UseCaseContainerInterface } from '@Lib/Domain/UseCase/UseCaseContainerInterface'
|
||||
import { GetRecoveryCodes } from '@Lib/Domain/UseCase/GetRecoveryCodes/GetRecoveryCodes'
|
||||
import { AddAuthenticator } from '@Lib/Domain/UseCase/AddAuthenticator/AddAuthenticator'
|
||||
import { ListAuthenticators } from '@Lib/Domain/UseCase/ListAuthenticators/ListAuthenticators'
|
||||
import { DeleteAuthenticator } from '@Lib/Domain/UseCase/DeleteAuthenticator/DeleteAuthenticator'
|
||||
import { VerifyAuthenticator } from '@Lib/Domain/UseCase/VerifyAuthenticator/VerifyAuthenticator'
|
||||
|
||||
/** How often to automatically sync, in milliseconds */
|
||||
const DEFAULT_AUTO_SYNC_INTERVAL = 30_000
|
||||
@@ -172,13 +174,15 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
|
||||
private filesBackupService?: FilesBackupService
|
||||
private declare sessionStorageMapper: MapperInterface<Session, Record<string, unknown>>
|
||||
private declare legacySessionStorageMapper: MapperInterface<LegacySession, Record<string, unknown>>
|
||||
private declare authenticatorApiService: AuthenticatorApiServiceInterface
|
||||
private declare authenticatorServer: AuthenticatorServerInterface
|
||||
private declare authenticatorManager: AuthenticatorClientInterface
|
||||
private declare authManager: AuthClientInterface
|
||||
|
||||
private declare _signInWithRecoveryCodes: SignInWithRecoveryCodes
|
||||
private declare _getRecoveryCodes: GetRecoveryCodes
|
||||
private declare _addAuthenticator: AddAuthenticator
|
||||
private declare _listAuthenticators: ListAuthenticators
|
||||
private declare _deleteAuthenticator: DeleteAuthenticator
|
||||
private declare _verifyAuthenticator: VerifyAuthenticator
|
||||
|
||||
private internalEventBus!: ExternalServices.InternalEventBusInterface
|
||||
|
||||
@@ -269,6 +273,22 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
|
||||
return this._getRecoveryCodes
|
||||
}
|
||||
|
||||
get addAuthenticator(): UseCaseInterface<void> {
|
||||
return this._addAuthenticator
|
||||
}
|
||||
|
||||
get listAuthenticators(): UseCaseInterface<Array<{ id: string; name: string }>> {
|
||||
return this._listAuthenticators
|
||||
}
|
||||
|
||||
get deleteAuthenticator(): UseCaseInterface<void> {
|
||||
return this._deleteAuthenticator
|
||||
}
|
||||
|
||||
get verifyAuthenticator(): UseCaseInterface<void> {
|
||||
return this._verifyAuthenticator
|
||||
}
|
||||
|
||||
public get files(): FilesClientInterface {
|
||||
return this.fileService
|
||||
}
|
||||
@@ -1166,8 +1186,6 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
|
||||
this.createMutatorService()
|
||||
this.createListedService()
|
||||
this.createActionsManager()
|
||||
this.createAuthenticatorServer()
|
||||
this.createAuthenticatorApiService()
|
||||
this.createAuthenticatorManager()
|
||||
this.createAuthManager()
|
||||
|
||||
@@ -1219,12 +1237,14 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
|
||||
;(this.statusService as unknown) = undefined
|
||||
;(this.sessionStorageMapper as unknown) = undefined
|
||||
;(this.legacySessionStorageMapper as unknown) = undefined
|
||||
;(this.authenticatorApiService as unknown) = undefined
|
||||
;(this.authenticatorServer as unknown) = undefined
|
||||
;(this.authenticatorManager as unknown) = undefined
|
||||
;(this.authManager as unknown) = undefined
|
||||
;(this._signInWithRecoveryCodes as unknown) = undefined
|
||||
;(this._getRecoveryCodes as unknown) = undefined
|
||||
;(this._addAuthenticator as unknown) = undefined
|
||||
;(this._listAuthenticators as unknown) = undefined
|
||||
;(this._deleteAuthenticator as unknown) = undefined
|
||||
;(this._verifyAuthenticator as unknown) = undefined
|
||||
|
||||
this.services = []
|
||||
}
|
||||
@@ -1754,16 +1774,12 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
|
||||
this.services.push(this.statusService)
|
||||
}
|
||||
|
||||
private createAuthenticatorServer() {
|
||||
this.authenticatorServer = new AuthenticatorServer(this.httpService)
|
||||
}
|
||||
|
||||
private createAuthenticatorApiService() {
|
||||
this.authenticatorApiService = new AuthenticatorApiService(this.authenticatorServer)
|
||||
}
|
||||
|
||||
private createAuthenticatorManager() {
|
||||
this.authenticatorManager = new AuthenticatorManager(this.authenticatorApiService, this.internalEventBus)
|
||||
const authenticatorServer = new AuthenticatorServer(this.httpService)
|
||||
|
||||
const authenticatorApiService = new AuthenticatorApiService(authenticatorServer)
|
||||
|
||||
this.authenticatorManager = new AuthenticatorManager(authenticatorApiService, this.internalEventBus)
|
||||
}
|
||||
|
||||
private createAuthManager() {
|
||||
@@ -1785,5 +1801,19 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
|
||||
)
|
||||
|
||||
this._getRecoveryCodes = new GetRecoveryCodes(this.authManager, this.settingsService)
|
||||
|
||||
this._addAuthenticator = new AddAuthenticator(
|
||||
this.authenticatorManager,
|
||||
this.options.u2fAuthenticatorRegistrationPromptFunction,
|
||||
)
|
||||
|
||||
this._listAuthenticators = new ListAuthenticators(this.authenticatorManager)
|
||||
|
||||
this._deleteAuthenticator = new DeleteAuthenticator(this.authenticatorManager)
|
||||
|
||||
this._verifyAuthenticator = new VerifyAuthenticator(
|
||||
this.authenticatorManager,
|
||||
this.options.u2fAuthenticatorVerificationPromptFunction,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,4 +17,24 @@ export interface ApplicationOptionalConfiguratioOptions {
|
||||
* URL for WebSocket providing permissions and roles information.
|
||||
*/
|
||||
webSocketUrl?: string
|
||||
|
||||
/**
|
||||
* 3rd party library function for prompting U2F authenticator device registration
|
||||
*
|
||||
* @param registrationOptions - Registration options generated by the server
|
||||
* @returns authenticator device response
|
||||
*/
|
||||
u2fAuthenticatorRegistrationPromptFunction?: (
|
||||
registrationOptions: Record<string, unknown>,
|
||||
) => Promise<Record<string, unknown>>
|
||||
|
||||
/**
|
||||
* 3rd party library function for prompting U2F authenticator device authentication
|
||||
*
|
||||
* @param registrationOptions - Registration options generated by the server
|
||||
* @returns authenticator device response
|
||||
*/
|
||||
u2fAuthenticatorVerificationPromptFunction?: (
|
||||
authenticationOptions: Record<string, unknown>,
|
||||
) => Promise<Record<string, unknown>>
|
||||
}
|
||||
|
||||
@@ -0,0 +1,146 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
import { AddAuthenticator } from './AddAuthenticator'
|
||||
|
||||
describe('AddAuthenticator', () => {
|
||||
let authenticatorClient: AuthenticatorClientInterface
|
||||
let authenticatorRegistrationPromptFunction: (
|
||||
registrationOptions: Record<string, unknown>,
|
||||
) => Promise<Record<string, unknown>>
|
||||
|
||||
|
||||
const createUseCase = () => new AddAuthenticator(authenticatorClient, authenticatorRegistrationPromptFunction)
|
||||
|
||||
beforeEach(() => {
|
||||
authenticatorClient = {} as jest.Mocked<AuthenticatorClientInterface>
|
||||
authenticatorClient.generateRegistrationOptions = jest.fn().mockReturnValue({ foo: 'bar' })
|
||||
authenticatorClient.verifyRegistrationResponse = jest.fn().mockReturnValue(true)
|
||||
|
||||
authenticatorRegistrationPromptFunction = jest.fn()
|
||||
})
|
||||
|
||||
it('should return error if userUuid is invalid', async () => {
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: 'invalid',
|
||||
username: 'username',
|
||||
authenticatorName: 'authenticatorName',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator registration options: Given value is not a valid uuid: invalid')
|
||||
})
|
||||
|
||||
it('should return error if username is invalid', async () => {
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: '',
|
||||
authenticatorName: 'authenticatorName',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator registration options: Username cannot be empty')
|
||||
})
|
||||
|
||||
it('should return error if authenticatorName is invalid', async () => {
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: 'username',
|
||||
authenticatorName: '',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator registration options: Given value is empty: ')
|
||||
})
|
||||
|
||||
it('should return error if registration options are null', async () => {
|
||||
authenticatorClient.generateRegistrationOptions = jest.fn().mockReturnValue(null)
|
||||
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: 'username',
|
||||
authenticatorName: 'authenticator',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator registration options')
|
||||
})
|
||||
|
||||
it('should return error if authenticatorRegistrationPromptFunction throws', async () => {
|
||||
authenticatorRegistrationPromptFunction = jest.fn().mockRejectedValue(new Error('error'))
|
||||
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: 'username',
|
||||
authenticatorName: 'authenticator',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator registration options: error')
|
||||
})
|
||||
|
||||
it('should return error if authenticatorRegistrationPromptFunction throws InvalidStateError', async () => {
|
||||
const error = new Error('error')
|
||||
error.name = 'InvalidStateError'
|
||||
authenticatorRegistrationPromptFunction = jest.fn().mockRejectedValue(error)
|
||||
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: 'username',
|
||||
authenticatorName: 'authenticator',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Authenticator was probably already registered by user')
|
||||
})
|
||||
|
||||
it('should return error if registration response verification returns false', async () => {
|
||||
authenticatorClient.verifyRegistrationResponse = jest.fn().mockReturnValue(false)
|
||||
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: 'username',
|
||||
authenticatorName: 'authenticator',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not verify authenticator registration response')
|
||||
})
|
||||
|
||||
it('should register an authenticator', async () => {
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: 'username',
|
||||
authenticatorName: 'authenticator',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(false)
|
||||
})
|
||||
|
||||
it('should return error if authenticator registration prompt function is not passed', async () => {
|
||||
const useCase = new AddAuthenticator(authenticatorClient)
|
||||
|
||||
const result = await useCase.execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
username: 'username',
|
||||
authenticatorName: 'authenticator',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator registration options: No authenticator registration prompt function provided')
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,67 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
import { Result, UseCaseInterface, Username, Uuid, Validator } from '@standardnotes/domain-core'
|
||||
|
||||
import { AddAuthenticatorDTO } from './AddAuthenticatorDTO'
|
||||
|
||||
export class AddAuthenticator implements UseCaseInterface<void> {
|
||||
constructor(
|
||||
private authenticatorClient: AuthenticatorClientInterface,
|
||||
private authenticatorRegistrationPromptFunction?: (
|
||||
registrationOptions: Record<string, unknown>,
|
||||
) => Promise<Record<string, unknown>>,
|
||||
) {}
|
||||
|
||||
async execute(dto: AddAuthenticatorDTO): Promise<Result<void>> {
|
||||
if (!this.authenticatorRegistrationPromptFunction) {
|
||||
return Result.fail(
|
||||
'Could not generate authenticator registration options: No authenticator registration prompt function provided',
|
||||
)
|
||||
}
|
||||
|
||||
const userUuidOrError = Uuid.create(dto.userUuid)
|
||||
if (userUuidOrError.isFailed()) {
|
||||
return Result.fail(`Could not generate authenticator registration options: ${userUuidOrError.getError()}`)
|
||||
}
|
||||
const userUuid = userUuidOrError.getValue()
|
||||
|
||||
const usernameOrError = Username.create(dto.username)
|
||||
if (usernameOrError.isFailed()) {
|
||||
return Result.fail(`Could not generate authenticator registration options: ${usernameOrError.getError()}`)
|
||||
}
|
||||
const username = usernameOrError.getValue()
|
||||
|
||||
const authenticatorNameValidatorResult = Validator.isNotEmpty(dto.authenticatorName)
|
||||
if (authenticatorNameValidatorResult.isFailed()) {
|
||||
return Result.fail(
|
||||
`Could not generate authenticator registration options: ${authenticatorNameValidatorResult.getError()}`,
|
||||
)
|
||||
}
|
||||
|
||||
const registrationOptions = await this.authenticatorClient.generateRegistrationOptions(userUuid, username)
|
||||
if (registrationOptions === null) {
|
||||
return Result.fail('Could not generate authenticator registration options')
|
||||
}
|
||||
|
||||
let authenticatorResponse
|
||||
try {
|
||||
authenticatorResponse = await this.authenticatorRegistrationPromptFunction(registrationOptions)
|
||||
} catch (error) {
|
||||
if ((error as Error).name === 'InvalidStateError') {
|
||||
return Result.fail('Authenticator was probably already registered by user')
|
||||
} else {
|
||||
return Result.fail(`Could not generate authenticator registration options: ${(error as Error).message}`)
|
||||
}
|
||||
}
|
||||
|
||||
const verificationResponse = await this.authenticatorClient.verifyRegistrationResponse(
|
||||
userUuid,
|
||||
dto.authenticatorName,
|
||||
authenticatorResponse,
|
||||
)
|
||||
if (!verificationResponse) {
|
||||
return Result.fail('Could not verify authenticator registration response')
|
||||
}
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
export interface AddAuthenticatorDTO {
|
||||
userUuid: string
|
||||
username: string
|
||||
authenticatorName: string
|
||||
}
|
||||
@@ -0,0 +1,41 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
|
||||
import { DeleteAuthenticator } from './DeleteAuthenticator'
|
||||
|
||||
describe('DeleteAuthenticator', () => {
|
||||
let authenticatorClient: AuthenticatorClientInterface
|
||||
|
||||
const createUseCase = () => new DeleteAuthenticator(authenticatorClient)
|
||||
|
||||
beforeEach(() => {
|
||||
authenticatorClient = {} as jest.Mocked<AuthenticatorClientInterface>
|
||||
authenticatorClient.delete = jest.fn().mockReturnValue(true)
|
||||
})
|
||||
|
||||
it('should delete authenticator', async () => {
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({ authenticatorId: '00000000-0000-0000-0000-000000000000' })
|
||||
|
||||
expect(result.isFailed()).toBe(false)
|
||||
})
|
||||
|
||||
it('should fail if authenticator id is invalid', async () => {
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({ authenticatorId: 'invalid' })
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not delete authenticator: Given value is not a valid uuid: invalid')
|
||||
})
|
||||
|
||||
it('should fail if authenticator client fails to delete authenticator', async () => {
|
||||
authenticatorClient.delete = jest.fn().mockReturnValue(false)
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute({ authenticatorId: '00000000-0000-0000-0000-000000000000' })
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not delete authenticator')
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,23 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
import { Result, UseCaseInterface, Uuid } from '@standardnotes/domain-core'
|
||||
|
||||
import { DeleteAuthenticatorDTO } from './DeleteAuthenticatorDTO'
|
||||
|
||||
export class DeleteAuthenticator implements UseCaseInterface<void> {
|
||||
constructor(private authenticatorClient: AuthenticatorClientInterface) {}
|
||||
|
||||
async execute(dto: DeleteAuthenticatorDTO): Promise<Result<void>> {
|
||||
const authenticatorIdOrError = Uuid.create(dto.authenticatorId)
|
||||
if (authenticatorIdOrError.isFailed()) {
|
||||
return Result.fail(`Could not delete authenticator: ${authenticatorIdOrError.getError()}`)
|
||||
}
|
||||
const authenticatorId = authenticatorIdOrError.getValue()
|
||||
|
||||
const result = await this.authenticatorClient.delete(authenticatorId)
|
||||
if (!result) {
|
||||
return Result.fail('Could not delete authenticator')
|
||||
}
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,3 @@
|
||||
export interface DeleteAuthenticatorDTO {
|
||||
authenticatorId: string
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
|
||||
import { ListAuthenticators } from './ListAuthenticators'
|
||||
|
||||
describe('ListAuthenticators', () => {
|
||||
let authenticatorClient: AuthenticatorClientInterface
|
||||
|
||||
const createUseCase = () => new ListAuthenticators(authenticatorClient)
|
||||
|
||||
beforeEach(() => {
|
||||
authenticatorClient = {} as jest.Mocked<AuthenticatorClientInterface>
|
||||
authenticatorClient.list = jest.fn().mockReturnValue([{ id: '1-2-3', name: 'My First Key' }])
|
||||
})
|
||||
|
||||
it('should list authenticators', async () => {
|
||||
const useCase = createUseCase()
|
||||
|
||||
const result = await useCase.execute()
|
||||
|
||||
expect(result.isFailed()).toBe(false)
|
||||
expect(result.getValue()).toEqual([{ id: '1-2-3', name: 'My First Key' }])
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,12 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
import { Result, UseCaseInterface } from '@standardnotes/domain-core'
|
||||
|
||||
export class ListAuthenticators implements UseCaseInterface<Array<{ id: string; name: string }>> {
|
||||
constructor(private authenticatorClient: AuthenticatorClientInterface) {}
|
||||
|
||||
async execute(): Promise<Result<Array<{ id: string; name: string }>>> {
|
||||
const authenticators = await this.authenticatorClient.list()
|
||||
|
||||
return Result.ok(authenticators)
|
||||
}
|
||||
}
|
||||
@@ -3,4 +3,8 @@ import { UseCaseInterface } from '@standardnotes/domain-core'
|
||||
export interface UseCaseContainerInterface {
|
||||
get signInWithRecoveryCodes(): UseCaseInterface<void>
|
||||
get getRecoveryCodes(): UseCaseInterface<string>
|
||||
get addAuthenticator(): UseCaseInterface<void>
|
||||
get listAuthenticators(): UseCaseInterface<Array<{ id: string; name: string }>>
|
||||
get deleteAuthenticator(): UseCaseInterface<void>
|
||||
get verifyAuthenticator(): UseCaseInterface<void>
|
||||
}
|
||||
|
||||
@@ -0,0 +1,70 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
|
||||
import { VerifyAuthenticator } from './VerifyAuthenticator'
|
||||
|
||||
describe('VerifyAuthenticator', () => {
|
||||
let authenticatorClient: AuthenticatorClientInterface
|
||||
let authenticatorVerificationPromptFunction: (
|
||||
authenticationOptions: Record<string, unknown>,
|
||||
) => Promise<Record<string, unknown>>
|
||||
|
||||
const createUseCase = () => new VerifyAuthenticator(authenticatorClient, authenticatorVerificationPromptFunction)
|
||||
|
||||
beforeEach(() => {
|
||||
authenticatorClient = {} as jest.Mocked<AuthenticatorClientInterface>
|
||||
authenticatorClient.generateAuthenticationOptions = jest.fn().mockResolvedValue({ foo: 'bar' })
|
||||
authenticatorClient.verifyAuthenticationResponse = jest.fn().mockResolvedValue(true)
|
||||
|
||||
authenticatorVerificationPromptFunction = jest.fn()
|
||||
})
|
||||
|
||||
it('should return an error if authenticator client fails to generate authentication options', async () => {
|
||||
authenticatorClient.generateAuthenticationOptions = jest.fn().mockResolvedValue(null)
|
||||
|
||||
const result = await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator authentication options')
|
||||
})
|
||||
|
||||
it('should return an error if authenticator verification prompt function fails', async () => {
|
||||
authenticatorVerificationPromptFunction = jest.fn().mockRejectedValue(new Error('error'))
|
||||
|
||||
const result = await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator authentication options: error')
|
||||
})
|
||||
|
||||
it('should return an error if authenticator client fails to verify authentication response', async () => {
|
||||
authenticatorClient.verifyAuthenticationResponse = jest.fn().mockResolvedValue(false)
|
||||
|
||||
const result = await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe('Could not generate authenticator authentication options')
|
||||
})
|
||||
|
||||
it('should return ok if authenticator client succeeds to verify authentication response', async () => {
|
||||
const result = await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })
|
||||
|
||||
expect(result.isFailed()).toBe(false)
|
||||
})
|
||||
|
||||
it('should return an error if user uuid is invalid', async () => {
|
||||
const result = await createUseCase().execute({ userUuid: 'invalid' })
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
})
|
||||
|
||||
it('should return error if authenticatorVerificationPromptFunction is not provided', async () => {
|
||||
const result = await new VerifyAuthenticator(authenticatorClient).execute({
|
||||
userUuid: '00000000-0000-0000-0000-000000000000',
|
||||
})
|
||||
|
||||
expect(result.isFailed()).toBe(true)
|
||||
expect(result.getError()).toBe(
|
||||
'Could not generate authenticator authentication options: No authenticator verification prompt function provided',
|
||||
)
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,49 @@
|
||||
import { AuthenticatorClientInterface } from '@standardnotes/services'
|
||||
import { Result, UseCaseInterface, Uuid } from '@standardnotes/domain-core'
|
||||
|
||||
import { VerifyAuthenticatorDTO } from './VerifyAuthenticatorDTO'
|
||||
|
||||
export class VerifyAuthenticator implements UseCaseInterface<void> {
|
||||
constructor(
|
||||
private authenticatorClient: AuthenticatorClientInterface,
|
||||
private authenticatorVerificationPromptFunction?: (
|
||||
authenticationOptions: Record<string, unknown>,
|
||||
) => Promise<Record<string, unknown>>,
|
||||
) {}
|
||||
|
||||
async execute(dto: VerifyAuthenticatorDTO): Promise<Result<void>> {
|
||||
if (!this.authenticatorVerificationPromptFunction) {
|
||||
return Result.fail(
|
||||
'Could not generate authenticator authentication options: No authenticator verification prompt function provided',
|
||||
)
|
||||
}
|
||||
|
||||
const userUuidOrError = Uuid.create(dto.userUuid)
|
||||
if (userUuidOrError.isFailed()) {
|
||||
return Result.fail(`Could not generate authenticator authentication options: ${userUuidOrError.getError()}`)
|
||||
}
|
||||
const userUuid = userUuidOrError.getValue()
|
||||
|
||||
const authenticationOptions = await this.authenticatorClient.generateAuthenticationOptions()
|
||||
if (authenticationOptions === null) {
|
||||
return Result.fail('Could not generate authenticator authentication options')
|
||||
}
|
||||
|
||||
let authenticatorResponse
|
||||
try {
|
||||
authenticatorResponse = await this.authenticatorVerificationPromptFunction(authenticationOptions)
|
||||
} catch (error) {
|
||||
return Result.fail(`Could not generate authenticator authentication options: ${(error as Error).message}`)
|
||||
}
|
||||
|
||||
const verificationResponse = await this.authenticatorClient.verifyAuthenticationResponse(
|
||||
userUuid,
|
||||
authenticatorResponse,
|
||||
)
|
||||
if (!verificationResponse) {
|
||||
return Result.fail('Could not generate authenticator authentication options')
|
||||
}
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,3 @@
|
||||
export interface VerifyAuthenticatorDTO {
|
||||
userUuid: string
|
||||
}
|
||||
Reference in New Issue
Block a user