Skip to content

Commit

Permalink
fix: allow anonymous user to update password (#1739)
Browse files Browse the repository at this point in the history
  • Loading branch information
kangmingtay authored Aug 26, 2024
1 parent 10fa347 commit 2d51956
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 9 deletions.
29 changes: 25 additions & 4 deletions internal/api/anonymous_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ func (ts *AnonymousTestSuite) TestAnonymousLogins() {

func (ts *AnonymousTestSuite) TestConvertAnonymousUserToPermanent() {
ts.Config.External.AnonymousUsers.Enabled = true
ts.Config.Sms.TestOTP = map[string]string{"1234567890": "000000"}
ts.Config.Sms.TestOTP = map[string]string{"1234567890": "000000", "1234560000": "000000"}
// test OTPs still require setting up an sms provider
ts.Config.Sms.Provider = "twilio"
ts.Config.Sms.Twilio.AccountSid = "fake-sid"
Expand All @@ -106,6 +106,22 @@ func (ts *AnonymousTestSuite) TestConvertAnonymousUserToPermanent() {
},
verificationType: "phone_change",
},
{
desc: "convert anonymous user to permanent user with email & password",
body: map[string]interface{}{
"email": "[email protected]",
"password": "test-password",
},
verificationType: "email_change",
},
{
desc: "convert anonymous user to permanent user with phone & password",
body: map[string]interface{}{
"phone": "1234560000",
"password": "test-password",
},
verificationType: "phone_change",
},
}

for _, c := range cases {
Expand Down Expand Up @@ -142,6 +158,11 @@ func (ts *AnonymousTestSuite) TestConvertAnonymousUserToPermanent() {
require.NotEmpty(ts.T(), user)
require.True(ts.T(), user.IsAnonymous)

// Check if user has a password set
if c.body["password"] != nil {
require.True(ts.T(), user.HasPassword())
}

switch c.verificationType {
case mail.EmailChangeVerification:
require.NoError(ts.T(), json.NewEncoder(&buffer).Encode(map[string]interface{}{
Expand All @@ -150,7 +171,7 @@ func (ts *AnonymousTestSuite) TestConvertAnonymousUserToPermanent() {
}))
case phoneChangeVerification:
require.NoError(ts.T(), json.NewEncoder(&buffer).Encode(map[string]interface{}{
"phone": "1234567890",
"phone": user.PhoneChange,
"token": "000000",
"type": c.verificationType,
}))
Expand All @@ -176,11 +197,11 @@ func (ts *AnonymousTestSuite) TestConvertAnonymousUserToPermanent() {

switch c.verificationType {
case mail.EmailChangeVerification:
assert.Equal(ts.T(), "[email protected]", data.User.GetEmail())
assert.Equal(ts.T(), c.body["email"], data.User.GetEmail())
assert.Equal(ts.T(), models.JSONMap(models.JSONMap{"provider": "email", "providers": []interface{}{"email"}}), data.User.AppMetaData)
assert.NotEmpty(ts.T(), data.User.EmailConfirmedAt)
case phoneChangeVerification:
assert.Equal(ts.T(), "1234567890", data.User.GetPhone())
assert.Equal(ts.T(), c.body["phone"], data.User.GetPhone())
assert.Equal(ts.T(), models.JSONMap(models.JSONMap{"provider": "phone", "providers": []interface{}{"phone"}}), data.User.AppMetaData)
assert.NotEmpty(ts.T(), data.User.PhoneConfirmedAt)
}
Expand Down
9 changes: 4 additions & 5 deletions internal/api/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,10 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
}

if user.IsAnonymous {
updatingForbiddenFields := false
updatingForbiddenFields = updatingForbiddenFields || (params.Password != nil && *params.Password != "")
if updatingForbiddenFields {
// CHECK
return unprocessableEntityError(ErrorCodeUnknown, "Updating password of an anonymous user is not possible")
if params.Password != nil && *params.Password != "" {
if params.Email == "" && params.Phone == "" {
return unprocessableEntityError(ErrorCodeValidationFailed, "Updating password of an anonymous user without an email or phone is not allowed")
}
}
}

Expand Down

0 comments on commit 2d51956

Please sign in to comment.