feat: don't require password when creating user

* feat: don't require password when creating user
blackmann · Dec 28, 2023 · ab3acc5 · ab3acc5
1 parent 53ffd96
commit ab3acc5
Show file tree

Hide file tree

Showing 4 changed files with 106 additions and 24 deletions.
diff --git a/base/src/app.spec.ts b/base/src/app.spec.ts
@@ -36,7 +36,7 @@ describe('setup', () => {
           data: {
             email: '[email protected]',
             fullname: 'Mock User',
-            password: 'hello',
+            password: 'helloworld',
             username: 'mock-1',
           },
           method: 'create',
@@ -60,7 +60,7 @@ describe('setup', () => {
       const res = await app.api(
         context({
           data: {
-            password: 'hello',
+            password: 'helloworld',
             username: 'mock',
           },
           method: 'create',
@@ -77,7 +77,7 @@ describe('setup', () => {
           data: {
             email: '[email protected]',
             fullname: 'Mock User',
-            password: 'hello',
+            password: 'helloworld',
             role: 'dev',
             username: 'mock',
           },
@@ -819,7 +819,7 @@ describe('hooks registry', () => {
       'log-data',
       'custom-code',
       'restrict-method',
-      'auth-require-password',
+      'auth-collect-password',
       'create-auth-credential',
       'require-auth',
       'assign-auth-user',
@@ -832,3 +832,67 @@ describe('hooks registry', () => {
     )
   })
 })
+
+describe('users/auth service', () => {
+  it('creates user', async () => {
+    const res = await app.api(
+      context({
+        data: {
+          email: '[email protected]',
+          fullname: 'Mock User',
+          password: 'helloworld',
+          username: 'mock-user-1',
+        },
+        method: 'create',
+        path: 'users',
+      })
+    )
+
+    expect(res.statusCode).toBe(201)
+    expect(res.result).toStrictEqual({
+      _id: expect.anything(),
+      created_at: expect.any(Date),
+      email: '[email protected]',
+      fullname: 'Mock User',
+      role: 'basic',
+      updated_at: expect.any(Date),
+      username: 'mock-user-1',
+    })
+  })
+
+  it('returns 400 when password is less than 8 characters', async () => {
+    const res = await app.api(
+      context({
+        data: {
+          email: '[email protected]',
+          fullname: 'Mock User',
+          password: 'hello',
+          username: 'mock-user-2',
+        },
+        method: 'create',
+        path: 'users',
+      })
+    )
+
+    expect(res.statusCode).toBe(400)
+    expect(res.result.error).toStrictEqual(
+      '`password` should be at least 8 characters long'
+    )
+  })
+
+  it('should create user without requiring password', async () => {
+    const res = await app.api(
+      context({
+        data: {
+          email: '[email protected]',
+          fullname: 'Mock User',
+          username: 'mock-user-3',
+        },
+        method: 'create',
+        path: 'users',
+      })
+    )
+
+    expect(res.statusCode).toBe(201)
+  })
+})
diff --git a/base/src/authentication.spec.ts b/base/src/authentication.spec.ts
@@ -31,7 +31,7 @@ describe('authentication', () => {
         data: {
           email: '[email protected]',
           fullname: 'Mock User',
-          password: 'hello',
+          password: 'helloworld',
           username: 'mock-1',
         },
         method: 'create',
@@ -47,7 +47,7 @@ describe('authentication', () => {
       const { result } = await app.api(
         context({
           data: {
-            password: 'hello',
+            password: 'helloworld',
             username: 'mock-1',
           },
           method: 'create',
@@ -66,7 +66,7 @@ describe('authentication', () => {
         context({
           data: {
             email: '[email protected]',
-            password: 'hello',
+            password: 'helloworld',
           },
           method: 'create',
           path: 'login',

diff --git a/base/src/authentication.ts b/base/src/authentication.ts
@@ -21,16 +21,25 @@ const authCredentialsSchema: SchemaDefinitions = {
   user: { relation: 'users', required: true, type: 'id' },
 }
 
-const RequirePassword: Hook = {
-  description: 'Require password field. [Base auth]',
-  id: 'auth-require-password',
-  name: 'Require Password',
+const CollectPassword: Hook = {
+  description:
+    'Collects password field if provided. This is used later by `CreatePasswordAuth`. [Base auth]',
+  id: 'auth-collect-password',
+  name: 'Collect Password',
   run: async (ctx) => {
     const password = ctx.data?.['password']
+    if (password === undefined || password === null) {
+      return ctx
+    }
+
     if (typeof password !== 'string') {
       throw new BadRequest('`password` field is required or should be a string')
     }
 
+    if (password.length < 8) {
+      throw new BadRequest('`password` should be at least 8 characters long')
+    }
+
     ctx.locals['password'] = password
     delete ctx.data!['password']
 
@@ -70,6 +79,10 @@ const CreatePasswordAuthCredential: Hook = {
   name: 'Create Password Auth Credential',
   run: async (ctx, _, app) => {
     const password = ctx.locals['password']
+    if (!password) {
+      return ctx
+    }
+
     if (typeof password !== 'string') {
       throw new BadRequest('`password` field is missing')
     }
@@ -113,23 +126,23 @@ const CreatePasswordAuthCredential: Hook = {
 
 /** This is the primary authentication mechanism */
 async function baseAuthentication(app: App) {
-  const name = 'auth-credentials'
+  const collectionName = 'auth-credentials'
   const secretKey = new TextEncoder().encode(process.env.SECRET_KEY!)
 
-  if (!(await app.manifest.collection(name))) {
+  if (!(await app.manifest.collection(collectionName))) {
     const index = [{ fields: ['user'], options: { unique: true } }]
-    await app.manifest.collection(name, {
+    await app.manifest.collection(collectionName, {
       indexes: index,
-      name,
+      name: collectionName,
       readOnlySchema: true,
       schema: authCredentialsSchema,
     })
 
-    await app.database.addIndexes(name, index)
+    await app.database.addIndexes(collectionName, index)
   }
 
   app.hooksRegistry.register(
-    RequirePassword,
+    CollectPassword,
     CreatePasswordAuthCredential,
     RequireAuth,
     AssignAuthUser
@@ -167,7 +180,9 @@ async function baseAuthentication(app: App) {
       throw new BadRequest('Incorrect username/password combination')
     }
 
-    const credentialService = app.service(unexposed(name)) as CollectionService
+    const credentialService = app.service(
+      unexposed(collectionName)
+    ) as CollectionService
 
     const {
       data: [credential],
@@ -226,10 +241,10 @@ async function upsertHooks(app: App) {
 
   if (
     !usersHooks['before']['create'].find(
-      ([hookId]) => hookId === RequirePassword.id
+      ([hookId]) => hookId === CollectPassword.id
     )
   ) {
-    usersHooks.before.create.push([RequirePassword.id])
+    usersHooks.before.create.push([CollectPassword.id])
     dirty = true
   }
 
@@ -312,4 +327,4 @@ function checkSecretKeyEnv() {
   }
 }
 
-export { RequirePassword, baseAuthentication }
+export { CollectPassword, baseAuthentication }
diff --git a/base/src/users.ts b/base/src/users.ts
@@ -5,14 +5,17 @@ const usersSchema: SchemaDefinitions = {
   avatar: { type: 'string' },
   email: { required: true, type: 'string', unique: true },
   fullname: { required: true, type: 'string' },
-  // basic, dev
   // [ ] Prevent anyone from just creating a 'dev' account. Use hook
-  role: { defaultValue: 'basic', required: true, type: 'string' },
+  role: {
+    defaultValue: 'basic',
+    enum: ['dev', 'basic'],
+    required: true,
+    type: 'string',
+  },
   username: { required: true, type: 'string', unique: true },
   verified: { type: 'boolean' },
 }
 
-// [ ] Make collection schema read-only
 async function users(app: App) {
   if (!(await app.manifest.collection('users'))) {
     const indexes = [