feat: action to update the username (#616)

annahassel · web-flow · commit 8edc2cf48543 · 2024-11-22T17:17:20.000+03:00
diff --git a/.gitignore b/.gitignore
@@ -38,6 +38,7 @@ lib
 
 # documentation
 docs
+doc
 ss
 
 # Other files
diff --git a/package.json b/package.json
@@ -29,7 +29,7 @@
     "consul": "^0.40.0"
   },
   "dependencies": {
-    "@faker-js/faker": "^9.0.3",
+    "@faker-js/faker": "^9.2.0",
     "@fastify/deepmerge": "^2.0.0",
     "@hapi/bell": "^13.0.2",
     "@hapi/boom": "^10.0.1",
@@ -74,7 +74,7 @@
     "handlebars": "^4.7.8",
     "ioredis": "^4.28.5",
     "is": "^3.3.0",
-    "jose": "^5.9.4",
+    "jose": "^5.9.6",
     "jsonwebtoken": "^9.0.2",
     "jwa": "^2.0.0",
     "jwks-rsa": "^3.1.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/schemas/common.json b/schemas/common.json
@@ -176,14 +176,19 @@
           "type": "string",
           "oneOf": [
             { "format": "email" },
-            { "pattern": "^\\d+$" }
+            { "$ref": "#/definitions/phone" }
           ]
         },
         "type": {
           "type": "string",
           "enum": ["email", "phone"]
         }
       }
+    },
+    "phone": {
+      "description": "E-164. Only digits",
+      "type": "string",
+      "pattern": "^[0-9]{7,15}$"
     }
   }
 }
diff --git a/schemas/update-username/request.json b/schemas/update-username/request.json
@@ -0,0 +1,59 @@
+{
+  "$id": "update-username.request",
+  "type": "object",
+  "required": [
+    "challengeType",
+    "username",
+    "value"
+  ],
+  "properties": {
+    "challengeType": {
+      "description": "Where to send the secret code. Currently only the `phone` is supported",
+      "type": "string",
+      "oneOf": [
+        {
+          "const": "phone"
+        }
+      ]
+    },
+    "i18nLocale": {
+      "description": "User locale",
+      "maxLength": 10,
+      "minLength": 1,
+      "type": "string"
+    },
+    "username": {
+      "description": "User alias, ID or username",
+      "maxLength": 50,
+      "minLength": 3,
+      "type": "string"
+    },
+    "value": {
+      "description": "New username",
+      "type": "string",
+      "oneOf": [
+        {
+          "$ref": "../common.json#/definitions/phone"
+        }
+      ]
+    }
+  },
+  "allOf": [
+    {
+      "if": {
+        "properties": {
+          "challengeType": {
+            "const": "phone"
+          }
+        }
+      },
+      "then": {
+        "properties": {
+          "value": {
+            "$ref": "../common.json#/definitions/phone"
+          }
+        }
+      }
+    }
+  ]
+}
diff --git a/schemas/update-username/update.json b/schemas/update-username/update.json
@@ -0,0 +1,25 @@
+{
+  "$id": "update-username.update",
+  "type": "object",
+  "required": [
+    "token",
+    "username"
+  ],
+  "properties": {
+    "token": {
+      "description": "The code that was sent to the user using `update-username.request` action",
+      "maxLength": 1000,
+      "minLength": 3,
+      "type": "string"
+    },
+    "username": {
+      "description": "New username. Must match the username used in the username update request",
+      "type": "string",
+      "oneOf": [
+        {
+          "$ref": "../common.json#/definitions/phone"
+        }
+      ]
+    }
+  }
+}
diff --git a/scripts/updateUsername.lua b/scripts/updateUsername.lua
@@ -0,0 +1,23 @@
+local userDataKey = KEYS[1];
+local userMetadaKey = KEYS[2];
+local usernameToIdKey = KEYS[3];
+
+local userId = ARGV[1];
+local newUsername = ARGV[2];
+local usernameField = ARGV[3];
+local newUsernameEncoded = ARGV[4];
+
+if redis.call('hget', usernameToIdKey, newUsername) ~= false then
+  return redis.error_reply('E_USERNAME_CONFLICT');
+end
+
+local currentUsername = redis.call('hget', userDataKey, usernameField)
+
+if currentUsername == false then
+  return redis.error_reply('E_USER_ID_NOT_FOUND');
+end
+
+redis.call('hdel', usernameToIdKey, currentUsername)
+redis.call('hset', usernameToIdKey, newUsername, userId)
+redis.call('hset', userDataKey, usernameField, newUsername)
+redis.call('hset', userMetadaKey, usernameField, newUsernameEncoded)
diff --git a/src/actions/update-username/request.js b/src/actions/update-username/request.js
@@ -0,0 +1,54 @@
+const { ActionTransport } = require('@microfleet/plugin-router');
+
+const { requestUsernameUpdate } = require('../../utils/update-username');
+const { resolveUserId } = require('../../utils/userData');
+const { checkMFA } = require('../../utils/mfa');
+const isActive = require('../../utils/is-active');
+const isBanned = require('../../utils/is-banned');
+const {
+  ErrorConflictUserExists,
+  ErrorUserNotFound,
+  MFA_TYPE_OPTIONAL,
+  USERS_ID_FIELD,
+} = require('../../constants');
+
+/**
+ * @api {amqp} <prefix>.update-username.request Request update username
+ * @apiVersion 1.0.0
+ * @apiName RequestUpdateUsername
+ * @apiGroup Users
+ *
+ * @apiDescription Sends the user a secret code that will be used
+ * to confirm the user name update. Currently only phone is supported.
+ *
+ * @apiSchema (Payload) {jsonschema=../../../schemas/update-username/request.json} apiParam
+ *
+ * @apiSuccess (Response) {Object} uid Token UID
+ */
+module.exports = async function requestUpdateUsernameAction(request) {
+  const { challengeType, i18nLocale, value } = request.params;
+  const { internalData } = request.locals;
+
+  if (!internalData) {
+    throw ErrorUserNotFound;
+  }
+
+  await isActive(internalData);
+  isBanned(internalData);
+
+  if (await resolveUserId.call(this, value)) {
+    throw ErrorConflictUserExists;
+  }
+
+  return requestUsernameUpdate(
+    this,
+    internalData[USERS_ID_FIELD],
+    value,
+    challengeType,
+    { i18nLocale }
+  );
+};
+
+module.exports.mfa = MFA_TYPE_OPTIONAL;
+module.exports.allowed = checkMFA;
+module.exports.transports = [ActionTransport.amqp, ActionTransport.internal];
diff --git a/src/actions/update-username/update.js b/src/actions/update-username/update.js
@@ -0,0 +1,23 @@
+const { ActionTransport } = require('@microfleet/plugin-router');
+
+const { updateUsernameWithToken } = require('../../utils/update-username');
+
+/**
+ * @api {amqp} <prefix>.update-username Update Username
+ * @apiVersion 1.0.0
+ * @apiName UpdateUsername
+ * @apiGroup Users
+ *
+ * @apiDescription Update username using the code that was sent
+ * to the user using `update-username.request` action.
+ * Currently only the phone is supported.
+ *
+ * @apiSchema (Payload) {jsonschema=../../../schemas/update-username/update.json} apiParam
+ */
+module.exports = async function updateUsernameAction(request) {
+  const { token, username } = request.params;
+
+  await updateUsernameWithToken(this, token, username);
+};
+
+module.exports.transports = [ActionTransport.amqp, ActionTransport.internal];
diff --git a/src/configs/verification-challenges.js b/src/configs/verification-challenges.js
@@ -5,6 +5,7 @@ const {
   USERS_ACTION_DISPOSABLE_PASSWORD,
   USERS_ACTION_REGISTER,
   USERS_ACTION_RESET,
+  USERS_ACTION_UPDATE_USERNAME,
   USERS_ACTION_VERIFY_CONTACT,
 } = require('../constants');
 
@@ -59,10 +60,11 @@ exports.phone = {
   account: 'replace-with-your-account',
   messages: {
     [USERS_ACTION_ACTIVATE]: '%s is your activation code',
-    [USERS_ACTION_VERIFY_CONTACT]: '%s is your verification code',
     [USERS_ACTION_DISPOSABLE_PASSWORD]: '%s is your disposable password',
     [USERS_ACTION_REGISTER]: '%s is your password',
     [USERS_ACTION_RESET]: '%s is your code for reset password',
+    [USERS_ACTION_UPDATE_USERNAME]: '%s is your code for update username',
+    [USERS_ACTION_VERIFY_CONTACT]: '%s is your verification code',
   },
   route: 'phone.message.predefined',
   publishOptions: {},
diff --git a/src/constants.js b/src/constants.js
@@ -125,15 +125,16 @@ module.exports = exports = {
 
   // actions
   USERS_ACTION_ACTIVATE: 'activate',
-  USERS_ACTION_VERIFY_CONTACT: 'verify-contact',
   USERS_ACTION_DISPOSABLE_PASSWORD: 'disposable-password',
-  USERS_ACTION_PASSWORD: 'password',
-  USERS_ACTION_RESET: 'reset',
-  USERS_ACTION_REGISTER: 'register',
   USERS_ACTION_INVITE: 'invite',
+  USERS_ACTION_ORGANIZATION_ADD: 'organizationUserAdd',
   USERS_ACTION_ORGANIZATION_INVITE: 'organizationUserInvite',
   USERS_ACTION_ORGANIZATION_REGISTER: 'organizationUserRegister',
-  USERS_ACTION_ORGANIZATION_ADD: 'organizationUserAdd',
+  USERS_ACTION_PASSWORD: 'password',
+  USERS_ACTION_REGISTER: 'register',
+  USERS_ACTION_RESET: 'reset',
+  USERS_ACTION_UPDATE_USERNAME: 'user-update-username',
+  USERS_ACTION_VERIFY_CONTACT: 'verify-contact',
 
   // invitations constants
   INVITATIONS_INDEX: 'user-invitations',
@@ -170,9 +171,11 @@ exports.ErrorConflictUserExists.code = 'E_USERNAME_CONFLICT';
 exports.ErrorTotpRequired.code = 'E_TOTP_REQUIRED';
 exports.ErrorTotpInvalid.code = 'E_TOTP_INVALID';
 exports.ErrorSecretRequired.code = 'E_TOTP_NOSECRET';
+exports.ErrorUserNotFound.code = E_USER_ID_NOT_FOUND;
 
-exports.USERS_INVALID_TOKEN.code = 'E_TKN_INVALID';
 exports.USERS_AUDIENCE_MISMATCH.code = 'E_TKN_AUDIENCE_MISMATCH';
+exports.USERS_DISPOSABLE_PASSWORD_MIA.code = 'E_PASSWORD_INVALID';
+exports.USERS_INVALID_TOKEN.code = 'E_TKN_INVALID';
 exports.USERS_JWT_ACCESS_REQUIRED.code = 'E_TKN_ACCESS_TOKEN_REQUIRED';
 exports.USERS_JWT_REFRESH_REQUIRED.code = 'E_TKN_REFRESH_TOKEN_REQUIRED';
 exports.USERS_JWT_STATELESS_REQUIRED.code = 'E_STATELESS_NOT_ENABLED';
diff --git a/src/utils/challenges/phone/send.js b/src/utils/challenges/phone/send.js
@@ -6,6 +6,7 @@ const {
   USERS_ACTION_DISPOSABLE_PASSWORD,
   USERS_ACTION_REGISTER,
   USERS_ACTION_RESET,
+  USERS_ACTION_UPDATE_USERNAME,
   USERS_ACTION_VERIFY_CONTACT,
 } = require('../../../constants');
 
@@ -24,6 +25,7 @@ async function send(tel, action, context = {}) {
     case USERS_ACTION_ACTIVATE:
     case USERS_ACTION_DISPOSABLE_PASSWORD:
     case USERS_ACTION_RESET:
+    case USERS_ACTION_UPDATE_USERNAME:
     case USERS_ACTION_VERIFY_CONTACT:
       message = template.replace('%s', context.token.secret);
       break;
diff --git a/src/utils/update-username.js b/src/utils/update-username.js
@@ -0,0 +1,83 @@
+const { HttpStatusError } = require('common-errors');
+
+const challenge = require('./challenges/challenge');
+const {
+  ErrorConflictUserExists,
+  ErrorUserNotFound,
+  USERS_ACTION_UPDATE_USERNAME,
+  USERS_DATA,
+  USERS_DISPOSABLE_PASSWORD_MIA,
+  USERS_METADATA,
+  USERS_USERNAME_FIELD,
+  USERS_USERNAME_TO_ID,
+} = require('../constants');
+const redisKey = require('./key');
+
+const Error500 = new HttpStatusError(500, 'something went wrong');
+
+const requestUsernameUpdate = async (service, userId, username, challengeType, context) => {
+  const { config } = service;
+  const tokenConfig = config.token[challengeType];
+  const challengeOpts = {
+    ...tokenConfig,
+    action: USERS_ACTION_UPDATE_USERNAME,
+    id: username,
+    metadata: { userId },
+  };
+
+  const response = await challenge.call(service, challengeType, challengeOpts, { ...context });
+
+  return {
+    uid: response.context.token.uid,
+  };
+};
+
+const updateUsername = ({ redis, config }, userId, username) => {
+  const { jwt: { defaultAudience } } = config;
+
+  if (!userId || !username || !defaultAudience) {
+    throw Error500;
+  }
+
+  return redis
+    .updateUsername(
+      3,
+      redisKey(userId, USERS_DATA),
+      redisKey(userId, USERS_METADATA, defaultAudience),
+      USERS_USERNAME_TO_ID,
+      userId,
+      username,
+      USERS_USERNAME_FIELD,
+      JSON.stringify(username)
+    )
+    .catch((error) => {
+      if (error.message === ErrorConflictUserExists.code) {
+        throw ErrorConflictUserExists;
+      }
+
+      if (error.message === ErrorUserNotFound.code) {
+        throw ErrorUserNotFound;
+      }
+
+      throw Error500;
+    });
+};
+
+const updateUsernameWithToken = async (service, token, username) => {
+  const { metadata: { userId } } = await service.tokenManager
+    .verify({
+      action: USERS_ACTION_UPDATE_USERNAME,
+      id: username,
+      token,
+    })
+    .catch(() => {
+      throw USERS_DISPOSABLE_PASSWORD_MIA;
+    });
+
+  await updateUsername(service, userId, username);
+};
+
+module.exports = {
+  requestUsernameUpdate,
+  updateUsernameWithToken,
+};
diff --git a/test/suites/actions/update-username/request.js b/test/suites/actions/update-username/request.js
diff --git a/test/suites/actions/update-username/update.js b/test/suites/actions/update-username/update.js

Original file line number	Diff line number	Diff line change
`@@ -176,14 +176,19 @@`
`176`	`176`	`"type": "string",`
`177`	`177`	`"oneOf": [`
`178`	`178`	`{ "format": "email" },`
`179`		`- { "pattern": "^\\d+$" }`
	`179`	`+ { "$ref": "#/definitions/phone" }`
`180`	`180`	`]`
`181`	`181`	`},`
`182`	`182`	`"type": {`
`183`	`183`	`"type": "string",`
`184`	`184`	`"enum": ["email", "phone"]`
`185`	`185`	`}`
`186`	`186`	`}`
	`187`	`+ },`
	`188`	`+ "phone": {`
	`189`	`+ "description": "E-164. Only digits",`
	`190`	`+ "type": "string",`
	`191`	`+ "pattern": "^[0-9]{7,15}$"`
`187`	`192`	`}`
`188`	`193`	`}`
`189`	`194`	`}`