npm - @atproto/pds - Versions diffs - 0.5.1 → 0.5.2 - Mend

@atproto/pds 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/src/api/com/atproto/identity/updateHandle.ts CHANGED Viewed

@@ -1,97 +1,66 @@
 import { DAY, MINUTE } from '@atproto/common'
-import { InvalidRequestError, Server } from '@atproto/xrpc-server'
+import { MethodRateLimit, Server } from '@atproto/xrpc-server'
+import { AccessOutput, OAuthOutput } from '../../../../auth-output.js'
 import { AppContext } from '../../../../context.js'
 import { com } from '../../../../lexicons/index.js'
-import { httpLogger } from '../../../../logger.js'
 export default function (server: Server, ctx: AppContext) {
-  server.add(com.atproto.identity.updateHandle, {
-    auth: ctx.authVerifier.authorization({
-      checkTakedown: true,
-      authorize: (permissions) => {
-        permissions.assertIdentity({ attr: 'handle' })
-      },
-    }),
-    rateLimit: [
-      {
-        durationMs: 5 * MINUTE,
-        points: 10,
-        calcKey: ({ auth }) => auth.credentials.did,
-      },
-      {
-        durationMs: DAY,
-        points: 50,
-        calcKey: ({ auth }) => auth.credentials.did,
-      },
-    ],
-    handler: async ({ auth, input, req }) => {
-      const requester = auth.credentials.did
+  const { entrywayClient } = ctx
+  const auth = ctx.authVerifier.authorization({
+    checkTakedown: true,
+    authorize: (permissions) => {
+      permissions.assertIdentity({ attr: 'handle' })
+    },
+  })
-      if (ctx.entrywayClient) {
+  const rateLimit: MethodRateLimit<AccessOutput | OAuthOutput> = [
+    {
+      durationMs: 5 * MINUTE,
+      points: 10,
+      calcKey: ({ auth }) => auth.credentials.did,
+    },
+    {
+      durationMs: DAY,
+      points: 50,
+      calcKey: ({ auth }) => auth.credentials.did,
+    },
+  ]
+  if (entrywayClient) {
+    server.add(com.atproto.identity.updateHandle, {
+      auth,
+      rateLimit,
+      handler: async ({ auth, input, req }) => {
         const { headers } = await ctx.entrywayAuthHeaders(
           req,
           auth.credentials.did,
           com.atproto.identity.updateHandle.$lxm,
         )
-        // the full flow is:
+        // The full flow is:
         // -> entryway(identity.updateHandle) [update handle, submit plc op]
         // -> pds(admin.updateAccountHandle)  [track handle, sequence handle update]
-        await ctx.entrywayClient.xrpc(com.atproto.identity.updateHandle, {
+        await entrywayClient.xrpc(com.atproto.identity.updateHandle, {
           headers,
           body: {
             handle: input.body.handle,
             // @ts-expect-error "did" is not in the schema
-            did: requester,
+            did: auth.credentials.did,
           },
         })
-        return
-      }
-      const handle = await ctx.accountManager.normalizeAndValidateHandle(
-        input.body.handle,
-        { did: requester },
-      )
-      // Pessimistic check to handle spam: also enforced by updateHandle() and the db.
-      const account = await ctx.accountManager.getAccount(handle, {
-        includeDeactivated: true,
-      })
-      if (!account) {
-        if (requester.startsWith('did:plc:')) {
-          await ctx.plcClient.updateHandle(
-            requester,
-            ctx.plcRotationKey,
-            handle,
-          )
-        } else {
-          const resolved = await ctx.idResolver.did.resolveAtprotoData(
-            requester,
-            true,
-          )
-          if (resolved.handle !== handle) {
-            throw new InvalidRequestError(
-              'DID is not properly configured for handle',
-            )
-          }
-        }
-        await ctx.accountManager.updateHandle(requester, handle)
-      } else {
-        // if we found an account with matching handle, check if it is the same as requester
-        // if so emit an identity event, otherwise error.
-        if (account.did !== requester) {
-          throw new InvalidRequestError(`Handle already taken: ${handle}`)
-        }
-      }
-      try {
-        await ctx.sequencer.sequenceIdentityEvt(requester, handle)
-      } catch (err) {
-        httpLogger.error(
-          { err, did: requester, handle },
-          'failed to sequence handle update',
+      },
+    })
+  } else {
+    server.add(com.atproto.identity.updateHandle, {
+      auth,
+      rateLimit,
+      handler: async ({ auth, input }) => {
+        await ctx.accountManager.updateHandle(
+          auth.credentials.did,
+          input.body.handle,
         )
-      }
-    },
-  })
+      },
+    })
+  }
 }

package/src/api/com/atproto/repo/getRecord.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AtUri } from '@atproto/syntax'
+import { atUri } from '@atproto/lex'
 import { InvalidRequestError, Server } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context.js'
 import { com } from '../../../../lexicons/index.js'
@@ -11,7 +11,7 @@ export default function (server: Server, ctx: AppContext) {
     // fetch from pds if available, if not then fetch from appview
     if (did) {
-      const uri = AtUri.make(did, collection, rkey)
+      const uri = atUri(did, collection, rkey)
       const record = await ctx.actorStore.read(did, (store) =>
         store.record.getRecord(uri, cid ?? null),
       )
@@ -24,7 +24,7 @@ export default function (server: Server, ctx: AppContext) {
       return {
         encoding: 'application/json' as const,
         body: {
-          uri: uri.toString(),
+          uri,
           cid: record.cid,
           value: record.value,
         },

package/src/api/com/atproto/repo/putRecord.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { atUri } from '@atproto/lex'
 import {
   LegacyBlobRef,
   LexMap,
@@ -5,7 +6,6 @@ import {
   isLegacyBlobRef,
   parseCid,
 } from '@atproto/lex-data'
-import { AtUri } from '@atproto/syntax'
 import {
   AuthRequiredError,
   InvalidRequestError,
@@ -90,7 +90,7 @@ export default function (server: Server, ctx: AppContext) {
         })
       }
-      const uri = AtUri.make(did, collection, rkey)
+      const uri = atUri(did, collection, rkey)
       const swapCommitCid = swapCommit ? parseCid(swapCommit) : undefined
       const swapRecordCid =
         typeof swapRecord === 'string' ? parseCid(swapRecord) : swapRecord

package/src/context.ts CHANGED Viewed

@@ -267,25 +267,28 @@ export class AppContext {
       backgroundQueue,
     })
+    const plcRotationKey =
+      secrets.plcRotationKey.provider === 'kms'
+        ? await KmsKeypair.load({
+            keyId: secrets.plcRotationKey.keyId,
+          })
+        : await crypto.Secp256k1Keypair.import(
+            secrets.plcRotationKey.privateKeyHex,
+          )
     const accountManager = new AccountManager(
       idResolver,
       jwtSecretKey,
       mailer,
+      sequencer,
+      plcClient,
+      plcRotationKey,
       cfg.service.did,
       cfg.identity.serviceHandleDomains,
       cfg.db,
     )
     await accountManager.migrateOrThrow()
-    const plcRotationKey =
-      secrets.plcRotationKey.provider === 'kms'
-        ? await KmsKeypair.load({
-            keyId: secrets.plcRotationKey.keyId,
-          })
-        : await crypto.Secp256k1Keypair.import(
-            secrets.plcRotationKey.privateKeyHex,
-          )
     const localViewer = LocalViewer.creator(
       accountManager,
       imageUrlBuilder,

package/tests/_puppeteer.ts CHANGED Viewed

@@ -85,6 +85,8 @@ export class PageHelper implements AsyncDisposable {
   async typeIn(selector: string, text: string) {
     const elementHandle = await this.getVisibleElement(selector)
     elementHandle.focus()
+    await elementHandle.click({ clickCount: 3 }) // Select all existing text
+    await elementHandle.press('Backspace') // Clear the input
     await elementHandle.type(text)
     return elementHandle
   }
@@ -93,16 +95,20 @@ export class PageHelper implements AsyncDisposable {
     return this.typeIn(`input[name=${JSON.stringify(name)}]`, text)
   }
-  async ensureTextVisibility(text: string, tag = 'p') {
+  async ensureTextVisibility(text: string, tag = 'p', timeout = 5_000) {
     await this.page.waitForSelector(
       `${tag}::-p-text(${JSON.stringify(text)})`,
       {
         visible: true,
-        timeout: 5_000,
+        timeout,
       },
     )
   }
+  async ensureNotification(text: string) {
+    return this.ensureTextVisibility(text, 'div')
+  }
   protected async getVisibleElement(selector: string) {
     const elementHandle = await this.page.waitForSelector(selector, {
       visible: true,

package/tests/account-manager.test.ts CHANGED Viewed

@@ -18,7 +18,7 @@ describe('account manager', () => {
       // For debugging:
       // headless: false,
       // devtools: true,
-      // slowMo: 150,
+      // slowMo: 25,
     })
     network = await TestNetworkNoAppView.create({
@@ -34,6 +34,10 @@ describe('account manager', () => {
     })
   })
+  afterEach(async () => {
+    await network.processAll()
+  })
   afterAll(async () => {
     await network?.close()
     await browser?.close()
@@ -44,7 +48,7 @@ describe('account manager', () => {
     await page.goto(new URL('/account', network.pds.url))
-    await page.assertTitle(`S'identifier`)
+    await page.assertTitle(`Se connecter`)
     await page.clickOnText('Créer un nouveau compte')
@@ -55,12 +59,14 @@ describe('account manager', () => {
     await page.typeInInput('email', 'bob@test.com')
     await page.typeInInput('password', 'bob-pass')
-    await page.clickOnText("S'inscrire")
+    await page.clickOnText('Inscription')
-    await page.assertTitle(`Compte utilisateur`)
+    await page.waitForNetworkIdle()
     await page.ensureTextVisibility('bob.test', 'span')
     await page.ensureTextVisibility('Votre compte Atmosphère est hébergé chez')
+    await page.assertTitle('Mon compte Atmosphère')
   })
   it('allows switching accounts', async () => {
@@ -68,7 +74,7 @@ describe('account manager', () => {
     await page.goto(new URL('/account', network.pds.url))
-    await page.assertTitle(`Compte utilisateur`)
+    await page.assertTitle('Mon compte Atmosphère')
     await page.clickOnAriaLabel(`Sélecteur de compte`)
     await page.clickOnText('Sélectionner un autre compte')
@@ -93,18 +99,13 @@ describe('account manager', () => {
     await page.goto(new URL('/account', network.pds.url))
-    await page.assertTitle(`Compte utilisateur`)
+    await page.assertTitle('Mon compte Atmosphère')
     await page.ensureTextVisibility('bob.test', 'span')
-    await page.ensureTextVisibility('alice.test', 'span').then(
-      () => {
-        throw new Error('Should not be visible')
-      },
-      (err) => {
-        expect(err).toBeInstanceOf(Error)
-      },
-    )
+    await expect(async () => {
+      await page.ensureTextVisibility('alice.test', 'span', 500)
+    }).rejects.toThrow('Waiting for selector')
   })
   it('allows changing the password', async () => {
@@ -112,9 +113,11 @@ describe('account manager', () => {
     await page.goto(new URL('/account', network.pds.url))
-    await page.assertTitle(`Compte utilisateur`)
+    await page.assertTitle('Mon compte Atmosphère')
-    await page.clickOnText('Mot de passe', 'a')
+    await page.clickOnText('Compte utilisateur', 'a')
+    await page.clickOnText('Mot de passe')
     using sendResetPasswordMock = jest
       .spyOn(network.pds.ctx.mailer, 'sendResetPassword')
@@ -122,7 +125,7 @@ describe('account manager', () => {
         // noop
       })
-    await page.clickOnText('Envoyer le code')
+    await page.clickOnText('Envoyer le code de vérification')
     await page.waitForNetworkIdle()
@@ -137,20 +140,23 @@ describe('account manager', () => {
     await page.typeInInput('code', params.token)
     await page.typeInInput('password', 'bob-new-pass')
-    await page.clickOnText('Soumettre')
+    await page.clickOnText('Valider')
-    await page.ensureTextVisibility(
-      'Réinitialisation du mot de passe réussie',
-      'div',
-    )
+    await page.ensureNotification('Réinitialisation du mot de passe réussie')
   })
-  it('allows validating the email address', async () => {
+  it('allows verifying the email address', async () => {
     await using page = await PageHelper.from(browser, { languages })
     await page.goto(new URL('/account', network.pds.url))
-    await page.clickOnText('Vérifier maintenant', 'button')
+    await page.assertTitle('Mon compte Atmosphère')
+    await page.clickOnText('Compte utilisateur', 'a')
+    await page.ensureTextVisibility('Votre adresse email doit être vérifiée.')
+    await page.clickOnText('Vérifier')
     using sendConfirmEmailMock = jest
       .spyOn(network.pds.ctx.mailer, 'sendConfirmEmail')
@@ -158,7 +164,7 @@ describe('account manager', () => {
         // noop
       })
-    await page.clickOnText('Envoyer le code', 'button')
+    await page.clickOnText('Envoyer le code de vérification', 'button')
     await page.waitForNetworkIdle()
@@ -171,9 +177,31 @@ describe('account manager', () => {
     })
     await page.typeInInput('code', params.token)
-    await page.clickOnText('Soumettre')
+    await page.clickOnText('Valider')
+    await page.ensureNotification('Adresse email vérifiée')
+  })
+  it('allows changing the username', async () => {
+    await using page = await PageHelper.from(browser, { languages })
+    await page.goto(new URL('/account', network.pds.url))
+    await page.assertTitle('Mon compte Atmosphère')
-    await page.ensureTextVisibility('Adresse email vérifiée', 'div')
+    await page.clickOnText('Compte utilisateur', 'a')
+    await page.clickOnText("Nom d'utilisateur")
+    await page.clickOnText("Utiliser un nom d'utilisateur par défaut")
+    await page.typeInInput('handle', 'bob-renamed')
+    await page.clickOnText('Valider')
+    await page.waitForNetworkIdle()
+    await page.ensureTextVisibility('bob-renamed.test', 'span')
   })
   it('allows changing the email address', async () => {
@@ -181,7 +209,11 @@ describe('account manager', () => {
     await page.goto(new URL('/account', network.pds.url))
-    await page.clickOnText('Email', 'a')
+    await page.assertTitle('Mon compte Atmosphère')
+    await page.clickOnText('Compte utilisateur', 'a')
+    await page.clickOnText('Adresse email')
     using sendUpdateEmailMock = jest
       .spyOn(network.pds.ctx.mailer, 'sendUpdateEmail')
@@ -189,13 +221,11 @@ describe('account manager', () => {
         // noop
       })
-    using sendConfirmEmailMock = jest
-      .spyOn(network.pds.ctx.mailer, 'sendConfirmEmail')
-      .mockImplementation(async () => {
-        // noop
-      })
-    await page.clickOnText('Envoyer le code', 'button')
+    const emailInput = await page.typeInInput(
+      'email',
+      'bob-new-email@example.com',
+    )
+    emailInput.press('Enter')
     await page.waitForNetworkIdle()
@@ -207,26 +237,69 @@ describe('account manager', () => {
       token: expect.any(String),
     })
-    await page.typeInInput('code', updateParams.token)
-    await page.typeInInput('email', 'bob-new-email@example.com')
-    await page.clickOnText('Soumettre')
+    const codeInput = await page.typeInInput('code', updateParams.token)
+    codeInput.press('Enter')
+    await page.ensureNotification("Modification de l'adresse email réussie")
-    await page.ensureTextVisibility(
-      "Modification de l'adresse email réussie",
-      'div',
+    // The email needs to be verified again
+    await page.ensureTextVisibility('Votre adresse email doit être vérifiée.')
+  })
+  it('allows signing out & signing back in', async () => {
+    await using page = await PageHelper.from(browser, { languages })
+    await page.goto(new URL('/account', network.pds.url))
+    await page.assertTitle('Mon compte Atmosphère')
+    await page.clickOnAriaLabel(`Sélecteur de compte`)
+    await page.clickOnText('Se déconnecter')
+    await page.assertTitle(`Se connecter`)
+    await page.clickOnText('Se connecter')
+    await page.clickOnText('Se souvenir de ce compte sur cet appareil', 'label')
+    await page.typeInInput('username', 'bob-new-email@example.com')
+    const input = await page.typeInInput('password', 'bob-new-pass')
+    input.press('Enter')
+    await page.ensureTextVisibility('bob-renamed.test', 'span')
+  })
+  it('does not ask for a token when changing a non-verified email', async () => {
+    await using page = await PageHelper.from(browser, { languages })
+    await page.goto(new URL('/account', network.pds.url))
+    await page.assertTitle('Mon compte Atmosphère')
+    await page.clickOnText('Compte utilisateur', 'a')
+    await page.clickOnText('Adresse email')
+    using sendUpdateEmailMock = jest
+      .spyOn(network.pds.ctx.mailer, 'sendUpdateEmail')
+      .mockImplementation(async () => {
+        // noop
+      })
+    const emailInput = await page.typeInInput(
+      'email',
+      'bob-new-email@example.com',
     )
+    emailInput.press('Enter')
-    expect(sendConfirmEmailMock).toHaveBeenCalledTimes(1)
+    await page.waitForNetworkIdle()
-    const [confirmParams] = sendConfirmEmailMock.mock.lastCall!
-    expect(confirmParams).toEqual({
-      locale: 'fr',
-      token: expect.any(String),
-    })
+    expect(sendUpdateEmailMock).not.toHaveBeenCalled()
+    await page.clickOnText('Plus tard')
-    await page.typeInInput('code', confirmParams.token)
-    await page.clickOnText('Soumettre')
+    await page.ensureNotification("Modification de l'adresse email réussie")
-    await page.ensureTextVisibility('Adresse email vérifiée', 'div')
+    // The email needs to be verified again
+    await page.ensureTextVisibility('Votre adresse email doit être vérifiée.')
   })
 })

package/tests/oauth.test.ts CHANGED Viewed

@@ -25,7 +25,7 @@ describe('oauth', () => {
       // For debugging:
       // headless: false,
       // devtools: true,
-      // slowMo: 250,
+      // slowMo: 25,
     })
     network = await TestNetworkNoAppView.create({
@@ -71,7 +71,7 @@ describe('oauth', () => {
     await page.navigationClick(`Sign up with ${new URL(network.pds.url).host}`)
-    await page.assertTitle("S'inscrire")
+    await page.assertTitle('Inscription')
     await page.typeInInput('handle', 'bob')
@@ -80,10 +80,10 @@ describe('oauth', () => {
     await page.typeInInput('email', 'bob@test.com')
     await page.typeInInput('password', 'bob-pass')
-    await page.clickOnText("S'inscrire")
+    await page.clickOnText('Inscription')
     await page.ensureTextVisibility(
-      `L'application demande un contrôle total sur votre identité, ce qui signifie qu'elle pourrait casser de façon permanente, ou même usurper, votre compte. N'authorisez l'accès qu'aux applications auxquelles vous faites vraiment confiance.`,
+      `L'application demande un contrôle total sur votre identité, ce qui signifie qu'elle pourrait casser de façon permanente, ou même usurper, votre compte. N'autorisez l'accès qu'aux applications auxquelles vous faites vraiment confiance.`,
     )
     // Make sure the new account is propagated to the PLC directory, allowing
@@ -112,7 +112,7 @@ describe('oauth', () => {
     await page.navigationClick(`Login with ${new URL(network.pds.url).host}`)
-    await page.assertTitle("S'identifier")
+    await page.assertTitle('Se connecter')
     // Cancel the OAuth flow:
     await page.navigationClick('Annuler')