customer-registration 0.0.126 → 0.0.127

package/.medusa/server/src/api/auth/customer/emailotp/__tests__/send-route.test.js

@@ -0,0 +1,151 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@medusajs/framework/utils");
+const vitest_1 = require("vitest");
+const config_1 = require("../../../../../config");
+const send_email_auth_otp_workflow_1 = __importDefault(require("../../../../../workflows/send-email-auth-otp-workflow"));
+const email_auth_helpers_1 = require("../shared/email-auth-helpers");
+const route_1 = require("../send/route");
+vitest_1.vi.mock("../../../../../config", async (importOriginal) => {
+    const actual = await importOriginal();
+    return {
+        ...actual,
+        resolveCustomerRegistrationOptions: vitest_1.vi.fn(),
+        isEmailOtpAuthEnabled: vitest_1.vi.fn(),
+    };
+});
+vitest_1.vi.mock("../shared/email-auth-helpers", () => ({
+    lookupCustomerByEmail: vitest_1.vi.fn(),
+    normalizeAuthEmail: (email) => email.toLowerCase().trim(),
+}));
+vitest_1.vi.mock("../../../../../workflows/send-email-auth-otp-workflow", () => ({
+    default: vitest_1.vi.fn(),
+}));
+const mockedResolveOptions = vitest_1.vi.mocked(config_1.resolveCustomerRegistrationOptions);
+const mockedIsOtpEnabled = vitest_1.vi.mocked(config_1.isEmailOtpAuthEnabled);
+const mockedLookupCustomer = vitest_1.vi.mocked(email_auth_helpers_1.lookupCustomerByEmail);
+const mockedWorkflow = vitest_1.vi.mocked(send_email_auth_otp_workflow_1.default);
+(0, vitest_1.describe)("POST /auth/customer/emailotp/send table-driven tests", () => {
+    (0, vitest_1.beforeEach)(() => {
+        vitest_1.vi.clearAllMocks();
+        mockedResolveOptions.mockReturnValue({
+            ...(0, config_1.resolveCustomerRegistrationOptions)(undefined),
+            auth: {
+                email: { methods: ["otp"] },
+                phone: { methods: ["password"] },
+            },
+        });
+        mockedIsOtpEnabled.mockImplementation((opts) => opts.auth.email.methods.includes("otp"));
+        mockedWorkflow.mockReturnValue({
+            run: vitest_1.vi.fn().mockResolvedValue({
+                result: {
+                    token: "otp_token",
+                    expires_at: new Date("2025-06-03T12:00:00.000Z"),
+                },
+            }),
+        });
+    });
+    const cases = [
+        {
+            title: "rejects when OTP auth is disabled",
+            body: { email: "user@example.com" },
+            otpEnabled: false,
+            customer: null,
+            pendingDeletion: false,
+            shouldThrow: true,
+            errorType: utils_1.MedusaError.Types.NOT_ALLOWED,
+        },
+        {
+            title: "rejects invalid email format",
+            body: { email: "bad" },
+            otpEnabled: true,
+            customer: null,
+            pendingDeletion: false,
+            shouldThrow: true,
+            errorType: utils_1.MedusaError.Types.INVALID_DATA,
+        },
+        {
+            title: "blocks when pending account deletion",
+            body: { email: "user@example.com" },
+            otpEnabled: true,
+            customer: {
+                id: "cus_1",
+                email: "user@example.com",
+                has_account: true,
+                first_name: "A",
+                last_name: null,
+            },
+            pendingDeletion: true,
+            shouldThrow: true,
+            errorType: utils_1.MedusaError.Types.NOT_ALLOWED,
+        },
+        {
+            title: "returns token for new user",
+            body: { email: "new@example.com" },
+            otpEnabled: true,
+            customer: null,
+            pendingDeletion: false,
+            shouldThrow: false,
+            expectedStatus: 200,
+            expectedJson: {
+                token: "otp_token",
+                expires_at: new Date("2025-06-03T12:00:00.000Z"),
+                is_new_user: true,
+            },
+        },
+        {
+            title: "returns is_new_user false for existing account",
+            body: { email: "existing@example.com" },
+            otpEnabled: true,
+            customer: {
+                id: "cus_2",
+                email: "existing@example.com",
+                has_account: true,
+                first_name: "E",
+                last_name: "X",
+            },
+            pendingDeletion: false,
+            shouldThrow: false,
+            expectedStatus: 200,
+            expectedJson: {
+                token: "otp_token",
+                expires_at: new Date("2025-06-03T12:00:00.000Z"),
+                is_new_user: false,
+            },
+        },
+    ];
+    vitest_1.test.each(cases)("$title", async ({ body, otpEnabled, customer, pendingDeletion, shouldThrow, errorType, expectedStatus, expectedJson, }) => {
+        mockedIsOtpEnabled.mockReturnValue(otpEnabled);
+        mockedLookupCustomer.mockResolvedValue(customer);
+        const hasPendingRequest = vitest_1.vi.fn().mockResolvedValue(pendingDeletion);
+        const req = {
+            body,
+            scope: {
+                resolve: (token) => {
+                    if (token === utils_1.ContainerRegistrationKeys.CONFIG_MODULE) {
+                        return {};
+                    }
+                    if (String(token).includes("account_deletion")) {
+                        return { hasPendingRequest };
+                    }
+                    return undefined;
+                },
+            },
+        };
+        const status = vitest_1.vi.fn().mockReturnThis();
+        const json = vitest_1.vi.fn();
+        const res = { status, json };
+        const exec = () => (0, route_1.POST)(req, res);
+        if (shouldThrow) {
+            await (0, vitest_1.expect)(exec()).rejects.toMatchObject({ type: errorType });
+            return;
+        }
+        await exec();
+        (0, vitest_1.expect)(status).toHaveBeenCalledWith(expectedStatus);
+        (0, vitest_1.expect)(json).toHaveBeenCalledWith(expectedJson);
+    });
+});
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VuZC1yb3V0ZS50ZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vc3JjL2FwaS9hdXRoL2N1c3RvbWVyL2VtYWlsb3RwL19fdGVzdHNfXy9zZW5kLXJvdXRlLnRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFDQSxxREFBa0Y7QUFDbEYsbUNBQStEO0FBQy9ELGtEQUFpRztBQUNqRyx5SEFBNEY7QUFDNUYscUVBQW9FO0FBQ3BFLHlDQUFvQztBQUVwQyxXQUFFLENBQUMsSUFBSSxDQUFDLHVCQUF1QixFQUFFLEtBQUssRUFBRSxjQUFjLEVBQUUsRUFBRTtJQUN4RCxNQUFNLE1BQU0sR0FBRyxNQUFNLGNBQWMsRUFBMEMsQ0FBQTtJQUM3RSxPQUFPO1FBQ0wsR0FBRyxNQUFNO1FBQ1Qsa0NBQWtDLEVBQUUsV0FBRSxDQUFDLEVBQUUsRUFBRTtRQUMzQyxxQkFBcUIsRUFBRSxXQUFFLENBQUMsRUFBRSxFQUFFO0tBQy9CLENBQUE7QUFDSCxDQUFDLENBQUMsQ0FBQTtBQUVGLFdBQUUsQ0FBQyxJQUFJLENBQUMsOEJBQThCLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQztJQUM3QyxxQkFBcUIsRUFBRSxXQUFFLENBQUMsRUFBRSxFQUFFO0lBQzlCLGtCQUFrQixFQUFFLENBQUMsS0FBYSxFQUFFLEVBQUUsQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUMsSUFBSSxFQUFFO0NBQ2xFLENBQUMsQ0FBQyxDQUFBO0FBRUgsV0FBRSxDQUFDLElBQUksQ0FBQyx1REFBdUQsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ3RFLE9BQU8sRUFBRSxXQUFFLENBQUMsRUFBRSxFQUFFO0NBQ2pCLENBQUMsQ0FBQyxDQUFBO0FBRUgsTUFBTSxvQkFBb0IsR0FBRyxXQUFFLENBQUMsTUFBTSxDQUFDLDJDQUFrQyxDQUFDLENBQUE7QUFDMUUsTUFBTSxrQkFBa0IsR0FBRyxXQUFFLENBQUMsTUFBTSxDQUFDLDhCQUFxQixDQUFDLENBQUE7QUFDM0QsTUFBTSxvQkFBb0IsR0FBRyxXQUFFLENBQUMsTUFBTSxDQUFDLDBDQUFxQixDQUFDLENBQUE7QUFDN0QsTUFBTSxjQUFjLEdBQUcsV0FBRSxDQUFDLE1BQU0sQ0FBQyxzQ0FBd0IsQ0FBQyxDQUFBO0FBZTFELElBQUEsaUJBQVEsRUFBQyxzREFBc0QsRUFBRSxHQUFHLEVBQUU7SUFDcEUsSUFBQSxtQkFBVSxFQUFDLEdBQUcsRUFBRTtRQUNkLFdBQUUsQ0FBQyxhQUFhLEVBQUUsQ0FBQTtRQUNsQixvQkFBb0IsQ0FBQyxlQUFlLENBQUM7WUFDbkMsR0FBRyxJQUFBLDJDQUFrQyxFQUFDLFNBQVMsQ0FBQztZQUNoRCxJQUFJLEVBQUU7Z0JBQ0osS0FBSyxFQUFFLEVBQUUsT0FBTyxFQUFFLENBQUMsS0FBSyxDQUFDLEVBQUU7Z0JBQzNCLEtBQUssRUFBRSxFQUFFLE9BQU8sRUFBRSxDQUFDLFVBQVUsQ0FBQyxFQUFFO2FBQ2pDO1NBQ0YsQ0FBQyxDQUFBO1FBQ0Ysa0JBQWtCLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUM3QyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUN4QyxDQUFBO1FBQ0QsY0FBYyxDQUFDLGVBQWUsQ0FBQztZQUM3QixHQUFHLEVBQUUsV0FBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDO2dCQUM3QixNQUFNLEVBQUU7b0JBQ04sS0FBSyxFQUFFLFdBQVc7b0JBQ2xCLFVBQVUsRUFBRSxJQUFJLElBQUksQ0FBQywwQkFBMEIsQ0FBQztpQkFDakQ7YUFDRixDQUFDO1NBQ3VELENBQUMsQ0FBQTtJQUM5RCxDQUFDLENBQUMsQ0FBQTtJQUVGLE1BQU0sS0FBSyxHQUF3QjtRQUNqQztZQUNFLEtBQUssRUFBRSxtQ0FBbUM7WUFDMUMsSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLGtCQUFrQixFQUFFO1lBQ25DLFVBQVUsRUFBRSxLQUFLO1lBQ2pCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsZUFBZSxFQUFFLEtBQUs7WUFDdEIsV0FBVyxFQUFFLElBQUk7WUFDakIsU0FBUyxFQUFFLG1CQUFXLENBQUMsS0FBSyxDQUFDLFdBQVc7U0FDekM7UUFDRDtZQUNFLEtBQUssRUFBRSw4QkFBOEI7WUFDckMsSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRTtZQUN0QixVQUFVLEVBQUUsSUFBSTtZQUNoQixRQUFRLEVBQUUsSUFBSTtZQUNkLGVBQWUsRUFBRSxLQUFLO1lBQ3RCLFdBQVcsRUFBRSxJQUFJO1lBQ2pCLFNBQVMsRUFBRSxtQkFBVyxDQUFDLEtBQUssQ0FBQyxZQUFZO1NBQzFDO1FBQ0Q7WUFDRSxLQUFLLEVBQUUsc0NBQXNDO1lBQzdDLElBQUksRUFBRSxFQUFFLEtBQUssRUFBRSxrQkFBa0IsRUFBRTtZQUNuQyxVQUFVLEVBQUUsSUFBSTtZQUNoQixRQUFRLEVBQUU7Z0JBQ1IsRUFBRSxFQUFFLE9BQU87Z0JBQ1gsS0FBSyxFQUFFLGtCQUFrQjtnQkFDekIsV0FBVyxFQUFFLElBQUk7Z0JBQ2pCLFVBQVUsRUFBRSxHQUFHO2dCQUNmLFNBQVMsRUFBRSxJQUFJO2FBQ2hCO1lBQ0QsZUFBZSxFQUFFLElBQUk7WUFDckIsV0FBVyxFQUFFLElBQUk7WUFDakIsU0FBUyxFQUFFLG1CQUFXLENBQUMsS0FBSyxDQUFDLFdBQVc7U0FDekM7UUFDRDtZQUNFLEtBQUssRUFBRSw0QkFBNEI7WUFDbkMsSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLGlCQUFpQixFQUFFO1lBQ2xDLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsZUFBZSxFQUFFLEtBQUs7WUFDdEIsV0FBVyxFQUFFLEtBQUs7WUFDbEIsY0FBYyxFQUFFLEdBQUc7WUFDbkIsWUFBWSxFQUFFO2dCQUNaLEtBQUssRUFBRSxXQUFXO2dCQUNsQixVQUFVLEVBQUUsSUFBSSxJQUFJLENBQUMsMEJBQTBCLENBQUM7Z0JBQ2hELFdBQVcsRUFBRSxJQUFJO2FBQ2xCO1NBQ0Y7UUFDRDtZQUNFLEtBQUssRUFBRSxnREFBZ0Q7WUFDdkQsSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLHNCQUFzQixFQUFFO1lBQ3ZDLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLFFBQVEsRUFBRTtnQkFDUixFQUFFLEVBQUUsT0FBTztnQkFDWCxLQUFLLEVBQUUsc0JBQXNCO2dCQUM3QixXQUFXLEVBQUUsSUFBSTtnQkFDakIsVUFBVSxFQUFFLEdBQUc7Z0JBQ2YsU0FBUyxFQUFFLEdBQUc7YUFDZjtZQUNELGVBQWUsRUFBRSxLQUFLO1lBQ3RCLFdBQVcsRUFBRSxLQUFLO1lBQ2xCLGNBQWMsRUFBRSxHQUFHO1lBQ25CLFlBQVksRUFBRTtnQkFDWixLQUFLLEVBQUUsV0FBVztnQkFDbEIsVUFBVSxFQUFFLElBQUksSUFBSSxDQUFDLDBCQUEwQixDQUFDO2dCQUNoRCxXQUFXLEVBQUUsS0FBSzthQUNuQjtTQUNGO0tBQ0YsQ0FBQTtJQUVELGFBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQ2QsUUFBUSxFQUNSLEtBQUssRUFBRSxFQUNMLElBQUksRUFDSixVQUFVLEVBQ1YsUUFBUSxFQUNSLGVBQWUsRUFDZixXQUFXLEVBQ1gsU0FBUyxFQUNULGNBQWMsRUFDZCxZQUFZLEdBQ2IsRUFBRSxFQUFFO1FBQ0gsa0JBQWtCLENBQUMsZUFBZSxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBQzlDLG9CQUFvQixDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxDQUFBO1FBRWhELE1BQU0saUJBQWlCLEdBQUcsV0FBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFBO1FBRXBFLE1BQU0sR0FBRyxHQUFHO1lBQ1YsSUFBSTtZQUNKLEtBQUssRUFBRTtnQkFDTCxPQUFPLEVBQUUsQ0FBQyxLQUFjLEVBQUUsRUFBRTtvQkFDMUIsSUFBSSxLQUFLLEtBQUssaUNBQXlCLENBQUMsYUFBYSxFQUFFLENBQUM7d0JBQ3RELE9BQU8sRUFBRSxDQUFBO29CQUNYLENBQUM7b0JBQ0QsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsUUFBUSxDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FBQzt3QkFDL0MsT0FBTyxFQUFFLGlCQUFpQixFQUFFLENBQUE7b0JBQzlCLENBQUM7b0JBQ0QsT0FBTyxTQUFTLENBQUE7Z0JBQ2xCLENBQUM7YUFDRjtTQUN1QyxDQUFBO1FBRTFDLE1BQU0sTUFBTSxHQUFHLFdBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxjQUFjLEVBQUUsQ0FBQTtRQUN2QyxNQUFNLElBQUksR0FBRyxXQUFFLENBQUMsRUFBRSxFQUFFLENBQUE7UUFDcEIsTUFBTSxHQUFHLEdBQUcsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUErQixDQUFBO1FBRXpELE1BQU0sSUFBSSxHQUFHLEdBQUcsRUFBRSxDQUFDLElBQUEsWUFBSSxFQUFDLEdBQUcsRUFBRSxHQUFHLENBQUMsQ0FBQTtRQUVqQyxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQ2hCLE1BQU0sSUFBQSxlQUFNLEVBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUE7WUFDL0QsT0FBTTtRQUNSLENBQUM7UUFFRCxNQUFNLElBQUksRUFBRSxDQUFBO1FBRVosSUFBQSxlQUFNLEVBQUMsTUFBTSxDQUFDLENBQUMsb0JBQW9CLENBQUMsY0FBYyxDQUFDLENBQUE7UUFDbkQsSUFBQSxlQUFNLEVBQUMsSUFBSSxDQUFDLENBQUMsb0JBQW9CLENBQUMsWUFBWSxDQUFDLENBQUE7SUFDakQsQ0FBQyxDQUNGLENBQUE7QUFDSCxDQUFDLENBQUMsQ0FBQSJ9

package/.medusa/server/src/api/auth/customer/emailotp/__tests__/verify-route.test.js

@@ -0,0 +1,171 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@medusajs/framework/utils");
+const vitest_1 = require("vitest");
+const config_1 = require("../../../../../config");
+const otp_verification_1 = require("../../../../../modules/otp-verification/models/otp-verification");
+const otp_verification_2 = require("../../../../../modules/otp-verification");
+const verify_email_auth_otp_workflow_1 = __importDefault(require("../../../../../workflows/verify-email-auth-otp-workflow"));
+const complete_customer_login_1 = require("../../shared/complete-customer-login");
+const route_1 = require("../verify/route");
+vitest_1.vi.mock("../../../../../config", async (importOriginal) => {
+    const actual = await importOriginal();
+    return {
+        ...actual,
+        resolveCustomerRegistrationOptions: vitest_1.vi.fn(),
+        isEmailOtpAuthEnabled: vitest_1.vi.fn(),
+    };
+});
+vitest_1.vi.mock("../../../../../workflows/verify-email-auth-otp-workflow", () => ({
+    default: vitest_1.vi.fn(),
+}));
+vitest_1.vi.mock("../../shared/complete-customer-login", () => ({
+    issueCustomerJwtToken: vitest_1.vi.fn(),
+}));
+vitest_1.vi.mock("../../../../store/customers/shared/referral-code", () => ({
+    assertReferralCodeReferrerExists: vitest_1.vi.fn().mockResolvedValue(undefined),
+    maybeCreateReferralLinkFromRequest: vitest_1.vi.fn().mockResolvedValue(undefined),
+}));
+const mockedIsOtpEnabled = vitest_1.vi.mocked(config_1.isEmailOtpAuthEnabled);
+const mockedWorkflow = vitest_1.vi.mocked(verify_email_auth_otp_workflow_1.default);
+const mockedIssueJwt = vitest_1.vi.mocked(complete_customer_login_1.issueCustomerJwtToken);
+(0, vitest_1.describe)("POST /auth/customer/emailotp/verify table-driven tests", () => {
+    (0, vitest_1.beforeEach)(() => {
+        vitest_1.vi.clearAllMocks();
+        mockedIsOtpEnabled.mockReturnValue(true);
+        mockedIssueJwt.mockResolvedValue("customer_jwt");
+        mockedWorkflow.mockReturnValue({
+            run: vitest_1.vi.fn().mockResolvedValue({
+                result: {
+                    customer: { id: "cus_new", email: "new@example.com" },
+                    auth_identity: { id: "auth_1" },
+                    is_new_user: true,
+                },
+            }),
+        });
+    });
+    const cases = [
+        {
+            title: "rejects when OTP auth is disabled",
+            body: { token: "t", code: "123456" },
+            otpEnabled: false,
+            shouldThrow: true,
+            errorType: utils_1.MedusaError.Types.NOT_ALLOWED,
+        },
+        {
+            title: "requires token",
+            body: { code: "123456" },
+            otpEnabled: true,
+            shouldThrow: true,
+            errorType: utils_1.MedusaError.Types.INVALID_DATA,
+        },
+        {
+            title: "requires code",
+            body: { token: "t" },
+            otpEnabled: true,
+            shouldThrow: true,
+            errorType: utils_1.MedusaError.Types.INVALID_DATA,
+        },
+        {
+            title: "rejects invalid OTP",
+            body: { token: "t", code: "000000" },
+            otpEnabled: true,
+            verifyOtpThrows: new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "Invalid OTP code"),
+            shouldThrow: true,
+            errorType: utils_1.MedusaError.Types.INVALID_DATA,
+        },
+        {
+            title: "returns JWT and customer for new user",
+            body: {
+                token: "t",
+                code: "123456",
+                first_name: "New",
+                referral_code: "cus_ref",
+            },
+            otpEnabled: true,
+            verifyOtpResult: {
+                verified: true,
+                email: "new@example.com",
+                customer_id: null,
+                type: otp_verification_1.OtpPurpose.EMAIL_AUTH,
+            },
+            workflowResult: {
+                customer: { id: "cus_new", email: "new@example.com", first_name: "New" },
+                auth_identity: { id: "auth_1" },
+                is_new_user: true,
+            },
+            shouldThrow: false,
+            expectedStatus: 200,
+            expectedJson: {
+                token: "customer_jwt",
+                customer: { id: "cus_new", email: "new@example.com", first_name: "New" },
+                is_new_user: true,
+            },
+        },
+        {
+            title: "returns JWT for existing password user login",
+            body: { token: "t", code: "123456" },
+            otpEnabled: true,
+            verifyOtpResult: {
+                verified: true,
+                email: "existing@example.com",
+                customer_id: "cus_existing",
+                type: otp_verification_1.OtpPurpose.EMAIL_AUTH,
+            },
+            workflowResult: {
+                customer: { id: "cus_existing", email: "existing@example.com" },
+                auth_identity: { id: "auth_existing" },
+                is_new_user: false,
+            },
+            shouldThrow: false,
+            expectedStatus: 200,
+            expectedJson: {
+                token: "customer_jwt",
+                customer: { id: "cus_existing", email: "existing@example.com" },
+                is_new_user: false,
+            },
+        },
+    ];
+    vitest_1.test.each(cases)("$title", async ({ body, otpEnabled, verifyOtpResult, verifyOtpThrows, workflowResult, shouldThrow, errorType, expectedStatus, expectedJson, }) => {
+        mockedIsOtpEnabled.mockReturnValue(otpEnabled);
+        const verifyEmailAuthOtp = verifyOtpThrows
+            ? vitest_1.vi.fn().mockRejectedValue(verifyOtpThrows)
+            : vitest_1.vi.fn().mockResolvedValue(verifyOtpResult);
+        if (workflowResult) {
+            mockedWorkflow.mockReturnValue({
+                run: vitest_1.vi.fn().mockResolvedValue({ result: workflowResult }),
+            });
+        }
+        const req = {
+            body,
+            scope: {
+                resolve: (token) => {
+                    if (token === utils_1.ContainerRegistrationKeys.CONFIG_MODULE) {
+                        return {
+                            projectConfig: { http: { jwtSecret: "secret", jwtExpiresIn: "7d" } },
+                        };
+                    }
+                    if (token === otp_verification_2.OTP_VERIFICATION_MODULE) {
+                        return { verifyEmailAuthOtp };
+                    }
+                    return undefined;
+                },
+            },
+        };
+        const status = vitest_1.vi.fn().mockReturnThis();
+        const json = vitest_1.vi.fn();
+        const res = { status, json };
+        const exec = () => (0, route_1.POST)(req, res);
+        if (shouldThrow) {
+            await (0, vitest_1.expect)(exec()).rejects.toMatchObject({ type: errorType });
+            return;
+        }
+        await exec();
+        (0, vitest_1.expect)(status).toHaveBeenCalledWith(expectedStatus);
+        (0, vitest_1.expect)(json).toHaveBeenCalledWith(expectedJson);
+    });
+});
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyaWZ5LXJvdXRlLnRlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL2F1dGgvY3VzdG9tZXIvZW1haWxvdHAvX190ZXN0c19fL3ZlcmlmeS1yb3V0ZS50ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQ0EscURBQWtGO0FBQ2xGLG1DQUErRDtBQUMvRCxrREFBaUc7QUFDakcsc0dBQTRGO0FBQzVGLDhFQUFpRjtBQUNqRiw2SEFBZ0c7QUFDaEcsa0ZBQTRFO0FBQzVFLDJDQUFzQztBQUV0QyxXQUFFLENBQUMsSUFBSSxDQUFDLHVCQUF1QixFQUFFLEtBQUssRUFBRSxjQUFjLEVBQUUsRUFBRTtJQUN4RCxNQUFNLE1BQU0sR0FBRyxNQUFNLGNBQWMsRUFBMEMsQ0FBQTtJQUM3RSxPQUFPO1FBQ0wsR0FBRyxNQUFNO1FBQ1Qsa0NBQWtDLEVBQUUsV0FBRSxDQUFDLEVBQUUsRUFBRTtRQUMzQyxxQkFBcUIsRUFBRSxXQUFFLENBQUMsRUFBRSxFQUFFO0tBQy9CLENBQUE7QUFDSCxDQUFDLENBQUMsQ0FBQTtBQUVGLFdBQUUsQ0FBQyxJQUFJLENBQUMseURBQXlELEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQztJQUN4RSxPQUFPLEVBQUUsV0FBRSxDQUFDLEVBQUUsRUFBRTtDQUNqQixDQUFDLENBQUMsQ0FBQTtBQUVILFdBQUUsQ0FBQyxJQUFJLENBQUMsc0NBQXNDLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQztJQUNyRCxxQkFBcUIsRUFBRSxXQUFFLENBQUMsRUFBRSxFQUFFO0NBQy9CLENBQUMsQ0FBQyxDQUFBO0FBRUgsV0FBRSxDQUFDLElBQUksQ0FBQyxrREFBa0QsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ2pFLGdDQUFnQyxFQUFFLFdBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTLENBQUM7SUFDdEUsa0NBQWtDLEVBQUUsV0FBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLFNBQVMsQ0FBQztDQUN6RSxDQUFDLENBQUMsQ0FBQTtBQUVILE1BQU0sa0JBQWtCLEdBQUcsV0FBRSxDQUFDLE1BQU0sQ0FBQyw4QkFBcUIsQ0FBQyxDQUFBO0FBQzNELE1BQU0sY0FBYyxHQUFHLFdBQUUsQ0FBQyxNQUFNLENBQUMsd0NBQTBCLENBQUMsQ0FBQTtBQUM1RCxNQUFNLGNBQWMsR0FBRyxXQUFFLENBQUMsTUFBTSxDQUFDLCtDQUFxQixDQUFDLENBQUE7QUF3QnZELElBQUEsaUJBQVEsRUFBQyx3REFBd0QsRUFBRSxHQUFHLEVBQUU7SUFDdEUsSUFBQSxtQkFBVSxFQUFDLEdBQUcsRUFBRTtRQUNkLFdBQUUsQ0FBQyxhQUFhLEVBQUUsQ0FBQTtRQUNsQixrQkFBa0IsQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLENBQUE7UUFDeEMsY0FBYyxDQUFDLGlCQUFpQixDQUFDLGNBQWMsQ0FBQyxDQUFBO1FBQ2hELGNBQWMsQ0FBQyxlQUFlLENBQUM7WUFDN0IsR0FBRyxFQUFFLFdBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQztnQkFDN0IsTUFBTSxFQUFFO29CQUNOLFFBQVEsRUFBRSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLGlCQUFpQixFQUFFO29CQUNyRCxhQUFhLEVBQUUsRUFBRSxFQUFFLEVBQUUsUUFBUSxFQUFFO29CQUMvQixXQUFXLEVBQUUsSUFBSTtpQkFDbEI7YUFDRixDQUFDO1NBQ3lELENBQUMsQ0FBQTtJQUNoRSxDQUFDLENBQUMsQ0FBQTtJQUVGLE1BQU0sS0FBSyxHQUEwQjtRQUNuQztZQUNFLEtBQUssRUFBRSxtQ0FBbUM7WUFDMUMsSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLEdBQUcsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFO1lBQ3BDLFVBQVUsRUFBRSxLQUFLO1lBQ2pCLFdBQVcsRUFBRSxJQUFJO1lBQ2pCLFNBQVMsRUFBRSxtQkFBVyxDQUFDLEtBQUssQ0FBQyxXQUFXO1NBQ3pDO1FBQ0Q7WUFDRSxLQUFLLEVBQUUsZ0JBQWdCO1lBQ3ZCLElBQUksRUFBRSxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDeEIsVUFBVSxFQUFFLElBQUk7WUFDaEIsV0FBVyxFQUFFLElBQUk7WUFDakIsU0FBUyxFQUFFLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVk7U0FDMUM7UUFDRDtZQUNFLEtBQUssRUFBRSxlQUFlO1lBQ3RCLElBQUksRUFBRSxFQUFFLEtBQUssRUFBRSxHQUFHLEVBQUU7WUFDcEIsVUFBVSxFQUFFLElBQUk7WUFDaEIsV0FBVyxFQUFFLElBQUk7WUFDakIsU0FBUyxFQUFFLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVk7U0FDMUM7UUFDRDtZQUNFLEtBQUssRUFBRSxxQkFBcUI7WUFDNUIsSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLEdBQUcsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFO1lBQ3BDLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLGVBQWUsRUFBRSxJQUFJLG1CQUFXLENBQzlCLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVksRUFDOUIsa0JBQWtCLENBQ25CO1lBQ0QsV0FBVyxFQUFFLElBQUk7WUFDakIsU0FBUyxFQUFFLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVk7U0FDMUM7UUFDRDtZQUNFLEtBQUssRUFBRSx1Q0FBdUM7WUFDOUMsSUFBSSxFQUFFO2dCQUNKLEtBQUssRUFBRSxHQUFHO2dCQUNWLElBQUksRUFBRSxRQUFRO2dCQUNkLFVBQVUsRUFBRSxLQUFLO2dCQUNqQixhQUFhLEVBQUUsU0FBUzthQUN6QjtZQUNELFVBQVUsRUFBRSxJQUFJO1lBQ2hCLGVBQWUsRUFBRTtnQkFDZixRQUFRLEVBQUUsSUFBSTtnQkFDZCxLQUFLLEVBQUUsaUJBQWlCO2dCQUN4QixXQUFXLEVBQUUsSUFBSTtnQkFDakIsSUFBSSxFQUFFLDZCQUFVLENBQUMsVUFBVTthQUM1QjtZQUNELGNBQWMsRUFBRTtnQkFDZCxRQUFRLEVBQUUsRUFBRSxFQUFFLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFO2dCQUN4RSxhQUFhLEVBQUUsRUFBRSxFQUFFLEVBQUUsUUFBUSxFQUFFO2dCQUMvQixXQUFXLEVBQUUsSUFBSTthQUNsQjtZQUNELFdBQVcsRUFBRSxLQUFLO1lBQ2xCLGNBQWMsRUFBRSxHQUFHO1lBQ25CLFlBQVksRUFBRTtnQkFDWixLQUFLLEVBQUUsY0FBYztnQkFDckIsUUFBUSxFQUFFLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsaUJBQWlCLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRTtnQkFDeEUsV0FBVyxFQUFFLElBQUk7YUFDbEI7U0FDRjtRQUNEO1lBQ0UsS0FBSyxFQUFFLDhDQUE4QztZQUNyRCxJQUFJLEVBQUUsRUFBRSxLQUFLLEVBQUUsR0FBRyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDcEMsVUFBVSxFQUFFLElBQUk7WUFDaEIsZUFBZSxFQUFFO2dCQUNmLFFBQVEsRUFBRSxJQUFJO2dCQUNkLEtBQUssRUFBRSxzQkFBc0I7Z0JBQzdCLFdBQVcsRUFBRSxjQUFjO2dCQUMzQixJQUFJLEVBQUUsNkJBQVUsQ0FBQyxVQUFVO2FBQzVCO1lBQ0QsY0FBYyxFQUFFO2dCQUNkLFFBQVEsRUFBRSxFQUFFLEVBQUUsRUFBRSxjQUFjLEVBQUUsS0FBSyxFQUFFLHNCQUFzQixFQUFFO2dCQUMvRCxhQUFhLEVBQUUsRUFBRSxFQUFFLEVBQUUsZUFBZSxFQUFFO2dCQUN0QyxXQUFXLEVBQUUsS0FBSzthQUNuQjtZQUNELFdBQVcsRUFBRSxLQUFLO1lBQ2xCLGNBQWMsRUFBRSxHQUFHO1lBQ25CLFlBQVksRUFBRTtnQkFDWixLQUFLLEVBQUUsY0FBYztnQkFDckIsUUFBUSxFQUFFLEVBQUUsRUFBRSxFQUFFLGNBQWMsRUFBRSxLQUFLLEVBQUUsc0JBQXNCLEVBQUU7Z0JBQy9ELFdBQVcsRUFBRSxLQUFLO2FBQ25CO1NBQ0Y7S0FDRixDQUFBO0lBRUQsYUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FDZCxRQUFRLEVBQ1IsS0FBSyxFQUFFLEVBQ0wsSUFBSSxFQUNKLFVBQVUsRUFDVixlQUFlLEVBQ2YsZUFBZSxFQUNmLGNBQWMsRUFDZCxXQUFXLEVBQ1gsU0FBUyxFQUNULGNBQWMsRUFDZCxZQUFZLEdBQ2IsRUFBRSxFQUFFO1FBQ0gsa0JBQWtCLENBQUMsZUFBZSxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBRTlDLE1BQU0sa0JBQWtCLEdBQUcsZUFBZTtZQUN4QyxDQUFDLENBQUMsV0FBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQztZQUM1QyxDQUFDLENBQUMsV0FBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFBO1FBRTlDLElBQUksY0FBYyxFQUFFLENBQUM7WUFDbkIsY0FBYyxDQUFDLGVBQWUsQ0FBQztnQkFDN0IsR0FBRyxFQUFFLFdBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLE1BQU0sRUFBRSxjQUFjLEVBQUUsQ0FBQzthQUNDLENBQUMsQ0FBQTtRQUNoRSxDQUFDO1FBRUQsTUFBTSxHQUFHLEdBQUc7WUFDVixJQUFJO1lBQ0osS0FBSyxFQUFFO2dCQUNMLE9BQU8sRUFBRSxDQUFDLEtBQWMsRUFBRSxFQUFFO29CQUMxQixJQUFJLEtBQUssS0FBSyxpQ0FBeUIsQ0FBQyxhQUFhLEVBQUUsQ0FBQzt3QkFDdEQsT0FBTzs0QkFDTCxhQUFhLEVBQUUsRUFBRSxJQUFJLEVBQUUsRUFBRSxTQUFTLEVBQUUsUUFBUSxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsRUFBRTt5QkFDckUsQ0FBQTtvQkFDSCxDQUFDO29CQUNELElBQUksS0FBSyxLQUFLLDBDQUF1QixFQUFFLENBQUM7d0JBQ3RDLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxDQUFBO29CQUMvQixDQUFDO29CQUNELE9BQU8sU0FBUyxDQUFBO2dCQUNsQixDQUFDO2FBQ0Y7U0FDdUMsQ0FBQTtRQUUxQyxNQUFNLE1BQU0sR0FBRyxXQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsY0FBYyxFQUFFLENBQUE7UUFDdkMsTUFBTSxJQUFJLEdBQUcsV0FBRSxDQUFDLEVBQUUsRUFBRSxDQUFBO1FBQ3BCLE1BQU0sR0FBRyxHQUFHLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBK0IsQ0FBQTtRQUV6RCxNQUFNLElBQUksR0FBRyxHQUFHLEVBQUUsQ0FBQyxJQUFBLFlBQUksRUFBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUE7UUFFakMsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixNQUFNLElBQUEsZUFBTSxFQUFDLElBQUksRUFBRSxDQUFDLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFBO1lBQy9ELE9BQU07UUFDUixDQUFDO1FBRUQsTUFBTSxJQUFJLEVBQUUsQ0FBQTtRQUVaLElBQUEsZUFBTSxFQUFDLE1BQU0sQ0FBQyxDQUFDLG9CQUFvQixDQUFDLGNBQWMsQ0FBQyxDQUFBO1FBQ25ELElBQUEsZUFBTSxFQUFDLElBQUksQ0FBQyxDQUFDLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxDQUFBO0lBQ2pELENBQUMsQ0FDRixDQUFBO0FBQ0gsQ0FBQyxDQUFDLENBQUEifQ==

package/.medusa/server/src/api/auth/customer/emailotp/send/route.js

@@ -0,0 +1,51 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+const utils_1 = require("@medusajs/framework/utils");
+const config_1 = require("../../../../../config");
+const account_deletion_request_1 = require("../../../../../modules/account-deletion-request");
+const send_email_auth_otp_workflow_1 = __importDefault(require("../../../../../workflows/send-email-auth-otp-workflow"));
+const email_validation_1 = require("../../../../../utils/email-validation");
+const email_auth_helpers_1 = require("../shared/email-auth-helpers");
+const POST = async (req, res) => {
+    const configModule = req.scope.resolve(utils_1.ContainerRegistrationKeys.CONFIG_MODULE);
+    const options = (0, config_1.resolveCustomerRegistrationOptions)(configModule);
+    if (!(0, config_1.isEmailOtpAuthEnabled)(options)) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.NOT_ALLOWED, "Email OTP authentication is not enabled");
+    }
+    const body = req.body;
+    const rawEmail = body?.email;
+    if (!rawEmail || typeof rawEmail !== "string") {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "email is required");
+    }
+    (0, email_validation_1.validateEmailFormat)(rawEmail);
+    const email = (0, email_auth_helpers_1.normalizeAuthEmail)(rawEmail);
+    const existingCustomer = await (0, email_auth_helpers_1.lookupCustomerByEmail)(req.scope, email);
+    const isNewUser = !existingCustomer?.has_account;
+    if (existingCustomer?.id) {
+        const accountDeletionService = req.scope.resolve(account_deletion_request_1.ACCOUNT_DELETION_REQUEST_MODULE);
+        if (await accountDeletionService.hasPendingRequest(existingCustomer.id)) {
+            throw new utils_1.MedusaError(utils_1.MedusaError.Types.NOT_ALLOWED, "This account has a pending deletion request");
+        }
+    }
+    const customerName = existingCustomer?.first_name ||
+        existingCustomer?.email ||
+        email;
+    const { result } = await (0, send_email_auth_otp_workflow_1.default)(req.scope).run({
+        input: {
+            email,
+            customer_id: existingCustomer?.id ?? null,
+            customer_name: customerName,
+        },
+    });
+    return res.status(200).json({
+        token: result.token,
+        expires_at: result.expires_at,
+        is_new_user: isNewUser,
+    });
+};
+exports.POST = POST;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL2F1dGgvY3VzdG9tZXIvZW1haWxvdHAvc2VuZC9yb3V0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFDQSxxREFBa0Y7QUFDbEYsa0RBSThCO0FBQzlCLDhGQUFpRztBQUVqRyx5SEFBNEY7QUFDNUYsNEVBQTJFO0FBQzNFLHFFQUdxQztBQUU5QixNQUFNLElBQUksR0FBRyxLQUFLLEVBQUUsR0FBa0IsRUFBRSxHQUFtQixFQUFFLEVBQUU7SUFDcEUsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsYUFBYSxDQUFDLENBQUE7SUFDL0UsTUFBTSxPQUFPLEdBQUcsSUFBQSwyQ0FBa0MsRUFDaEQsWUFBaUMsQ0FDbEMsQ0FBQTtJQUVELElBQUksQ0FBQyxJQUFBLDhCQUFxQixFQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDcEMsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFDN0IseUNBQXlDLENBQzFDLENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxJQUFJLEdBQUcsR0FBRyxDQUFDLElBQTBCLENBQUE7SUFDM0MsTUFBTSxRQUFRLEdBQUcsSUFBSSxFQUFFLEtBQUssQ0FBQTtJQUU1QixJQUFJLENBQUMsUUFBUSxJQUFJLE9BQU8sUUFBUSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQzlDLE1BQU0sSUFBSSxtQkFBVyxDQUFDLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVksRUFBRSxtQkFBbUIsQ0FBQyxDQUFBO0lBQzVFLENBQUM7SUFFRCxJQUFBLHNDQUFtQixFQUFDLFFBQVEsQ0FBQyxDQUFBO0lBQzdCLE1BQU0sS0FBSyxHQUFHLElBQUEsdUNBQWtCLEVBQUMsUUFBUSxDQUFDLENBQUE7SUFFMUMsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUEsMENBQXFCLEVBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQTtJQUN0RSxNQUFNLFNBQVMsR0FBRyxDQUFDLGdCQUFnQixFQUFFLFdBQVcsQ0FBQTtJQUVoRCxJQUFJLGdCQUFnQixFQUFFLEVBQUUsRUFBRSxDQUFDO1FBQ3pCLE1BQU0sc0JBQXNCLEdBQzFCLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUNmLDBEQUErQixDQUNoQyxDQUFBO1FBQ0gsSUFBSSxNQUFNLHNCQUFzQixDQUFDLGlCQUFpQixDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDeEUsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFDN0IsNkNBQTZDLENBQzlDLENBQUE7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sWUFBWSxHQUNoQixnQkFBZ0IsRUFBRSxVQUFVO1FBQzVCLGdCQUFnQixFQUFFLEtBQUs7UUFDdkIsS0FBSyxDQUFBO0lBRVAsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBQSxzQ0FBd0IsRUFBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxDQUFDO1FBQy9ELEtBQUssRUFBRTtZQUNMLEtBQUs7WUFDTCxXQUFXLEVBQUUsZ0JBQWdCLEVBQUUsRUFBRSxJQUFJLElBQUk7WUFDekMsYUFBYSxFQUFFLFlBQVk7U0FDNUI7S0FDRixDQUFDLENBQUE7SUFFRixPQUFPLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1FBQzFCLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSztRQUNuQixVQUFVLEVBQUUsTUFBTSxDQUFDLFVBQVU7UUFDN0IsV0FBVyxFQUFFLFNBQVM7S0FDdkIsQ0FBQyxDQUFBO0FBQ0osQ0FBQyxDQUFBO0FBekRZLFFBQUEsSUFBSSxRQXlEaEIifQ==

package/.medusa/server/src/api/auth/customer/emailotp/shared/email-auth-helpers.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeAuthEmail = normalizeAuthEmail;
+exports.lookupCustomerByEmail = lookupCustomerByEmail;
+exports.findAnyAuthIdentityIdByEmail = findAnyAuthIdentityIdByEmail;
+exports.findAuthIdentityIdByEmail = findAuthIdentityIdByEmail;
+const utils_1 = require("@medusajs/framework/utils");
+function firstKnexRow(result) {
+    const fromRows = result.rows?.[0];
+    if (fromRows && typeof fromRows === "object" && !Array.isArray(fromRows)) {
+        return fromRows;
+    }
+    const batch = result[0];
+    if (Array.isArray(batch)) {
+        const first = batch[0];
+        if (first && typeof first === "object" && !Array.isArray(first)) {
+            return first;
+        }
+    }
+    return undefined;
+}
+function normalizeAuthEmail(email) {
+    return email.toLowerCase().trim();
+}
+async function lookupCustomerByEmail(scope, email) {
+    const knex = scope.resolve(utils_1.ContainerRegistrationKeys.PG_CONNECTION);
+    const normalized = normalizeAuthEmail(email);
+    const result = await knex.raw(`SELECT id, email, has_account, first_name, last_name
+     FROM customer
+     WHERE lower(email) = lower(?)
+     ORDER BY created_at DESC
+     LIMIT 1`, [normalized]);
+    const row = firstKnexRow(result);
+    if (!row?.id) {
+        return null;
+    }
+    return row;
+}
+async function findAnyAuthIdentityIdByEmail(scope, email) {
+    const knex = scope.resolve(utils_1.ContainerRegistrationKeys.PG_CONNECTION);
+    const normalized = normalizeAuthEmail(email);
+    const result = await knex.raw(`SELECT pi.auth_identity_id
+     FROM provider_identity pi
+     WHERE lower(pi.entity_id) = lower(?)
+     ORDER BY pi.created_at DESC
+     LIMIT 1`, [normalized]);
+    const row = firstKnexRow(result);
+    return row?.auth_identity_id ?? null;
+}
+async function findAuthIdentityIdByEmail(scope, email) {
+    const knex = scope.resolve(utils_1.ContainerRegistrationKeys.PG_CONNECTION);
+    const normalized = normalizeAuthEmail(email);
+    const result = await knex.raw(`SELECT pi.auth_identity_id
+     FROM provider_identity pi
+     WHERE lower(pi.entity_id) = lower(?)
+       AND pi.provider IN ('emailpass', 'emailotp')
+     ORDER BY pi.created_at DESC
+     LIMIT 1`, [normalized]);
+    const row = firstKnexRow(result);
+    return row?.auth_identity_id ?? null;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW1haWwtYXV0aC1oZWxwZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vc3JjL2FwaS9hdXRoL2N1c3RvbWVyL2VtYWlsb3RwL3NoYXJlZC9lbWFpbC1hdXRoLWhlbHBlcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUE0QkEsZ0RBRUM7QUFFRCxzREEwQkM7QUFFRCxvRUF1QkM7QUFFRCw4REF3QkM7QUE1R0QscURBQXFFO0FBVXJFLFNBQVMsWUFBWSxDQUNuQixNQUFtQztJQUVuQyxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUE7SUFDakMsSUFBSSxRQUFRLElBQUksT0FBTyxRQUFRLEtBQUssUUFBUSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ3pFLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUM7SUFDRCxNQUFNLEtBQUssR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUE7SUFDdkIsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDekIsTUFBTSxLQUFLLEdBQUcsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBQ3RCLElBQUksS0FBSyxJQUFJLE9BQU8sS0FBSyxLQUFLLFFBQVEsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNoRSxPQUFPLEtBQVUsQ0FBQTtRQUNuQixDQUFDO0lBQ0gsQ0FBQztJQUNELE9BQU8sU0FBUyxDQUFBO0FBQ2xCLENBQUM7QUFFRCxTQUFnQixrQkFBa0IsQ0FBQyxLQUFhO0lBQzlDLE9BQU8sS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFBO0FBQ25DLENBQUM7QUFFTSxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLEtBQXNCLEVBQ3RCLEtBQWE7SUFFYixNQUFNLElBQUksR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLGlDQUF5QixDQUFDLGFBQWEsQ0FLakUsQ0FBQTtJQUVELE1BQU0sVUFBVSxHQUFHLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQzVDLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FDM0I7Ozs7YUFJUyxFQUNULENBQUMsVUFBVSxDQUFDLENBQ2IsQ0FBQTtJQUVELE1BQU0sR0FBRyxHQUFHLFlBQVksQ0FBc0IsTUFBTSxDQUFDLENBQUE7SUFDckQsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFLEVBQUUsQ0FBQztRQUNiLE9BQU8sSUFBSSxDQUFBO0lBQ2IsQ0FBQztJQUNELE9BQU8sR0FBRyxDQUFBO0FBQ1osQ0FBQztBQUVNLEtBQUssVUFBVSw0QkFBNEIsQ0FDaEQsS0FBc0IsRUFDdEIsS0FBYTtJQUViLE1BQU0sSUFBSSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsYUFBYSxDQUtqRSxDQUFBO0lBRUQsTUFBTSxVQUFVLEdBQUcsa0JBQWtCLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDNUMsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUMzQjs7OzthQUlTLEVBQ1QsQ0FBQyxVQUFVLENBQUMsQ0FDYixDQUFBO0lBRUQsTUFBTSxHQUFHLEdBQUcsWUFBWSxDQUFnQyxNQUFNLENBQUMsQ0FBQTtJQUMvRCxPQUFPLEdBQUcsRUFBRSxnQkFBZ0IsSUFBSSxJQUFJLENBQUE7QUFDdEMsQ0FBQztBQUVNLEtBQUssVUFBVSx5QkFBeUIsQ0FDN0MsS0FBc0IsRUFDdEIsS0FBYTtJQUViLE1BQU0sSUFBSSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsYUFBYSxDQUtqRSxDQUFBO0lBRUQsTUFBTSxVQUFVLEdBQUcsa0JBQWtCLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDNUMsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUMzQjs7Ozs7YUFLUyxFQUNULENBQUMsVUFBVSxDQUFDLENBQ2IsQ0FBQTtJQUVELE1BQU0sR0FBRyxHQUFHLFlBQVksQ0FBZ0MsTUFBTSxDQUFDLENBQUE7SUFDL0QsT0FBTyxHQUFHLEVBQUUsZ0JBQWdCLElBQUksSUFBSSxDQUFBO0FBQ3RDLENBQUMifQ==

package/.medusa/server/src/api/auth/customer/emailotp/verify/route.js

@@ -0,0 +1,54 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+const utils_1 = require("@medusajs/framework/utils");
+const config_1 = require("../../../../../config");
+const otp_verification_1 = require("../../../../../modules/otp-verification");
+const verify_email_auth_otp_workflow_1 = __importDefault(require("../../../../../workflows/verify-email-auth-otp-workflow"));
+const referral_code_1 = require("../../../../store/customers/shared/referral-code");
+const complete_customer_login_1 = require("../../shared/complete-customer-login");
+const POST = async (req, res) => {
+    const configModule = req.scope.resolve(utils_1.ContainerRegistrationKeys.CONFIG_MODULE);
+    const config = configModule;
+    const options = (0, config_1.resolveCustomerRegistrationOptions)(config);
+    if (!(0, config_1.isEmailOtpAuthEnabled)(options)) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.NOT_ALLOWED, "Email OTP authentication is not enabled");
+    }
+    const body = req.body;
+    if (!body?.token) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "token is required");
+    }
+    if (!body?.code) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "code is required");
+    }
+    await (0, referral_code_1.assertReferralCodeReferrerExists)(req);
+    const jwtSecret = config.projectConfig?.http?.jwtSecret || "supersecret";
+    const otpService = req.scope.resolve(otp_verification_1.OTP_VERIFICATION_MODULE);
+    const verifyResult = await otpService.verifyEmailAuthOtp({ token: body.token, code: body.code }, jwtSecret);
+    const { result } = await (0, verify_email_auth_otp_workflow_1.default)(req.scope).run({
+        input: {
+            email: verifyResult.email,
+            customer_id: verifyResult.customer_id,
+            first_name: body.first_name,
+            last_name: body.last_name,
+        },
+    });
+    const customerId = typeof result.customer.id === "string" ? result.customer.id : "";
+    if (!customerId) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.UNEXPECTED_STATE, "Customer id missing after email OTP verification");
+    }
+    if (result.is_new_user) {
+        await (0, referral_code_1.maybeCreateReferralLinkFromRequest)(req, customerId);
+    }
+    const token = await (0, complete_customer_login_1.issueCustomerJwtToken)(req, config, result.auth_identity, customerId);
+    return res.status(200).json({
+        token,
+        customer: result.customer,
+        is_new_user: result.is_new_user,
+    });
+};
+exports.POST = POST;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL2F1dGgvY3VzdG9tZXIvZW1haWxvdHAvdmVyaWZ5L3JvdXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUNBLHFEQUFrRjtBQUNsRixrREFJOEI7QUFDOUIsOEVBQWlGO0FBRWpGLDZIQUFnRztBQUNoRyxvRkFHeUQ7QUFDekQsa0ZBRzZDO0FBRXRDLE1BQU0sSUFBSSxHQUFHLEtBQUssRUFBRSxHQUFrQixFQUFFLEdBQW1CLEVBQUUsRUFBRTtJQUNwRSxNQUFNLFlBQVksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxpQ0FBeUIsQ0FBQyxhQUFhLENBQUMsQ0FBQTtJQUMvRSxNQUFNLE1BQU0sR0FBRyxZQUFzRCxDQUFBO0lBQ3JFLE1BQU0sT0FBTyxHQUFHLElBQUEsMkNBQWtDLEVBQUMsTUFBTSxDQUFDLENBQUE7SUFFMUQsSUFBSSxDQUFDLElBQUEsOEJBQXFCLEVBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUM3Qix5Q0FBeUMsQ0FDMUMsQ0FBQTtJQUNILENBQUM7SUFFRCxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsSUFNaEIsQ0FBQTtJQUVELElBQUksQ0FBQyxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLG1CQUFXLENBQUMsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUFFLG1CQUFtQixDQUFDLENBQUE7SUFDNUUsQ0FBQztJQUVELElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLENBQUM7UUFDaEIsTUFBTSxJQUFJLG1CQUFXLENBQUMsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUFFLGtCQUFrQixDQUFDLENBQUE7SUFDM0UsQ0FBQztJQUVELE1BQU0sSUFBQSxnREFBZ0MsRUFBQyxHQUFHLENBQUMsQ0FBQTtJQUUzQyxNQUFNLFNBQVMsR0FDWixNQUFNLENBQUMsYUFBYSxFQUFFLElBQUksRUFBRSxTQUFnQyxJQUFJLGFBQWEsQ0FBQTtJQUVoRixNQUFNLFVBQVUsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FDbEMsMENBQXVCLENBQ3hCLENBQUE7SUFFRCxNQUFNLFlBQVksR0FBRyxNQUFNLFVBQVUsQ0FBQyxrQkFBa0IsQ0FDdEQsRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUN0QyxTQUFTLENBQ1YsQ0FBQTtJQUVELE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUEsd0NBQTBCLEVBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsQ0FBQztRQUNqRSxLQUFLLEVBQUU7WUFDTCxLQUFLLEVBQUUsWUFBWSxDQUFDLEtBQUs7WUFDekIsV0FBVyxFQUFFLFlBQVksQ0FBQyxXQUFXO1lBQ3JDLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7U0FDMUI7S0FDRixDQUFDLENBQUE7SUFFRixNQUFNLFVBQVUsR0FDZCxPQUFPLE1BQU0sQ0FBQyxRQUFRLENBQUMsRUFBRSxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQTtJQUVsRSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDaEIsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLGdCQUFnQixFQUNsQyxrREFBa0QsQ0FDbkQsQ0FBQTtJQUNILENBQUM7SUFFRCxJQUFJLE1BQU0sQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN2QixNQUFNLElBQUEsa0RBQWtDLEVBQUMsR0FBRyxFQUFFLFVBQVUsQ0FBQyxDQUFBO0lBQzNELENBQUM7SUFFRCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUEsK0NBQXFCLEVBQ3ZDLEdBQUcsRUFDSCxNQUFNLEVBQ04sTUFBTSxDQUFDLGFBQWEsRUFDcEIsVUFBVSxDQUNYLENBQUE7SUFFRCxPQUFPLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1FBQzFCLEtBQUs7UUFDTCxRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVE7UUFDekIsV0FBVyxFQUFFLE1BQU0sQ0FBQyxXQUFXO0tBQ2hDLENBQUMsQ0FBQTtBQUNKLENBQUMsQ0FBQTtBQTdFWSxRQUFBLElBQUksUUE2RWhCIn0=