wabe 0.6.9 → 0.6.11

package/src/authentication/providers/Google.ts

@@ -0,0 +1,24 @@
+import type { DevWabeTypes } from '../../utils/helper'
+import {
+	AuthenticationProvider,
+	type AuthenticationEventsOptions,
+	type ProviderInterface,
+} from '../interface'
+import { oAuthAuthentication } from './OAuth'
+
+type GoogleInterface = {
+	authorizationCode: string
+	codeVerifier: string
+}
+
+export class Google implements ProviderInterface<DevWabeTypes, GoogleInterface> {
+	name = 'google'
+	onSignIn(options: AuthenticationEventsOptions<DevWabeTypes, GoogleInterface>) {
+		return oAuthAuthentication(AuthenticationProvider.Google)(options)
+	}
+
+	// @ts-expect-error
+	onSignUp() {
+		throw new Error('SignUp is not implemented for Oauth provider, you should use signIn instead.')
+	}
+}

package/src/authentication/providers/OAuth.test.ts

@@ -0,0 +1,185 @@
+import { afterEach, describe, expect, it, mock, spyOn } from 'bun:test'
+import { GitHub } from './GitHub'
+import * as OAuth from './OAuth'
+import { AuthenticationProvider } from '../interface'
+
+// Use GitHub test as use case
+describe('OAuth', () => {
+	const mockGetObjects = mock(() => Promise.resolve([]))
+	const mockCount = mock(() => Promise.resolve(0)) as any
+	const mockCreateObject = mock(() => Promise.resolve({ id: 'userId' })) as any
+
+	const mockGetUserInfo = mock().mockResolvedValue({
+		email: 'email@test.fr',
+		avatarUrl: 'avatarUrl',
+		username: 'username',
+	})
+
+	const mockValidateAuthorizationCode = mock().mockResolvedValue({
+		accessToken: 'accessToken',
+		refreshToken: 'refreshToken',
+		accessTokenExpiresAt: new Date(0),
+	})
+
+	spyOn(OAuth, 'getProvider').mockReturnValue({
+		validateAuthorizationCode: mockValidateAuthorizationCode,
+		getUserInfo: mockGetUserInfo,
+	} as never)
+
+	const context = {
+		wabe: {
+			controllers: {
+				database: {
+					getObjects: mockGetObjects,
+					createObject: mockCreateObject,
+					count: mockCount,
+				},
+			},
+			config: {
+				authentication: {
+					providers: {
+						github: {
+							clientId: 'clientId',
+							clientSecret: 'clientSecret',
+						},
+					},
+				},
+			},
+		},
+	} as any
+
+	afterEach(() => {
+		mockGetObjects.mockClear()
+		mockCreateObject.mockClear()
+		mockCount.mockClear()
+		mockValidateAuthorizationCode.mockClear()
+		mockGetUserInfo.mockClear()
+	})
+
+	it('should sign up with GitHub Provider if there is no user found', async () => {
+		const github = new GitHub()
+
+		await github.onSignIn({
+			context,
+			input: {
+				authorizationCode: 'authorizationCode',
+				codeVerifier: 'codeVerifier',
+			},
+		})
+
+		expect(mockValidateAuthorizationCode).toHaveBeenCalledTimes(1)
+		expect(mockGetUserInfo).toHaveBeenCalledTimes(1)
+
+		expect(mockGetObjects).toHaveBeenCalledTimes(1)
+		expect(mockGetObjects).toHaveBeenCalledWith({
+			className: 'User',
+			where: {
+				authentication: {
+					github: {
+						email: { equalTo: 'email@test.fr' },
+					},
+				},
+			},
+			first: 1,
+			context: expect.any(Object),
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+
+		expect(mockCreateObject).toHaveBeenCalledTimes(1)
+		expect(mockCreateObject).toHaveBeenCalledWith({
+			className: 'User',
+			data: {
+				provider: AuthenticationProvider.GitHub,
+				isOauth: true,
+				authentication: {
+					github: {
+						email: 'email@test.fr',
+						username: 'username',
+						avatarUrl: 'avatarUrl',
+					},
+				},
+			},
+			context: expect.any(Object),
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+	})
+
+	it('should sign in with GitHub Provider if there is no user found', async () => {
+		mockGetObjects.mockResolvedValue([
+			{
+				id: 'userId',
+				authentication: {
+					github: {
+						email: 'email@test.fr',
+						verifiedEmail: true,
+						idToken: 'idToken',
+					},
+				},
+				provider: AuthenticationProvider.Google,
+				isOauth: true,
+			} as any,
+		] as never)
+
+		const github = new GitHub()
+
+		await github.onSignIn({
+			context,
+			input: {
+				authorizationCode: 'authorizationCode',
+				codeVerifier: 'codeVerifier',
+			},
+		})
+
+		expect(mockValidateAuthorizationCode).toHaveBeenCalledTimes(1)
+		expect(mockGetUserInfo).toHaveBeenCalledTimes(1)
+
+		expect(mockGetObjects).toHaveBeenCalledTimes(1)
+		expect(mockGetObjects).toHaveBeenCalledWith({
+			className: 'User',
+			where: {
+				authentication: {
+					github: {
+						email: { equalTo: 'email@test.fr' },
+					},
+				},
+			},
+			first: 1,
+			context: expect.any(Object),
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+
+		expect(mockCreateObject).toHaveBeenCalledTimes(0)
+
+		mockValidateAuthorizationCode.mockRestore()
+	})
+})

package/src/authentication/providers/OAuth.ts

@@ -0,0 +1,106 @@
+import type { WabeContext } from '../../server/interface'
+import { contextWithRoot } from '../../utils/export'
+import type { DevWabeTypes } from '../../utils/helper'
+import { type AuthenticationEventsOptions, AuthenticationProvider } from '../interface'
+import { Google } from '../oauth'
+import { GitHub } from '../oauth/GitHub'
+
+export type OAuthAuthenticationInterface = {
+	authorizationCode: string
+	codeVerifier: string
+}
+
+export const getProvider = (
+	context: WabeContext<DevWabeTypes>,
+	provider: AuthenticationProvider,
+) => {
+	const config = context.wabe.config
+
+	switch (provider) {
+		case AuthenticationProvider.Google:
+			return new Google(config)
+		case AuthenticationProvider.GitHub:
+			return new GitHub(config)
+		default:
+			throw new Error(`Provider ${provider} not found`)
+	}
+}
+
+export const oAuthAuthentication =
+	(oAuthProvider: AuthenticationProvider) =>
+	async ({
+		context,
+		input,
+	}: AuthenticationEventsOptions<DevWabeTypes, OAuthAuthenticationInterface>) => {
+		const { authorizationCode, codeVerifier } = input
+
+		const provider = getProvider(context, oAuthProvider)
+
+		const { accessToken } = await provider.validateAuthorizationCode(
+			authorizationCode,
+			codeVerifier,
+		)
+
+		const userInfoToSave = await provider.getUserInfo(accessToken)
+
+		const user = await context.wabe.controllers.database.getObjects({
+			className: 'User',
+			where: {
+				authentication: {
+					[oAuthProvider]: {
+						email: { equalTo: userInfoToSave.email },
+					},
+				},
+			},
+			context: contextWithRoot(context),
+			first: 1,
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+
+		if (user.length === 0) {
+			const createdUser = await context.wabe.controllers.database.createObject({
+				className: 'User',
+				data: {
+					provider: oAuthProvider,
+					isOauth: true,
+					authentication: {
+						[oAuthProvider]: userInfoToSave,
+					},
+				},
+				context: contextWithRoot(context),
+				select: {
+					authentication: true,
+					role: true,
+					secondFA: true,
+					email: true,
+					id: true,
+					provider: true,
+					isOauth: true,
+					createdAt: true,
+					updatedAt: true,
+				},
+			})
+
+			if (!createdUser) throw new Error('User not found')
+
+			return {
+				user: createdUser,
+			}
+		}
+
+		if (!user[0]) throw new Error('User not found')
+
+		return {
+			user: user[0],
+		}
+	}

package/src/authentication/providers/PhonePassword.test.ts

@@ -0,0 +1,176 @@
+import { describe, expect, it, mock, spyOn, afterEach, afterAll } from 'bun:test'
+import * as crypto from '../../utils/crypto'
+
+import { PhonePassword } from './PhonePassword'
+
+describe('Phone password', () => {
+	const mockGetObjects = mock(() => Promise.resolve([]))
+	const mockCount = mock(() => Promise.resolve(0)) as any
+	const mockCreateObject = mock(() => Promise.resolve({ id: 'userId' })) as any
+
+	const spyArgonPasswordVerify = spyOn(crypto, 'verifyArgon2')
+	const spyBunPasswordHash = spyOn(crypto, 'hashArgon2')
+
+	const controllers = {
+		controllers: {
+			database: {
+				getObjects: mockGetObjects,
+				createObject: mockCreateObject,
+				count: mockCount,
+			},
+		},
+	} as any
+
+	afterEach(() => {
+		mockGetObjects.mockClear()
+		mockCreateObject.mockClear()
+		spyArgonPasswordVerify.mockClear()
+		spyBunPasswordHash.mockClear()
+	})
+
+	afterAll(() => {
+		spyArgonPasswordVerify.mockRestore()
+		spyBunPasswordHash.mockRestore()
+	})
+
+	const phonePassword = new PhonePassword()
+
+	it('should signUp with phone password', async () => {
+		spyBunPasswordHash.mockResolvedValueOnce('$argon2id$hashedPassword')
+
+		const {
+			authenticationDataToSave: { phone },
+		} = await phonePassword.onSignUp({
+			context: { wabe: controllers } as any,
+			input: { phone: 'phone@test.fr', password: 'password' },
+		})
+
+		expect(phone).toBe('phone@test.fr')
+	})
+
+	it('should signIn with phone password', async () => {
+		mockGetObjects.mockResolvedValue([
+			{
+				id: 'userId',
+				authentication: {
+					phonePassword: {
+						phone: 'phone@test.fr',
+						password: 'hashedPassword',
+					},
+				},
+			} as never,
+		])
+
+		spyArgonPasswordVerify.mockResolvedValueOnce(true)
+
+		const { user } = await phonePassword.onSignIn({
+			context: { wabe: controllers } as any,
+			input: { phone: 'phone@test.fr', password: 'password' },
+		})
+
+		expect(user).toEqual({
+			id: 'userId',
+			authentication: {
+				phonePassword: {
+					phone: 'phone@test.fr',
+					password: 'hashedPassword',
+				},
+			},
+		})
+
+		expect(spyArgonPasswordVerify).toHaveBeenCalledTimes(1)
+		expect(spyArgonPasswordVerify).toHaveBeenCalledWith('password', 'hashedPassword')
+	})
+
+	it('should not signIn with phone password if password is undefined', () => {
+		spyArgonPasswordVerify.mockResolvedValueOnce(false)
+
+		expect(
+			phonePassword.onSignIn({
+				context: { wabe: controllers } as any,
+				// @ts-expect-error
+				input: { phone: 'phone@test.fr' },
+			}),
+		).rejects.toThrow('Invalid authentication credentials')
+	})
+
+	it('should not signIn with phone password if there is no user found', () => {
+		mockGetObjects.mockResolvedValue([])
+
+		expect(
+			phonePassword.onSignIn({
+				context: { wabe: controllers } as any,
+				input: {
+					phone: 'invalidEmail@test.fr',
+					password: 'password',
+				},
+			}),
+		).rejects.toThrow('Invalid authentication credentials')
+
+		expect(spyArgonPasswordVerify).toHaveBeenCalledTimes(1)
+	})
+
+	it('should not signIn with phone password if there is phone is invalid', () => {
+		mockGetObjects.mockResolvedValue([
+			{
+				authentication: {
+					phonePassword: {
+						password: 'hashedPassword',
+					},
+				},
+			} as never,
+		])
+
+		spyArgonPasswordVerify.mockResolvedValueOnce(true)
+
+		expect(
+			phonePassword.onSignIn({
+				context: { wabe: controllers } as any,
+				input: {
+					phone: 'invalidEmail@test.fr',
+					password: 'password',
+				},
+			}),
+		).rejects.toThrow('Invalid authentication credentials')
+
+		expect(spyArgonPasswordVerify).toHaveBeenCalledTimes(1)
+	})
+
+	it('should not update authentication data if there is no user found', () => {
+		mockGetObjects.mockResolvedValue([])
+
+		spyArgonPasswordVerify.mockResolvedValueOnce(true)
+
+		expect(
+			phonePassword.onUpdateAuthenticationData?.({
+				context: { wabe: controllers } as any,
+				input: {
+					phone: 'phone@test.fr',
+					password: 'password',
+				},
+				userId: 'userId',
+			}),
+		).rejects.toThrow('User not found')
+	})
+
+	it('should update authentication data if the userId match with an user', async () => {
+		mockGetObjects.mockResolvedValue([
+			{
+				id: 'id',
+			},
+		] as any)
+
+		spyBunPasswordHash.mockResolvedValueOnce('$argon2id$hashedPassword')
+
+		const res = await phonePassword.onUpdateAuthenticationData?.({
+			context: { wabe: controllers } as any,
+			input: {
+				phone: 'phone@test.fr',
+				password: 'password',
+			},
+			userId: 'userId',
+		})
+
+		expect(res.authenticationDataToSave.phone).toBe('phone@test.fr')
+	})
+})

package/src/authentication/providers/PhonePassword.ts

@@ -0,0 +1,115 @@
+import type {
+	AuthenticationEventsOptions,
+	AuthenticationEventsOptionsWithUserId,
+	ProviderInterface,
+} from '../interface'
+import { contextWithRoot, verifyArgon2 } from '../../utils/export'
+import type { DevWabeTypes } from '../../utils/helper'
+
+const DUMMY_PASSWORD_HASH =
+	'$argon2id$v=19$m=65536,t=2,p=1$wHZB9xRS/Mbo7L3SL9e935Ag5K+T2EuT/XgB8akwZgo$SPf8EZ4T1HYkuIll4v2hSzNCH7woX3VrZJo3yWg5u8U'
+
+type PhonePasswordInterface = {
+	password: string
+	phone: string
+	otp?: string
+}
+
+export class PhonePassword implements ProviderInterface<DevWabeTypes, PhonePasswordInterface> {
+	async onSignIn({
+		input,
+		context,
+	}: AuthenticationEventsOptions<DevWabeTypes, PhonePasswordInterface>) {
+		const users = await context.wabe.controllers.database.getObjects({
+			className: 'User',
+			where: {
+				authentication: {
+					phonePassword: {
+						phone: { equalTo: input.phone },
+					},
+				},
+			},
+			context: contextWithRoot(context),
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+			first: 1,
+		})
+
+		const user = users[0]
+		const userDatabasePassword = user?.authentication?.phonePassword?.password
+
+		const passwordHashToCheck = userDatabasePassword ?? DUMMY_PASSWORD_HASH
+
+		const isPasswordEquals = await verifyArgon2(input.password, passwordHashToCheck)
+
+		if (!user || !isPasswordEquals || input.phone !== user.authentication?.phonePassword?.phone)
+			throw new Error('Invalid authentication credentials')
+
+		return {
+			user,
+		}
+	}
+
+	async onSignUp({
+		input,
+		context,
+	}: AuthenticationEventsOptions<DevWabeTypes, PhonePasswordInterface>) {
+		const users = await context.wabe.controllers.database.count({
+			className: 'User',
+			where: {
+				authentication: {
+					phonePassword: {
+						phone: { equalTo: input.phone },
+					},
+				},
+			},
+			context: contextWithRoot(context),
+		})
+
+		if (users > 0) throw new Error('Not authorized to create user')
+
+		return {
+			authenticationDataToSave: {
+				phone: input.phone,
+				password: input.password,
+			},
+		}
+	}
+
+	async onUpdateAuthenticationData({
+		userId,
+		input,
+		context,
+	}: AuthenticationEventsOptionsWithUserId<DevWabeTypes, PhonePasswordInterface>) {
+		const users = await context.wabe.controllers.database.getObjects({
+			className: 'User',
+			where: {
+				id: {
+					equalTo: userId,
+				},
+			},
+			context,
+			select: { authentication: true },
+		})
+
+		if (users.length === 0) throw new Error('User not found')
+
+		const user = users[0]
+
+		return {
+			authenticationDataToSave: {
+				phone: input.phone ?? user?.authentication?.phonePassword?.phone,
+				password: input.password ? input.password : user?.authentication?.phonePassword?.password,
+			},
+		}
+	}
+}

package/src/authentication/providers/QRCodeOTP.test.ts

@@ -0,0 +1,77 @@
+import { describe, expect, it, beforeAll, afterAll, afterEach } from 'bun:test'
+import type { DevWabeTypes } from '../../utils/helper'
+import { setupTests, closeTests } from '../../utils/testHelper'
+import type { Wabe } from '../..'
+import { OTP } from '../OTP'
+import { QRCodeOTP } from './QRCodeOTP'
+
+describe('QRCodeOTPProvider', () => {
+	let wabe: Wabe<DevWabeTypes>
+
+	beforeAll(async () => {
+		const setup = await setupTests()
+		wabe = setup.wabe
+	})
+
+	afterAll(async () => {
+		await closeTests(wabe)
+	})
+
+	afterEach(async () => {
+		await wabe.controllers.database.clearDatabase()
+	})
+
+	it('should return the userId if the OTP code is valid', async () => {
+		const createdUser = await wabe.controllers.database.createObject({
+			className: 'User',
+			context: {
+				wabe,
+				isRoot: true,
+			},
+			data: {
+				email: 'email@test.fr',
+			},
+			select: {
+				id: true,
+			},
+		})
+
+		if (!createdUser) throw new Error('User not created')
+
+		const otp = new OTP(wabe.config.rootKey).authenticatorGenerate(createdUser.id)
+
+		const qrCodeOTP = new QRCodeOTP()
+
+		expect(
+			await qrCodeOTP.onVerifyChallenge({
+				context: {
+					wabe,
+					isRoot: false,
+				},
+				input: {
+					email: 'email@test.fr',
+					otp,
+				},
+			}),
+		).toEqual({
+			userId: createdUser.id,
+		})
+	})
+
+	it("should return null if the user doesn't exist", async () => {
+		const qrCodeOTP = new QRCodeOTP()
+
+		expect(
+			await qrCodeOTP.onVerifyChallenge({
+				context: {
+					wabe,
+					isRoot: false,
+				},
+				input: {
+					email: 'email@test.fr',
+					otp: '123456',
+				},
+			}),
+		).toEqual(null)
+	})
+})