From 72412fce4b3ce8a0ea8b34636a3ac416e6b2c0de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mih=C3=A1ly=20Lengyel?= Date: Wed, 13 Sep 2023 09:39:28 +0200 Subject: [PATCH] feat: add fdi updates for account-linking (#41) * feat: add fdi updates for account-linking * fix: syntax error * add reason to EMAIL_ALREADY_USED_IN_ANOTHER_ACCOUNT * remove user and email from reset pw resp * feat: remove EMAIL_ALREADY_USED_IN_ANOTHER_ACCOUNT * feat: add separate errors for sign in/up not allowed in EP+TPEP --- CHANGELOG.md | 16 ++++ api_spec.yaml | 225 +++++++++++++++++++++++++++++++++++++------------- 2 files changed, 184 insertions(+), 57 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c31d34..4003fa6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) +## [1.18.0] - 2023-08-XX + +### Changed +- Updates ThirdParty, ThirdPartyEmailPassword, ThirdPartyPasswordless, Passwordless and EmailPassword recipes to support account linking + - Updates `{apiBasePath}/signinup/code` POST + - Updates `{apiBasePath}/signinup/code/consume` POST + - Updates `{apiBasePath}/signinup` POST + - Updates `{apiBasePath}/signin` POST + - Updates `{apiBasePath}/signup` POST + - Updates `{apiBasePath}/user/password/reset/token` POST + - Updates `{apiBasePath}/user/password/reset` POST +- The changes to the above endpoints are: + - Added new response statuses + - Unified the type/shape of the user objects across all different responses + - Renamed `createdNewUser` to `createdNewRecipeUser` + ## [1.17.1] - 2023-08-31 ### Changed diff --git a/api_spec.yaml b/api_spec.yaml index 150eabd..6a496a3 100644 --- a/api_spec.yaml +++ b/api_spec.yaml @@ -49,7 +49,6 @@ paths: $ref: '#/components/schemas/phoneNumber' required: - phoneNumber - - $ref: '#/components/schemas/generalErrorResponse' responses: '200': description: Started the passwordless sign in/up process. @@ -68,6 +67,14 @@ paths: flowType: type: string enum: ['MAGIC_LINK', 'USER_INPUT_CODE_AND_MAGIC_LINK', 'USER_INPUT_CODE'] + - type: object + properties: + status: + type: string + enum: ['SIGN_IN_UP_NOT_ALLOWED'] + reason: + type: string + example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" - $ref: '#/components/schemas/generalErrorResponse' '404': @@ -199,11 +206,11 @@ paths: properties: status: $ref: '#/components/schemas/statusOK' - createdNewUser: + createdNewRecipeUser: type: boolean example: true user: - $ref: '#/components/schemas/passwordlessUser' + $ref: '#/components/schemas/user' - type: object properties: @@ -222,6 +229,14 @@ paths: status: type: string enum: ['RESTART_FLOW_ERROR'] + - type: object + properties: + status: + type: string + enum: ['SIGN_IN_UP_NOT_ALLOWED'] + reason: + type: string + example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" - $ref: '#/components/schemas/generalErrorResponse' @@ -386,7 +401,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/signinupResponse' - - $ref: '#/components/schemas/noEmailGivenByProviderResponse' + - $ref: '#/components/schemas/signinupErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' '404': @@ -529,6 +544,14 @@ paths: flowType: type: string enum: ['MAGIC_LINK', 'USER_INPUT_CODE_AND_MAGIC_LINK', 'USER_INPUT_CODE'] + - type: object + properties: + status: + type: string + enum: ['SIGN_IN_UP_NOT_ALLOWED'] + reason: + type: string + example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" - $ref: '#/components/schemas/generalErrorResponse' '404': @@ -656,11 +679,11 @@ paths: properties: status: $ref: '#/components/schemas/statusOK' - createdNewUser: + createdNewRecipeUser: type: boolean example: true user: - $ref: '#/components/schemas/passwordlessUser' + $ref: '#/components/schemas/user' - type: object properties: @@ -679,6 +702,14 @@ paths: status: type: string enum: ['RESTART_FLOW_ERROR'] + - type: object + properties: + status: + type: string + enum: ['SIGN_IN_UP_NOT_ALLOWED'] + reason: + type: string + example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" - $ref: '#/components/schemas/generalErrorResponse' @@ -914,6 +945,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/signInResponse' + - $ref: '#/components/schemas/signInNotAllowedResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/wrongCredentialsResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -975,6 +1007,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/signupResponse' + - $ref: '#/components/schemas/signUpNotAllowedResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -1043,6 +1076,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/passwordResetTokenResponse' + - $ref: '#/components/schemas/passwordResetNotAllowedResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -1083,6 +1117,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/passwordResetResponse' + - $ref: '#/components/schemas/passwordResetErrorResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -1176,7 +1211,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/signinupResponse' - - $ref: '#/components/schemas/noEmailGivenByProviderResponse' + - $ref: '#/components/schemas/signinupErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' '404': @@ -1400,6 +1435,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/signInResponse' + - $ref: '#/components/schemas/signInNotAllowedResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/wrongCredentialsResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -1461,6 +1497,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/signupResponse' + - $ref: '#/components/schemas/signUpNotAllowedResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -1530,6 +1567,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/passwordResetTokenResponse' + - $ref: '#/components/schemas/passwordResetNotAllowedResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -1570,6 +1608,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/passwordResetResponse' + - $ref: '#/components/schemas/passwordResetErrorResponse' - $ref: '#/components/schemas/fieldErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' @@ -1665,7 +1704,7 @@ paths: schema: oneOf: - $ref: '#/components/schemas/signinupResponse' - - $ref: '#/components/schemas/noEmailGivenByProviderResponse' + - $ref: '#/components/schemas/signinupErrorResponse' - $ref: '#/components/schemas/generalErrorResponse' '404': @@ -2181,40 +2220,80 @@ components: userId: type: string example: fa7a0841-b533-4478-95533-0fde890c3483 - - thirdPartyUser: - type: object - properties: - id: - $ref: '#/components/schemas/userId' - email: - type: string - example: johndoe@gmail.com - timeJoined: - type: number - example: 1638433545183 - thirdParty: - type: object - properties: - id: - type: string - example: google - userId: - type: string - example: rq238mrq2389rvq123213 - - + user: type: object properties: id: $ref: '#/components/schemas/userId' - email: - type: string - example: johndoe@gmail.com timeJoined: type: number example: 1638433545183 + isPrimaryUser: + type: boolean + example: true + tenantIds: + type: array + items: + type: string + example: public + emails: + type: array + items: + type: string + example: johndoe@gmail.com + phoneNumbers: + type: array + items: + type: string + example: +36201234123 + thirdParty: + type: array + items: + type: object + properties: + id: + type: string + example: google + userId: + type: string + example: rq238mrq2389rvq123213 + loginMethods: + type: array + items: + type: object + properties: + recipeId: + type: string + enum: ['emailpassword', 'thirdparty', 'passwordless'] + recipeUserId: + $ref: '#/components/schemas/userId' + verified: + type: boolean + example: true + tenantIds: + type: array + items: + type: string + example: public + timeJoined: + type: number + example: 1638433545183 + email: + type: string + example: johndoe@gmail.com + phoneNumber: + type: string + example: +36201234123 + thirdParty: + type: object + properties: + id: + type: string + example: google + userId: + type: string + example: rq238mrq2389rvq123213 email: type: string @@ -2234,19 +2313,6 @@ components: description: An identifier that used to identify the login attempt/device. example: kFmkPQEAJtACiT2w/K8fndEuNm+XozJXSZSlWEr+iGs= - passwordlessUser: - type: object - properties: - id: - $ref: '#/components/schemas/userId' - email: - $ref: '#/components/schemas/email' - phoneNumber: - $ref: '#/components/schemas/phoneNumber' - timeJoined: - type: number - example: 1638433545183 - thirdPartyId: type: string example: google @@ -2310,6 +2376,16 @@ components: user: $ref: '#/components/schemas/user' + signInNotAllowedResponse: + type: object + properties: + status: + type: string + enum: ["SIGN_IN_NOT_ALLOWED"] + reason: + type: string + example: "Cannot sign in due to security reasons. Please try resetting your password, use a different login method or contact support. (ERR_CODE_008)" + signupResponse: type: object properties: @@ -2318,6 +2394,15 @@ components: user: $ref: '#/components/schemas/user' + signUpNotAllowedResponse: + type: object + properties: + status: + type: string + enum: ["SIGN_UP_NOT_ALLOWED"] + reason: + type: string + example: "Cannot sign up due to security reasons. Please try resetting your password, use a different login method or contact support. (ERR_CODE_007)" passwordResetTokenResponse: type: object @@ -2325,24 +2410,40 @@ components: status: $ref: '#/components/schemas/statusOK' + passwordResetNotAllowedResponse: + type: object + properties: + status: + type: string + enum: ['PASSWORD_RESET_NOT_ALLOWED'] + reason: + type: string + example: "Token generation was not done because of account take over risk. Please contact support. (HAS_OTHER_EMAIL_OR_PHONE)" + signinupResponse: type: object properties: status: $ref: '#/components/schemas/statusOK' user: - $ref: '#/components/schemas/thirdPartyUser' - createdNewUser: + $ref: '#/components/schemas/user' + createdNewRecipeUser: type: boolean example: true + passwordResetErrorResponse: + type: object + properties: + status: + type: string + enum: ['RESET_PASSWORD_INVALID_TOKEN_ERROR'] + passwordResetResponse: type: object properties: status: type: string - enum: ['OK', 'RESET_PASSWORD_INVALID_TOKEN_ERROR'] - + enum: ['OK'] fieldErrorResponse: type: object @@ -2369,12 +2470,22 @@ components: type: string enum: ['WRONG_CREDENTIALS_ERROR'] - noEmailGivenByProviderResponse: - type: object - properties: - status: - type: string - enum: ['NO_EMAIL_GIVEN_BY_PROVIDER'] + signinupErrorResponse: + oneOf: + - type: object + properties: + status: + type: string + enum: ['NO_EMAIL_GIVEN_BY_PROVIDER'] + + - type: object + properties: + status: + type: string + enum: ['SIGN_IN_UP_NOT_ALLOWED'] + reason: + type: string + example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" internalError: type: string