Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: anomaly and security service integration #855

Draft
wants to merge 24 commits into
base: 20.0
Choose a base branch
from
+739 −18
Draft

Feat: anomaly and security service integration #855

Changes from 4 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
5eb92f2
types changes for ep recipe interface (code not compiling)
rishabhpoddar Jun 11, 2024
7020829
Merge branch '19.0' into feat/anomaly-service-integration
rishabhpoddar Jun 11, 2024
dabae70
more changes
rishabhpoddar Jun 11, 2024
b2e2330
Merge branch 'feat/anomaly-service-integration' of https://github.com…
rishabhpoddar Jun 11, 2024
08d1613
Merge branch '19.0' into feat/anomaly-service-integration
rishabhpoddar Jun 28, 2024
26b9ae8
modifes types of emailpassword recipe
rishabhpoddar Jul 1, 2024
51ff02b
Merge branch '19.0' into feat/anomaly-service-integration
rishabhpoddar Jul 1, 2024
d1691e1
adds types for all the override functions
rishabhpoddar Jul 1, 2024
40c114b
makes rate limiting an array of keys
rishabhpoddar Jul 1, 2024
9eafc55
adds more type changes
rishabhpoddar Jul 1, 2024
88da59b
more type changes
rishabhpoddar Jul 2, 2024
a8ae033
Merge branch '19.0' into feat/anomaly-service-integration
rishabhpoddar Jul 16, 2024
6d33e18
fixes a few comments
rishabhpoddar Jul 16, 2024
239e2de
resolves all pr comments
rishabhpoddar Jul 16, 2024
14a1963
Merge branch '19.0' into feat/anomaly-service-integration
rishabhpoddar Jul 16, 2024
2067006
more changes
rishabhpoddar Jul 16, 2024
ab0baa0
Merge branch 'feat/anomaly-service-integration' of https://github.com…
rishabhpoddar Jul 16, 2024
8aca4cf
Merge branch '19.0' into feat/anomaly-service-integration
rishabhpoddar Jul 16, 2024
402726d
small changes
rishabhpoddar Jul 16, 2024
91de44c
Merge branch 'feat/anomaly-service-integration' of https://github.com…
rishabhpoddar Jul 16, 2024
cf3d581
removes google recaptcha and security service request id from totp
rishabhpoddar Jul 16, 2024
2b6e09e
adds a few more params from security service
rishabhpoddar Jul 17, 2024
77a3dde
Merge branch '20.0' into feat/anomaly-service-integration
rishabhpoddar Jul 26, 2024
b19c86f
changes output schema of api
rishabhpoddar Jul 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 82 additions & 2 deletions lib/ts/recipe/emailpassword/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,14 @@ export type RecipeInterface = {
password: string;
session: SessionContainerInterface | undefined;
tenantId: string;
securityOptions: {
enforceEmailBan: boolean;
ipBan: {
enabled: boolean;
ipAddress: string;
};
checkBreachedPassword: boolean;
};
userContext: UserContext;
}): Promise<
| {
Expand All @@ -105,6 +113,9 @@ export type RecipeInterface = {
| "ACCOUNT_INFO_ALREADY_ASSOCIATED_WITH_ANOTHER_PRIMARY_USER_ID_ERROR"
| "SESSION_USER_ACCOUNT_INFO_ALREADY_ASSOCIATED_WITH_ANOTHER_PRIMARY_USER_ID_ERROR";
}
| {
status: "EMAIL_BANNED_ERROR" | "BREACHED_PASSWORD_ERROR" | "IP_BANNED_ERROR";
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
}
>;
// this function is meant only for creating the recipe in the core and nothing else.
// we added this even though signUp exists cause devs may override signup expecting it
Expand All @@ -114,6 +125,14 @@ export type RecipeInterface = {
email: string;
password: string;
tenantId: string;
securityOptions: {
enforceEmailBan: boolean;
checkBreachedPassword: boolean;
ipBan: {
enabled: boolean;
ipAddress: string;
};
};
userContext: UserContext;
}): Promise<
| {
Expand All @@ -122,17 +141,34 @@ export type RecipeInterface = {
recipeUserId: RecipeUserId;
}
| { status: "EMAIL_ALREADY_EXISTS_ERROR" }
| {
status: "EMAIL_BANNED_ERROR" | "BREACHED_PASSWORD_ERROR" | "IP_BANNED_ERROR";
}
>;

signIn(input: {
email: string;
password: string;
session: SessionContainerInterface | undefined;
tenantId: string;
securityOptions: {
enforceUserBan: boolean;
enforceEmailBan: boolean;
ipBan: {
enabled: boolean;
ipAddress: string;
};
checkBreachedPassword: boolean;
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
limitWrongPasswordAttempts: {
enabled: boolean;
counterKey?: string; // by default will be email, so that the counter is per email, but users can customize it to be something else, like email + IP if they want.
maxNumberOfAttempts?: number; // by default will be 4
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
};
};
userContext: UserContext;
}): Promise<
| { status: "OK"; user: User; recipeUserId: RecipeUserId }
| { status: "WRONG_CREDENTIALS_ERROR" }
| { status: "WRONG_CREDENTIALS_ERROR"; numberOfIncorrectAttemptsSoFar: number }
| {
status: "LINKING_TO_SESSION_USER_FAILED";
reason:
Expand All @@ -141,8 +177,25 @@ export type RecipeInterface = {
| "ACCOUNT_INFO_ALREADY_ASSOCIATED_WITH_ANOTHER_PRIMARY_USER_ID_ERROR"
| "SESSION_USER_ACCOUNT_INFO_ALREADY_ASSOCIATED_WITH_ANOTHER_PRIMARY_USER_ID_ERROR";
}
| {
status: "EMAIL_BANNED_ERROR" | "BREACHED_PASSWORD_ERROR" | "IP_BANNED_ERROR";
}
| {
status: "USER_BANNED";
user: User;
recipeUserId: RecipeUserId;
}
| {
status: "WRONG_CREDENTIALS_LIMIT_REACHED_ERROR";
lastLoginAttemptTime: number; // this can be used to reset the timer and try again.
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
}
>;

resetWrongCredentialsCounter(input: {
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
email: string;
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
tenantId: string;
}): Promise<{ status: "OK" | "UNKNOWN_EMAIL_ERROR" }>;

verifyCredentials(input: {
email: string;
password: string;
Expand All @@ -159,8 +212,27 @@ export type RecipeInterface = {
userId: string; // the id can be either recipeUserId or primaryUserId
email: string;
tenantId: string;
securityOptions: {
enforceUserBan: boolean;
enforceEmailBan: boolean;
ipBan: {
enabled: boolean;
ipAddress: string;
};
};
userContext: UserContext;
}): Promise<{ status: "OK"; token: string } | { status: "UNKNOWN_USER_ID_ERROR" }>;
}): Promise<
| { status: "OK"; token: string }
| { status: "UNKNOWN_USER_ID_ERROR" }
| {
status: "EMAIL_BANNED_ERROR" | "IP_BANNED_ERROR";
}
| {
status: "USER_BANNED";
user: User;
recipeUserId: RecipeUserId;
}
>;

consumePasswordResetToken(input: {
token: string;
Expand All @@ -183,6 +255,13 @@ export type RecipeInterface = {
password?: string;
userContext: UserContext;
applyPasswordPolicy?: boolean;
securityOptions: {
checkBreachedPassword: boolean;
limitOldPasswordReuse: {
enabled: boolean;
numberOfOldPasswordsToCheck?: number; // can be infinity by default
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
};
};
tenantIdForPasswordPolicy: string;
}): Promise<
| {
Expand All @@ -193,6 +272,7 @@ export type RecipeInterface = {
reason: string;
}
| { status: "PASSWORD_POLICY_VIOLATED_ERROR"; failureReason: string }
| { status: "BREACHED_PASSWORD_ERROR" | "OLD_PASSWORD_REUSED_ERROR" }
>;
};

Expand Down
Loading