feat(client): add mfa operations (#1049)

Author: pradel

packages/client-password/src/client-password.ts

@@ -4,6 +4,7 @@ import {
   CreateUserServicePassword,
   CreateUserResult,
   LoginUserPasswordService,
+  AuthenticationResult,
 } from '@accounts/types';
 import { AccountsClientPasswordOptions } from './types';
 
@@ -39,7 +40,7 @@ export class AccountsClientPassword {
   /**
    * Log the user in with a password.
    */
-  public async login(user: LoginUserPasswordService): Promise<LoginResult> {
+  public async login(user: LoginUserPasswordService): Promise<AuthenticationResult> {
     const hashedPassword = this.hashPassword(user.password as string);
     return this.client.loginWithService('password', {
       ...user,

packages/client/__tests__/accounts-client.ts

@@ -30,6 +30,12 @@ const mockTransport = {
   verifyEmail: jest.fn(() => Promise.resolve()),
   sendVerificationEmail: jest.fn(() => Promise.resolve()),
   impersonate: jest.fn(() => Promise.resolve(impersonateResult)),
+  getUser: jest.fn(() => Promise.resolve()),
+  mfaChallenge: jest.fn(() => Promise.resolve()),
+  mfaAssociate: jest.fn(() => Promise.resolve()),
+  mfaAssociateByMfaToken: jest.fn(() => Promise.resolve()),
+  authenticators: jest.fn(() => Promise.resolve()),
+  authenticatorsByMfaToken: jest.fn(() => Promise.resolve()),
 };
 
 describe('Accounts', () => {
@@ -270,4 +276,53 @@ describe('Accounts', () => {
       expect(userTokens).toEqual(impersonateResult.tokens);
     });
   });
+
+  describe('getUser', () => {
+    it('calls transport', async () => {
+      await accountsClient.getUser();
+      expect(mockTransport.getUser).toHaveBeenCalledWith();
+    });
+  });
+
+  describe('mfaChallenge', () => {
+    it('calls transport', async () => {
+      await accountsClient.mfaChallenge('mfaTokenTest', 'authenticatorIdTest');
+      expect(mockTransport.mfaChallenge).toHaveBeenCalledWith(
+        'mfaTokenTest',
+        'authenticatorIdTest'
+      );
+    });
+  });
+
+  describe('mfaAssociate', () => {
+    it('calls transport', async () => {
+      await accountsClient.mfaAssociate('typeTest');
+      expect(mockTransport.mfaAssociate).toHaveBeenCalledWith('typeTest', undefined);
+    });
+  });
+
+  describe('mfaAssociateByMfaToken', () => {
+    it('calls transport', async () => {
+      await accountsClient.mfaAssociateByMfaToken('mfaTokenTest', 'typeTest');
+      expect(mockTransport.mfaAssociateByMfaToken).toHaveBeenCalledWith(
+        'mfaTokenTest',
+        'typeTest',
+        undefined
+      );
+    });
+  });
+
+  describe('authenticators', () => {
+    it('calls transport', async () => {
+      await accountsClient.authenticators();
+      expect(mockTransport.authenticators).toHaveBeenCalledWith();
+    });
+  });
+
+  describe('authenticatorsByMfaToken', () => {
+    it('calls transport', async () => {
+      await accountsClient.authenticatorsByMfaToken('mfaTokenTest');
+      expect(mockTransport.authenticatorsByMfaToken).toHaveBeenCalledWith('mfaTokenTest');
+    });
+  });
 });

packages/client/src/accounts-client.ts

@@ -1,4 +1,4 @@
-import { LoginResult, Tokens, ImpersonationResult, User } from '@accounts/types';
+import { Tokens, ImpersonationResult, User, AuthenticationResult } from '@accounts/types';
 import { TransportInterface } from './transport-interface';
 import { TokenStorage, AccountsClientOptions } from './types';
 import { tokenStorageLocal } from './token-storage-local';
@@ -102,9 +102,11 @@ export class AccountsClient {
   public async loginWithService(
     service: string,
     credentials: { [key: string]: any }
-  ): Promise<LoginResult> {
+  ): Promise<AuthenticationResult> {
     const response = await this.transport.loginWithService(service, credentials);
-    await this.setTokens(response.tokens);
+    if ('tokens' in response) {
+      await this.setTokens(response.tokens);
+    }
     return response;
   }
 
@@ -198,6 +200,26 @@ export class AccountsClient {
     await this.clearTokens();
   }
 
+  public mfaChallenge(mfaToken: string, authenticatorId: string) {
+    return this.transport.mfaChallenge(mfaToken, authenticatorId);
+  }
+
+  public mfaAssociate(type: string, params?: any) {
+    return this.transport.mfaAssociate(type, params);
+  }
+
+  public mfaAssociateByMfaToken(mfaToken: string, type: string, params?: any) {
+    return this.transport.mfaAssociateByMfaToken(mfaToken, type, params);
+  }
+
+  public authenticators() {
+    return this.transport.authenticators();
+  }
+
+  public authenticatorsByMfaToken(mfaToken: string) {
+    return this.transport.authenticatorsByMfaToken(mfaToken);
+  }
+
   private getTokenKey(tokenName: TokenKey): string {
     return `${this.options.tokenStoragePrefix}:${tokenName}`;
   }

packages/client/src/transport-interface.ts

@@ -5,10 +5,12 @@ import {
   CreateUser,
   User,
   CreateUserResult,
+  Authenticator,
+  AuthenticationResult,
 } from '@accounts/types';
 import { AccountsClient } from './accounts-client';
 
-export interface TransportInterface {
+export interface TransportInterface extends TransportMfaInterface {
   client: AccountsClient;
   createUser(user: CreateUser): Promise<CreateUserResult>;
   authenticateWithService(
@@ -22,7 +24,7 @@ export interface TransportInterface {
     authenticateParams: {
       [key: string]: string | object;
     }
-  ): Promise<LoginResult>;
+  ): Promise<AuthenticationResult>;
   logout(): Promise<void>;
   getUser(): Promise<User>;
   refreshTokens(accessToken: string, refreshToken: string): Promise<LoginResult>;
@@ -34,3 +36,11 @@ export interface TransportInterface {
   changePassword(oldPassword: string, newPassword: string): Promise<void>;
   impersonate(token: string, impersonated: ImpersonationUserIdentity): Promise<ImpersonationResult>;
 }
+
+interface TransportMfaInterface {
+  authenticators(): Promise<Authenticator[]>;
+  authenticatorsByMfaToken(mfaToken?: string): Promise<Authenticator[]>;
+  mfaAssociate(type: string, params?: any): Promise<any>;
+  mfaAssociateByMfaToken(mfaToken: string, type: string, params?: any): Promise<any>;
+  mfaChallenge(mfaToken: string, authenticatorId: string): Promise<any>;
+}

packages/e2e/__tests__/password.ts

@@ -1,4 +1,5 @@
 import { servers } from './servers';
+import { LoginResult } from '@accounts/types';
 
 const user = {
   email: '[email protected]',
@@ -36,12 +37,12 @@ Object.keys(servers).forEach((key) => {
       });
 
       it('should login the user and get the session', async () => {
-        const loginResult = await server.accountsClientPassword.login({
+        const loginResult = (await server.accountsClientPassword.login({
           user: {
             email: user.email,
           },
           password: user.password,
-        });
+        })) as LoginResult;
         expect(loginResult.sessionId).toBeTruthy();
         expect(loginResult.tokens.accessToken).toBeTruthy();
         expect(loginResult.tokens.refreshToken).toBeTruthy();
@@ -91,12 +92,12 @@ Object.keys(servers).forEach((key) => {
         user.password = newPassword;
         expect(data).toBeNull();
 
-        const loginResult = await server.accountsClientPassword.login({
+        const loginResult = (await server.accountsClientPassword.login({
           user: {
             email: user.email,
           },
           password: user.password,
-        });
+        })) as LoginResult;
         expect(loginResult.sessionId).toBeTruthy();
         expect(loginResult.tokens.accessToken).toBeTruthy();
         expect(loginResult.tokens.refreshToken).toBeTruthy();
@@ -116,12 +117,12 @@ Object.keys(servers).forEach((key) => {
         user.password = newPassword;
         expect(data).toBeNull();
 
-        const loginResult = await server.accountsClientPassword.login({
+        const loginResult = (await server.accountsClientPassword.login({
           user: {
             email: user.email,
           },
           password: user.password,
-        });
+        })) as LoginResult;
         expect(loginResult.sessionId).toBeTruthy();
         expect(loginResult.tokens.accessToken).toBeTruthy();
         expect(loginResult.tokens.refreshToken).toBeTruthy();