refactor(core): has user with normalized phone number match (#7385)

* refactor(core): has user with normalized phone number match

replace hasUserWithPhone using new hasHserWithNormalizedPhone

* chore: fix typo

Co-authored-by: Copilot <[email protected]>

* chore: update wording

Co-authored-by: Copilot <[email protected]>

* fix(core): fix sql condition

fix sql condition

* chore(test): add additional integration tests

add additional integration tests

* fix(test): fix integration test

fix integration test

* chore(core): update jsdoc comments

update jsdoc comments

---------

Co-authored-by: Copilot <[email protected]>

Author: simeng-li

packages/core/src/libraries/user.ts

@@ -29,7 +29,7 @@ export const createUserLibrary = (queries: Queries) => {
       hasUser,
       hasUserWithEmail,
       hasUserWithId,
-      hasUserWithPhone,
+      hasUserWithNormalizedPhone,
       hasUserWithIdentity,
       findUsersByIds,
       updateUserById,
@@ -103,7 +103,7 @@ export const createUserLibrary = (queries: Queries) => {
       throw new RequestError({ code: 'user.email_already_in_use', status: 422 });
     }
 
-    if (primaryPhone && (await hasUserWithPhone(primaryPhone, excludeUserId))) {
+    if (primaryPhone && (await hasUserWithNormalizedPhone(primaryPhone, excludeUserId))) {
       throw new RequestError({ code: 'user.phone_already_in_use', status: 422 });
     }
 

packages/core/src/queries/user.ts

@@ -79,6 +79,9 @@ export const createUserQueries = (pool: CommonQueryMethods) => {
       where lower(${fields.primaryEmail})=lower(${email})
     `);
 
+  /**
+   * Find user by phone with exact match.
+   */
   const findUserByPhone = async (phone: string) =>
     pool.maybeOne<User>(sql`
       select ${sql.join(Object.values(fields), sql`,`)}
@@ -195,7 +198,7 @@ export const createUserQueries = (pool: CommonQueryMethods) => {
     `);
 
   /**
-   * Find user by phone with exact match.
+   * Checks if a user exists in the database with an exact match on their phone number.
    */
   const hasUserWithPhone = async (phone: string, excludeUserId?: string) =>
     pool.exists(sql`
@@ -205,6 +208,51 @@ export const createUserQueries = (pool: CommonQueryMethods) => {
       ${conditionalSql(excludeUserId, (id) => sql`and ${fields.id}<>${id}`)}
     `);
 
+  /**
+   * Checks if a user exists in the database with a phone number that matches the provided
+   * number in either normalized format or with a leading '0'.
+   *
+   * @remarks
+   * This function normalizes the input phone number to account for variations in formatting.
+   * It checks for the existence of a user with the same phone number in two formats:
+   * - Standard international format (e.g., 61412345678)
+   * - International format with a leading '0' before the local number (e.g., 610412345678)
+   *
+   * If the provided phone number is not a valid international format, it falls back to checking
+   * for an exact match using the `hasUserWithPhone` function.
+   *
+   * @param phone - The phone number to check for user existence.
+   * @param excludeUserId - (Optional) If provided, excludes the user with this ID from the search,
+   * allowing for updates without false positives.
+   *
+   * @example
+   * // Database contains: 610412345678
+   * hasUserWithNormalizedPhone(61412345678); // returns: true
+   *
+   *  @example
+   * // Database contains: 61412345678
+   * hasUserWithNormalizedPhone(610412345678); // returns: true
+   */
+  const hasUserWithNormalizedPhone = async (phone: string, excludeUserId?: string) => {
+    const phoneNumberParser = new PhoneNumberParser(phone);
+
+    const { internationalNumber, internationalNumberWithLeadingZero, isValid } = phoneNumberParser;
+
+    // If the phone number is not a valid international phone number, find user with exact match.
+    if (!isValid || !internationalNumber || !internationalNumberWithLeadingZero) {
+      return hasUserWithPhone(phone, excludeUserId);
+    }
+
+    // Check if the user exists with any of the two formats.
+    return pool.exists(sql`
+      select ${fields.primaryPhone}
+      from ${table}
+      where (${fields.primaryPhone}=${internationalNumber}
+      or ${fields.primaryPhone}=${internationalNumberWithLeadingZero})
+      ${conditionalSql(excludeUserId, (id) => sql`and ${fields.id}<>${id}`)}
+    `);
+  };
+
   const hasUserWithIdentity = async (target: string, userId: string, excludeUserId?: string) =>
     pool.exists(
       sql`
@@ -341,6 +389,7 @@ export const createUserQueries = (pool: CommonQueryMethods) => {
     hasUserWithId,
     hasUserWithEmail,
     hasUserWithPhone,
+    hasUserWithNormalizedPhone,
     hasUserWithIdentity,
     countUsers,
     findUsers,

packages/core/src/routes/account/email-and-phone.ts

@@ -31,7 +31,7 @@ export default function emailAndPhoneRoutes<T extends UserRouter>(...args: Route
         email: z.string().regex(emailRegEx),
         newIdentifierVerificationRecordId: z.string(),
       }),
-      status: [204, 400, 401],
+      status: [204, 400, 401, 422],
     }),
     async (ctx, next) => {
       const { id: userId, scopes, identityVerified } = ctx.auth;
@@ -123,7 +123,7 @@ export default function emailAndPhoneRoutes<T extends UserRouter>(...args: Route
         phone: z.string().regex(phoneRegEx),
         newIdentifierVerificationRecordId: z.string(),
       }),
-      status: [204, 400, 401],
+      status: [204, 400, 401, 422],
     }),
     async (ctx, next) => {
       const { id: userId, scopes, identityVerified } = ctx.auth;

packages/core/src/routes/admin-user/basics.test.ts

@@ -34,7 +34,7 @@ const mockedQueries = {
     findUserById: jest.fn(async (id: string) => mockUser),
     hasUser: jest.fn(async () => mockHasUser()),
     hasUserWithEmail: jest.fn(async () => mockHasUserWithEmail()),
-    hasUserWithPhone: jest.fn(async () => mockHasUserWithPhone()),
+    hasUserWithNormalizedPhone: jest.fn(async () => mockHasUserWithPhone()),
     updateUserById: jest.fn(
       async (_, data: Partial<CreateUser>): Promise<User> => ({
         ...mockUser,

packages/core/src/routes/admin-user/basics.ts

@@ -30,7 +30,7 @@ export default function adminUserBasicsRoutes<T extends ManagementApiRouter>(
       hasUser,
       updateUserById,
       hasUserWithEmail,
-      hasUserWithPhone,
+      hasUserWithNormalizedPhone,
     },
   } = queries;
   const {
@@ -191,7 +191,7 @@ export default function adminUserBasicsRoutes<T extends ManagementApiRouter>(
         })
       );
       assertThat(
-        !primaryPhone || !(await hasUserWithPhone(primaryPhone)),
+        !primaryPhone || !(await hasUserWithNormalizedPhone(primaryPhone)),
         new RequestError({ code: 'user.phone_already_in_use', status: 422 })
       );
 

packages/core/src/routes/admin-user/mfa-verifications.test.ts

@@ -20,24 +20,15 @@ const { mockEsmWithActual } = createMockUtils(jest);
 const mockedQueries = {
   users: {
     findUserById: jest.fn(async (id: string) => mockUser),
-    hasUser: jest.fn(async () => mockHasUser()),
-    hasUserWithEmail: jest.fn(async () => mockHasUserWithEmail()),
-    hasUserWithPhone: jest.fn(async () => mockHasUserWithPhone()),
     updateUserById: jest.fn(
       async (_, data: Partial<CreateUser>): Promise<User> => ({
         ...mockUser,
         ...data,
       })
     ),
-    deleteUserById: jest.fn(),
-    deleteUserIdentity: jest.fn(),
   },
 } satisfies Partial2<Queries>;
 
-const mockHasUser = jest.fn(async () => false);
-const mockHasUserWithEmail = jest.fn(async () => false);
-const mockHasUserWithPhone = jest.fn(async () => false);
-
 const { findUserById, updateUserById } = mockedQueries.users;
 
 await mockEsmWithActual('../interaction/utils/totp-validation.js', () => ({

packages/core/src/routes/experience/classes/experience-interaction.test.ts

@@ -33,7 +33,7 @@ const mockEmail = '[email protected]';
 const userQueries = {
   hasActiveUsers: jest.fn().mockResolvedValue(false),
   hasUserWithEmail: jest.fn().mockResolvedValue(false),
-  hasUserWithPhone: jest.fn().mockResolvedValue(false),
+  hasUserWithNormalizedPhone: jest.fn().mockResolvedValue(false),
   hasUserWithIdentity: jest.fn().mockResolvedValue(false),
 };
 const userLibraries = {

packages/core/src/routes/experience/classes/libraries/profile-validator.ts

@@ -10,7 +10,8 @@ export class ProfileValidator {
   constructor(private readonly queries: Queries) {}
 
   public async guardProfileUniquenessAcrossUsers(profile: InteractionProfile = {}) {
-    const { hasUser, hasUserWithEmail, hasUserWithPhone, hasUserWithIdentity } = this.queries.users;
+    const { hasUser, hasUserWithEmail, hasUserWithNormalizedPhone, hasUserWithIdentity } =
+      this.queries.users;
     const { userSsoIdentities } = this.queries;
 
     const { username, primaryEmail, primaryPhone, socialIdentity, enterpriseSsoIdentity } = profile;
@@ -37,7 +38,7 @@ export class ProfileValidator {
 
     if (primaryPhone) {
       assertThat(
-        !(await hasUserWithPhone(primaryPhone)),
+        !(await hasUserWithNormalizedPhone(primaryPhone)),
         new RequestError({
           code: 'user.phone_already_in_use',
           status: 422,

packages/core/src/routes/experience/classes/verifications/social-verification.ts

@@ -258,14 +258,16 @@ export class SocialVerification implements IdentifierVerificationRecord<Verifica
 
     if (isNewUser) {
       const {
-        users: { hasUserWithEmail, hasUserWithPhone },
+        users: { hasUserWithEmail, hasUserWithNormalizedPhone },
       } = this.queries;
 
       return {
         // Sync the email only if the email is not used by other users
         ...conditional(primaryEmail && !(await hasUserWithEmail(primaryEmail)) && { primaryEmail }),
         // Sync the phone only if the phone is not used by other users
-        ...conditional(primaryPhone && !(await hasUserWithPhone(primaryPhone)) && { primaryPhone }),
+        ...conditional(
+          primaryPhone && !(await hasUserWithNormalizedPhone(primaryPhone)) && { primaryPhone }
+        ),
         ...conditional(name && { name }),
         ...conditional(avatar && { avatar }),
       };

packages/core/src/routes/interaction/actions/helpers.ts

@@ -53,7 +53,7 @@ const getSocialSyncProfile = async (
 
 /* Parse the user profile from the new linked Social identity */
 const parseNewSocialProfile = async (
-  { users: { hasUserWithEmail, hasUserWithPhone } }: Queries,
+  { users: { hasUserWithEmail, hasUserWithNormalizedPhone } }: Queries,
   { getLogtoConnectorById }: ConnectorLibrary,
   socialIdentifier: SocialIdentifier,
   user?: User
@@ -78,7 +78,9 @@ const parseNewSocialProfile = async (
       // Sync the email only if the email is not used by other users
       ...conditional(email && !(await hasUserWithEmail(email)) && { primaryEmail: email }),
       // Sync the phone only if the phone is not used by other users
-      ...conditional(phone && !(await hasUserWithPhone(phone)) && { primaryPhone: phone }),
+      ...conditional(
+        phone && !(await hasUserWithNormalizedPhone(phone)) && { primaryPhone: phone }
+      ),
     };
   }