use sealed class and deprecate old method

Author: grdsdev

packages/gotrue/lib/src/gotrue_mfa_api.dart

@@ -41,37 +41,56 @@ class GoTrueMFAApi {
   /// [phone] : Phone number of the MFA factor in E.164 format. Used to send messages.
   ///
   /// [friendlyName] : Human readable name assigned to the factor.
+  @Deprecated('Use enrollWithParams instead for better type safety')
   Future<AuthMFAEnrollResponse> enroll({
     FactorType factorType = FactorType.totp,
     String? issuer,
     String? phone,
     String? friendlyName,
   }) async {
-    if (factorType == FactorType.phone && phone == null) {
-      throw ArgumentError('Phone number is required for phone factor type');
+    if (factorType == FactorType.phone && phone != null) {
+      return enrollWithParams(
+          PhoneEnrollParams(phone: phone, friendlyName: friendlyName));
     }
 
-    if (factorType == FactorType.totp && issuer == null) {
-      throw ArgumentError('Issuer is required for totp factor type');
+    if (factorType == FactorType.totp && issuer != null) {
+      return enrollWithParams(
+          TOTPEnrollParams(issuer: issuer, friendlyName: friendlyName));
     }
 
+    throw ArgumentError('Invalid arguments, expected either phone or issuer.');
+  }
+
+  /// Starts the enrollment process for a new Multi-Factor Authentication (MFA) factor.
+  /// This method creates a new `unverified` factor.
+  /// To verify a factor, present the QR code or secret to the user and ask them to add it to their authenticator app.
+  ///
+  /// The user has to enter the code from their authenticator app to verify it.
+  ///
+  /// Upon verifying a factor, all other sessions are logged out and the current session's authenticator level is promoted to `aal2`.
+  ///
+  /// [params] : Type-safe parameters for enrolling a new MFA factor.
+  Future<AuthMFAEnrollResponse> enrollWithParams(MFAEnrollParams params) async {
     final session = _client.currentSession;
     final data = await _fetch.request(
       '${_client._url}/factors',
       RequestMethodType.post,
       options: GotrueRequestOptions(
         headers: _client._headers,
         body: {
-          'friendly_name': friendlyName,
-          'factor_type': factorType.name,
-          if (factorType == FactorType.totp) 'issuer': issuer,
-          if (factorType == FactorType.phone) 'phone': phone,
+          'friendly_name': params.friendlyName,
+          'factor_type': switch (params) {
+            TOTPEnrollParams() => FactorType.totp.name,
+            PhoneEnrollParams() => FactorType.phone.name,
+          },
+          if (params is TOTPEnrollParams) 'issuer': params.issuer,
+          if (params is PhoneEnrollParams) 'phone': params.phone,
         },
         jwt: session?.accessToken,
       ),
     );
 
-    if (factorType == FactorType.totp &&
+    if (params is TOTPEnrollParams &&
         data['totp'] != null &&
         data['totp']['qr_code'] != null) {
       data['totp']['qr_code'] =

packages/gotrue/lib/src/types/mfa.dart

@@ -25,7 +25,9 @@ class AuthMFAEnrollResponse {
       id: json['id'],
       type: FactorType.values.firstWhere((e) => e.name == json['type']),
       totp: json['totp'] != null ? TOTPEnrollment.fromJson(json['totp']) : null,
-      phone: json['phone'] != null ? PhoneEnrollment.fromJson(json['phone']) : null,
+      phone: json['phone'] != null
+          ? PhoneEnrollment.fromJson(json['phone'])
+          : null,
     );
   }
 }
@@ -337,3 +339,38 @@ class AMREntry {
     );
   }
 }
+
+/// Parameters for enrolling a new MFA factor
+sealed class MFAEnrollParams {
+  /// Friendly name of the factor, useful to disambiguate between multiple factors.
+  final String? friendlyName;
+
+  /// Type of factor being enrolled.
+  final FactorType factorType;
+
+  const MFAEnrollParams({this.friendlyName, required this.factorType});
+}
+
+/// Parameters for enrolling a TOTP factor
+class TOTPEnrollParams extends MFAEnrollParams {
+  /// Domain which the user is enrolled with.
+  final String issuer;
+
+  const TOTPEnrollParams({
+    required this.issuer,
+    super.friendlyName,
+    super.factorType = FactorType.totp,
+  });
+}
+
+/// Parameters for enrolling a phone factor
+class PhoneEnrollParams extends MFAEnrollParams {
+  /// Phone number of the MFA factor in E.164 format. Used to send messages.
+  final String phone;
+
+  const PhoneEnrollParams({
+    required this.phone,
+    super.friendlyName,
+    super.factorType = FactorType.phone,
+  });
+}

packages/gotrue/test/src/gotrue_mfa_api_test.dart

@@ -34,55 +34,90 @@ void main() {
   });
 
   group('enroll', () {
-    test('totp', () async {
-      await client.signInWithPassword(password: password, email: email1);
-
-      final res = await client.mfa
-          .enroll(issuer: 'MyFriend', friendlyName: 'MyFriendName');
-      final uri = Uri.parse(res.totp!.uri);
-
-      expect(res.type, FactorType.totp);
-      expect(uri.queryParameters['issuer'], 'MyFriend');
-      expect(uri.scheme, 'otpauth');
-    });
-
-    test('phone', () async {
-      await client.signInWithPassword(password: password, email: email1);
-
-      expect(
-        () => client.mfa
-            .enroll(factorType: FactorType.phone, phone: '+1234567890'),
-        throwsA(isA<AuthApiException>().having(
-          (e) => e.message,
-          'message',
-          'MFA enroll is disabled for Phone',
-        )),
-      );
-    });
-
-    test(
-        'throws ArgumentError when phone factor type is used without phone number',
-        () async {
-      expect(
-        () => client.mfa.enroll(factorType: FactorType.phone),
-        throwsA(isA<ArgumentError>().having(
-          (e) => e.message,
-          'message',
-          'Phone number is required for phone factor type',
-        )),
-      );
+    group('deprecated method', () {
+      test('totp', () async {
+        await client.signInWithPassword(password: password, email: email1);
+
+        final res = await client.mfa.enroll(
+          issuer: 'MyFriend',
+          friendlyName: 'MyFriendName',
+        );
+        final uri = Uri.parse(res.totp!.uri);
+
+        expect(res.type, FactorType.totp);
+        expect(uri.queryParameters['issuer'], 'MyFriend');
+        expect(uri.scheme, 'otpauth');
+      });
+
+      test('phone', () async {
+        await client.signInWithPassword(password: password, email: email1);
+
+        expect(
+          () => client.mfa.enroll(
+            factorType: FactorType.phone,
+            phone: '+1234567890',
+          ),
+          throwsA(isA<AuthApiException>().having(
+            (e) => e.message,
+            'message',
+            'MFA enroll is disabled for Phone',
+          )),
+        );
+      });
+
+      test('throws ArgumentError when invalid arguments are provided',
+          () async {
+        expect(
+          () => client.mfa.enroll(factorType: FactorType.phone),
+          throwsA(isA<ArgumentError>().having(
+            (e) => e.message,
+            'message',
+            'Invalid arguments, expected either phone or issuer.',
+          )),
+        );
+
+        expect(
+          () => client.mfa.enroll(factorType: FactorType.totp),
+          throwsA(isA<ArgumentError>().having(
+            (e) => e.message,
+            'message',
+            'Invalid arguments, expected either phone or issuer.',
+          )),
+        );
+      });
     });
 
-    test('throws ArgumentError when totp factor type is used without issuer',
-        () async {
-      expect(
-        () => client.mfa.enroll(factorType: FactorType.totp),
-        throwsA(isA<ArgumentError>().having(
-          (e) => e.message,
-          'message',
-          'Issuer is required for totp factor type',
-        )),
-      );
+    group('enrollWithParams', () {
+      test('totp', () async {
+        await client.signInWithPassword(password: password, email: email1);
+
+        final res = await client.mfa.enrollWithParams(
+          TOTPEnrollParams(
+            issuer: 'MyFriend',
+            friendlyName: 'MyFriendName',
+          ),
+        );
+        final uri = Uri.parse(res.totp!.uri);
+
+        expect(res.type, FactorType.totp);
+        expect(uri.queryParameters['issuer'], 'MyFriend');
+        expect(uri.scheme, 'otpauth');
+      });
+
+      test('phone', () async {
+        await client.signInWithPassword(password: password, email: email1);
+
+        expect(
+          () => client.mfa.enrollWithParams(
+            PhoneEnrollParams(phone: '+1234567890'),
+          ),
+          throwsA(isA<AuthApiException>().having(
+            (e) => e.message,
+            'message',
+            'MFA enroll is disabled for Phone',
+          )),
+        );
+      });
     });
   });