Merge branch '0.9' into circleci-fix

sattvikc · web-flow · commit c1470801034c · 2022-09-16T13:22:01.000+05:30
diff --git a/recipe/session/middleware.go b/recipe/session/middleware.go
@@ -26,14 +26,15 @@ import (
 func VerifySessionHelper(recipeInstance Recipe, options *sessmodels.VerifySessionOptions, otherHandler http.HandlerFunc) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		dw := supertokens.MakeDoneWriter(w)
+		userContext := supertokens.MakeDefaultUserContextFromAPI(r)
 		session, err := (*recipeInstance.APIImpl.VerifySession)(options, sessmodels.APIOptions{
 			Config:               recipeInstance.Config,
 			OtherHandler:         otherHandler,
 			Req:                  r,
 			Res:                  dw,
 			RecipeID:             recipeInstance.RecipeModule.GetRecipeID(),
 			RecipeImplementation: recipeInstance.RecipeImpl,
-		}, &map[string]interface{}{})
+		}, userContext)
 		if err != nil {
 			err = supertokens.ErrorHandler(err, r, dw)
 			if err != nil {
diff --git a/recipe/thirdparty/recipe.go b/recipe/thirdparty/recipe.go
@@ -148,7 +148,7 @@ func (r *Recipe) getAllCORSHeaders() []string {
 }
 
 func (r *Recipe) handleError(err error, req *http.Request, res http.ResponseWriter) (bool, error) {
-	return false, err
+	return false, nil
 }
 
 func (r *Recipe) getEmailForUserId(userID string, userContext supertokens.UserContext) (evmodels.TypeEmailInfo, error) {
diff --git a/recipe/thirdpartyemailpassword/recipe.go b/recipe/thirdpartyemailpassword/recipe.go
@@ -205,7 +205,7 @@ func (r *Recipe) handleError(err error, req *http.Request, res http.ResponseWrit
 			return handleError, err
 		}
 	}
-	return false, err
+	return false, nil
 }
 
 func ResetForTest() {
diff --git a/recipe/thirdpartypasswordless/recipe.go b/recipe/thirdpartypasswordless/recipe.go
@@ -213,7 +213,7 @@ func (r *Recipe) handleError(err error, req *http.Request, res http.ResponseWrit
 			return handleError, err
 		}
 	}
-	return false, err
+	return false, nil
 }
 
 func ResetForTest() {
diff --git a/recipe/userroles/claims_test.go b/recipe/userroles/claims_test.go
@@ -313,11 +313,12 @@ func TestShouldValidatePermissions(t *testing.T) {
 	invalidClaimErr := err.(sessErrors.InvalidClaimError)
 	assert.Equal(t, 1, len(invalidClaimErr.InvalidClaims))
 	assert.Equal(t, "st-perm", invalidClaimErr.InvalidClaims[0].ID)
-	assert.Equal(t, map[string]interface{}{
-		"actualValue":       []interface{}{"a", "b"},
-		"expectedToInclude": "nope",
-		"message":           "wrong value",
-	}, invalidClaimErr.InvalidClaims[0].Reason)
+	reason := invalidClaimErr.InvalidClaims[0].Reason.(map[string]interface{})
+	assert.Equal(t, "wrong value", reason["message"])
+	assert.Equal(t, "nope", reason["expectedToInclude"])
+	assert.Equal(t, 2, len(reason["actualValue"].([]interface{})))
+	assert.Contains(t, reason["actualValue"], "a")
+	assert.Contains(t, reason["actualValue"], "b")
 }
 
 func TestShouldValidatePermissionsAfterRefetching(t *testing.T) {
@@ -370,9 +371,10 @@ func TestShouldValidatePermissionsAfterRefetching(t *testing.T) {
 	invalidClaimErr := err.(sessErrors.InvalidClaimError)
 	assert.Equal(t, 1, len(invalidClaimErr.InvalidClaims))
 	assert.Equal(t, "st-perm", invalidClaimErr.InvalidClaims[0].ID)
-	assert.Equal(t, map[string]interface{}{
-		"actualValue":       []interface{}{"a", "b"},
-		"expectedToInclude": "nope",
-		"message":           "wrong value",
-	}, invalidClaimErr.InvalidClaims[0].Reason)
+	reason := invalidClaimErr.InvalidClaims[0].Reason.(map[string]interface{})
+	assert.Equal(t, "wrong value", reason["message"])
+	assert.Equal(t, "nope", reason["expectedToInclude"])
+	assert.Equal(t, 2, len(reason["actualValue"].([]interface{})))
+	assert.Contains(t, reason["actualValue"], "a")
+	assert.Contains(t, reason["actualValue"], "b")
 }
diff --git a/test/auth-react-server/main.go b/test/auth-react-server/main.go
@@ -28,18 +28,22 @@ import (
 	"github.com/supertokens/supertokens-golang/recipe/emailpassword"
 	"github.com/supertokens/supertokens-golang/recipe/emailpassword/epmodels"
 	"github.com/supertokens/supertokens-golang/recipe/emailverification"
+	"github.com/supertokens/supertokens-golang/recipe/emailverification/evclaims"
 	"github.com/supertokens/supertokens-golang/recipe/emailverification/evmodels"
 	"github.com/supertokens/supertokens-golang/recipe/jwt"
 	"github.com/supertokens/supertokens-golang/recipe/passwordless"
 	"github.com/supertokens/supertokens-golang/recipe/passwordless/plessmodels"
 	"github.com/supertokens/supertokens-golang/recipe/session"
+	"github.com/supertokens/supertokens-golang/recipe/session/claims"
 	"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
 	"github.com/supertokens/supertokens-golang/recipe/thirdparty"
 	"github.com/supertokens/supertokens-golang/recipe/thirdparty/tpmodels"
 	"github.com/supertokens/supertokens-golang/recipe/thirdpartyemailpassword"
 	"github.com/supertokens/supertokens-golang/recipe/thirdpartyemailpassword/tpepmodels"
 	"github.com/supertokens/supertokens-golang/recipe/thirdpartypasswordless"
 	"github.com/supertokens/supertokens-golang/recipe/thirdpartypasswordless/tplmodels"
+	"github.com/supertokens/supertokens-golang/recipe/userroles"
+	"github.com/supertokens/supertokens-golang/recipe/userroles/userrolesclaims"
 	"github.com/supertokens/supertokens-golang/supertokens"
 )
 
@@ -86,6 +90,7 @@ func callSTInit(passwordlessConfig *plessmodels.TypeInput) {
 	thirdparty.ResetForTest()
 	thirdpartyemailpassword.ResetForTest()
 	thirdpartypasswordless.ResetForTest()
+	userroles.ResetForTest()
 
 	if passwordlessConfig == nil {
 		passwordlessConfig = &plessmodels.TypeInput{
@@ -525,6 +530,7 @@ func callSTInit(passwordlessConfig *plessmodels.TypeInput) {
 					},
 				},
 			}),
+			userroles.Init(nil),
 		},
 	})
 
@@ -556,9 +562,119 @@ func callSTInit(passwordlessConfig *plessmodels.TypeInput) {
 			rw.WriteHeader(200)
 			rw.Header().Add("content-type", "application/json")
 			bytes, _ := json.Marshal(map[string]interface{}{
-				"available": []string{"passwordless", "thirdpartypasswordless", "generalerror"},
+				"available": []string{"passwordless", "thirdpartypasswordless", "generalerror", "userroles"},
 			})
 			rw.Write(bytes)
+
+		} else if r.URL.Path == "/unverifyEmail" && r.Method == "GET" {
+			session.VerifySession(nil, func(w http.ResponseWriter, r *http.Request) {
+				sessionContainer := session.GetSessionFromRequestContext(r.Context())
+				emailverification.UnverifyEmail(sessionContainer.GetUserID(), nil)
+				sessionContainer.FetchAndSetClaim(evclaims.EmailVerificationClaim)
+				rw.Header().Add("content-type", "application/json")
+				rw.WriteHeader(200)
+				rw.Write([]byte("{\"status\": \"OK\"}"))
+			}).ServeHTTP(rw, r)
+
+		} else if r.URL.Path == "/setRole" && r.Method == "POST" {
+			session.VerifySession(nil, func(w http.ResponseWriter, r *http.Request) {
+				sessionContainer := session.GetSessionFromRequestContext(r.Context())
+				bodyBytes, err := ioutil.ReadAll(r.Body)
+				if err != nil {
+					return
+				}
+				var body map[string]interface{}
+				err = json.Unmarshal(bodyBytes, &body)
+				if err != nil {
+					return
+				}
+				role := body["role"].(string)
+				permissions := body["permissions"].([]interface{})
+				permissionsStr := make([]string, len(permissions))
+				for i, p := range permissions {
+					permissionsStr[i] = p.(string)
+				}
+				_, err = userroles.CreateNewRoleOrAddPermissions(role, permissionsStr, &map[string]interface{}{})
+				if err != nil {
+					return
+				}
+				_, err = userroles.AddRoleToUser(sessionContainer.GetUserID(), role, &map[string]interface{}{})
+				if err != nil {
+					return
+				}
+				err = sessionContainer.FetchAndSetClaim(userrolesclaims.UserRoleClaim)
+				if err != nil {
+					return
+				}
+				err = sessionContainer.FetchAndSetClaim(userrolesclaims.PermissionClaim)
+				if err != nil {
+					return
+				}
+				rw.Header().Add("content-type", "application/json")
+				rw.WriteHeader(200)
+				rw.Write([]byte("{\"status\": \"OK\"}"))
+			}).ServeHTTP(rw, r)
+
+		} else if r.URL.Path == "/checkRole" && r.Method == "POST" {
+			session.VerifySession(&sessmodels.VerifySessionOptions{
+				OverrideGlobalClaimValidators: func(globalClaimValidators []claims.SessionClaimValidator, sessionContainer sessmodels.SessionContainer, userContext supertokens.UserContext) ([]claims.SessionClaimValidator, error) {
+					req := (*userContext)["_default"].(map[string]interface{})["request"].(*http.Request)
+					bodyBytes, err := ioutil.ReadAll(req.Body)
+					if err != nil {
+						return nil, err
+					}
+					var body map[string]interface{}
+					err = json.Unmarshal(bodyBytes, &body)
+					if err != nil {
+						return nil, err
+					}
+
+					getValidator := func(validator claims.PrimitiveArrayClaimValidators, validatorStr string, args []interface{}) claims.SessionClaimValidator {
+						var maxAge *int64 = nil
+						var id *string = nil
+						if len(args) > 1 {
+							maxAgeFloat := args[1].(float64)
+							maxAgeInt := int64(maxAgeFloat)
+							maxAge = &maxAgeInt
+						}
+						if len(args) > 2 {
+							idStr := args[2].(string)
+							id = &idStr
+						}
+
+						switch validatorStr {
+						case "includes":
+							return validator.Includes(args[0].(string), maxAge, id)
+						case "excludes":
+							return validator.Excludes(args[0].(string), maxAge, id)
+						case "includesAll":
+							return validator.IncludesAll(args[0].([]interface{}), maxAge, id)
+						case "excludesAll":
+							return validator.ExcludesAll(args[0].([]interface{}), maxAge, id)
+						}
+
+						return claims.SessionClaimValidator{}
+					}
+
+					if role, ok := body["role"].(map[string]interface{}); ok {
+						validatorStr := role["validator"].(string)
+						args := role["args"].([]interface{})
+						globalClaimValidators = append(globalClaimValidators, getValidator(userrolesclaims.UserRoleClaimValidators, validatorStr, args))
+					}
+
+					if permission, ok := body["permission"].(map[string]interface{}); ok {
+						validatorStr := permission["validator"].(string)
+						args := permission["args"].([]interface{})
+						globalClaimValidators = append(globalClaimValidators, getValidator(userrolesclaims.PermissionClaimValidators, validatorStr, args))
+					}
+
+					return globalClaimValidators, nil
+				},
+			}, func(w http.ResponseWriter, r *http.Request) {
+				rw.Header().Add("content-type", "application/json")
+				rw.WriteHeader(200)
+				rw.Write([]byte("{\"status\": \"OK\"}"))
+			}).ServeHTTP(rw, r)
 		}
 	}))
 

Original file line number	Diff line number	Diff line change
`@@ -148,7 +148,7 @@ func (r *Recipe) getAllCORSHeaders() []string {`
`148`	`148`	`}`
`149`	`149`
`150`	`150`	`func (r Recipe) handleError(err error, req http.Request, res http.ResponseWriter) (bool, error) {`
`151`		`- return false, err`
	`151`	`+ return false, nil`
`152`	`152`	`}`
`153`	`153`
`154`	`154`	`func (r *Recipe) getEmailForUserId(userID string, userContext supertokens.UserContext) (evmodels.TypeEmailInfo, error) {`
Original file line number	Diff line number	Diff line change
`@@ -205,7 +205,7 @@ func (r Recipe) handleError(err error, req http.Request, res http.ResponseWrit`
`205`	`205`	`return handleError, err`
`206`	`206`	`}`
`207`	`207`	`}`
`208`		`- return false, err`
	`208`	`+ return false, nil`
`209`	`209`	`}`
`210`	`210`
`211`	`211`	`func ResetForTest() {`
Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,7 @@ func (r Recipe) handleError(err error, req http.Request, res http.ResponseWrit`
`213`	`213`	`return handleError, err`
`214`	`214`	`}`
`215`	`215`	`}`
`216`		`- return false, err`
	`216`	`+ return false, nil`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`func ResetForTest() {`