STITCH-2546 Generate error if user ID is passed to destructive active user functions

package.json

@@ -19,7 +19,7 @@
 		"rollup-plugin-typescript2": "^0.15.0",
 		"rollup-plugin-uglify": "^4.0.0",
 		"ts-mockito": "^2.3.0",
-		"typedoc": "^0.11.1",
+		"typedoc": "^0.14.2",
 		"typescript": "^2.9.2"
 	},
 	"scripts": {

packages/browser/core/src/core/auth/internal/StitchAuthImpl.ts

@@ -225,6 +225,13 @@ export default class StitchAuthImpl extends CoreStitchAuth<StitchUser>
   }
 
   public logout(): Promise<void> {
+    // Guard against users accidentally thinking this is logoutUserWithId
+    if (arguments.length > 0) {
+      return Promise.reject(
+        new StitchClientError(StitchClientErrorCode.UnexpectedArguments)
+      );
+    }
+
     return super.logoutInternal();
   }
 
@@ -233,6 +240,13 @@ export default class StitchAuthImpl extends CoreStitchAuth<StitchUser>
   }
 
   public removeUser(): Promise<void> {
+    // Guard against users accidentally thinking this is removeUserWithId
+    if (arguments.length > 0) {
+      return Promise.reject(
+        new StitchClientError(StitchClientErrorCode.UnexpectedArguments)
+      );
+    }
+
     return super.removeUserInternal();
   }
 

packages/browser/coretest/__tests__/StitchAppClientIntTests.ts

@@ -33,7 +33,9 @@ import {
   UserPasswordAuthProvider,
   UserPasswordCredential,
   UserType,
-  MemoryStorage
+  MemoryStorage,
+  StitchClientError,
+  StitchClientErrorCode
 } from "mongodb-stitch-core-sdk";
 
 const harness = new BaseStitchBrowserIntTestHarness();
@@ -442,4 +444,76 @@ describe("StitchAppClient", () => {
       checkpoint4.getTime()
     );
   });
+
+  it("should prevent calling logout and removeUser with args", async () => {
+    const [appResponse, app] = await harness.createApp();
+    await harness.addProvider(app as App, new Anon());
+    await harness.addProvider(
+      app as App,
+      new Userpass(
+        "http://emailConfirmUrl.com",
+        "http://resetPasswordUrl.com",
+        "email subject",
+        "password subject"
+      )
+    );
+
+    const concreteAppResponse = appResponse as AppResponse;
+
+    let storage = new MemoryStorage(concreteAppResponse.clientAppId);
+    let client = harness.getAppClient(concreteAppResponse, storage);
+
+    // check storage
+    expect(client.auth.isLoggedIn).toBeFalsy();
+    expect(client.auth.user).toBeUndefined();
+
+    // login anonymously
+    const anonUser = await client.auth.loginWithCredential(
+      new AnonymousCredential()
+    );
+    expect(anonUser).toBeDefined();
+
+    // login with email provider and make sure user ID is updated
+    const emailUserId = await harness.registerAndLoginWithUserPass(
+      app as App,
+      client,
+      "test@10gen.com",
+      "hunter1"
+    );
+    expect(emailUserId).not.toEqual(anonUser.id);
+
+    // attempting to log out the anon user with logout should not work
+    try {
+      // @ts-ignore: Expected 0 arguments, but got 1
+      await client.auth.logout(anonUser.id);
+      fail("logout should have failed");
+    } catch (error) {
+      expect(error instanceof StitchClientError).toBeTruthy();
+      expect(error.errorCode).toEqual(
+        StitchClientErrorCode.UnexpectedArguments
+      );
+    }
+
+    expect(client.auth.user!.id).toEqual(emailUserId);
+    expect(client.auth.isLoggedIn).toBeTruthy();
+
+    expect(client.auth.listUsers().length).toBe(2);
+
+    // attempting to remove the anon user with removeUser should not work
+    try {
+      // @ts-ignore: Expected 0 arguments, but got 1
+      await client.auth.removeUser(anonUser.id);
+      fail("removeUser should have failed");
+    } catch (error) {
+      expect(error instanceof StitchClientError).toBeTruthy();
+      expect(error.errorCode).toEqual(
+        StitchClientErrorCode.UnexpectedArguments
+      );
+    }
+
+    expect(client.auth.user!.id).toEqual(emailUserId);
+    expect(client.auth.isLoggedIn).toBeTruthy();
+
+    expect(client.auth.listUsers().length).toBe(2);
+  });
 });

packages/core/sdk/src/StitchClientErrorCode.ts

@@ -28,6 +28,7 @@ export enum StitchClientErrorCode {
   CouldNotPersistAuthInfo,
   StreamingNotSupported,
   StreamClosed,
+  UnexpectedArguments,
 }
 
 /** @hidden */
@@ -49,5 +50,7 @@ export const clientErrorCodeDescs: { [key: number]: string } = {
   [StitchClientErrorCode.StreamingNotSupported]:
     "streaming not supported in this SDK",
   [StitchClientErrorCode.StreamClosed]:
-  "stream is closed"
+    "stream is closed",
+  [StitchClientErrorCode.UnexpectedArguments]:
+    "function does not accept arguments",
 };

packages/react-native/core/src/core/auth/internal/StitchAuthImpl.ts

@@ -97,6 +97,13 @@ export default class StitchAuthImpl extends CoreStitchAuth<StitchUser>
   }
 
   public logout(): Promise<void> {
+    // Guard against users accidentally thinking this is logoutUserWithId
+    if (arguments.length > 0) {
+      return Promise.reject(
+        new StitchClientError(StitchClientErrorCode.UnexpectedArguments)
+      );
+    }
+
     return super.logoutInternal();
   }
 
@@ -105,6 +112,13 @@ export default class StitchAuthImpl extends CoreStitchAuth<StitchUser>
   }
 
   public removeUser(): Promise<void> {
+    // Guard against users accidentally thinking this is removeUserWithId
+    if (arguments.length > 0) {
+      return Promise.reject(
+        new StitchClientError(StitchClientErrorCode.UnexpectedArguments)
+      );
+    }
+
     return super.removeUserInternal();
   }
 

packages/react-native/coretest/__tests__/StitchAppClientIntTests.ts

@@ -37,7 +37,9 @@ import {
   UserPasswordAuthProvider,
   UserPasswordCredential,
   UserType,
-  MemoryStorage
+  MemoryStorage,
+  StitchClientError,
+  StitchClientErrorCode
 } from "mongodb-stitch-core-sdk";
 
 const harness = new BaseStitchRNIntTestHarness();
@@ -442,4 +444,76 @@ describe("StitchAppClient", () => {
       checkpoint4.getTime()
     );
   });
+
+  it("should prevent calling logout and removeUser with args", async () => {
+    const [appResponse, app] = await harness.createApp();
+    await harness.addProvider(app as App, new Anon());
+    await harness.addProvider(
+      app as App,
+      new Userpass(
+        "http://emailConfirmUrl.com",
+        "http://resetPasswordUrl.com",
+        "email subject",
+        "password subject"
+      )
+    );
+
+    const concreteAppResponse = appResponse as AppResponse;
+
+    let storage = new MemoryStorage(concreteAppResponse.clientAppId);
+    let client = await harness.getAppClient(concreteAppResponse, storage);
+
+    // check storage
+    expect(client.auth.isLoggedIn).toBeFalsy();
+    expect(client.auth.user).toBeUndefined();
+
+    // login anonymously
+    const anonUser = await client.auth.loginWithCredential(
+      new AnonymousCredential()
+    );
+    expect(anonUser).toBeDefined();
+
+    // login with email provider and make sure user ID is updated
+    const emailUserId = await harness.registerAndLoginWithUserPass(
+      app as App,
+      client,
+      "test@10gen.com",
+      "hunter1"
+    );
+    expect(emailUserId).not.toEqual(anonUser.id);
+
+    // attempting to log out the anon user with logout should not work
+    try {
+      // @ts-ignore: Expected 0 arguments, but got 1
+      await client.auth.logout(anonUser.id);
+      fail("logout should have failed");
+    } catch (error) {
+      expect(error instanceof StitchClientError).toBeTruthy();
+      expect(error.errorCode).toEqual(
+        StitchClientErrorCode.UnexpectedArguments
+      );
+    }
+
+    expect(client.auth.user!.id).toEqual(emailUserId);
+    expect(client.auth.isLoggedIn).toBeTruthy();
+
+    expect(client.auth.listUsers().length).toBe(2);
+
+    // attempting to remove the anon user with removeUser should not work
+    try {
+      // @ts-ignore: Expected 0 arguments, but got 1
+      await client.auth.removeUser(anonUser.id);
+      fail("removeUser should have failed");
+    } catch (error) {
+      expect(error instanceof StitchClientError).toBeTruthy();
+      expect(error.errorCode).toEqual(
+        StitchClientErrorCode.UnexpectedArguments
+      );
+    }
+
+    expect(client.auth.user!.id).toEqual(emailUserId);
+    expect(client.auth.isLoggedIn).toBeTruthy();
+
+    expect(client.auth.listUsers().length).toBe(2);
+  });
 });

packages/server/core/src/core/auth/internal/StitchAuthImpl.ts

@@ -97,6 +97,13 @@ export default class StitchAuthImpl extends CoreStitchAuth<StitchUser>
   }
 
   public logout(): Promise<void> {
+    // Guard against users accidentally thinking this is logoutUserWithId
+    if (arguments.length > 0) {
+      return Promise.reject(
+        new StitchClientError(StitchClientErrorCode.UnexpectedArguments)
+      );
+    }
+
     return super.logoutInternal();
   }
 
@@ -105,6 +112,13 @@ export default class StitchAuthImpl extends CoreStitchAuth<StitchUser>
   }
 
   public removeUser(): Promise<void> {
+    // Guard against users accidentally thinking this is removeUserWithId
+    if (arguments.length > 0) {
+      return Promise.reject(
+        new StitchClientError(StitchClientErrorCode.UnexpectedArguments)
+      );
+    }
+
     return super.removeUserInternal();
   }
 

packages/server/coretest/__tests__/StitchAppClientIntTests.ts

@@ -33,7 +33,9 @@ import {
   MemoryStorage,
   UserPasswordAuthProvider,
   UserPasswordCredential,
-  UserType
+  UserType,
+  StitchClientError,
+  StitchClientErrorCode
 } from "mongodb-stitch-core-sdk";
 
 const harness = new BaseStitchServerIntTestHarness();
@@ -440,4 +442,76 @@ describe("StitchAppClient", () => {
       checkpoint4.getTime()
     );
   });
+
+  it("should prevent calling logout and removeUser with args", async () => {
+    const [appResponse, app] = await harness.createApp();
+    await harness.addProvider(app as App, new Anon());
+    await harness.addProvider(
+      app as App,
+      new Userpass(
+        "http://emailConfirmUrl.com",
+        "http://resetPasswordUrl.com",
+        "email subject",
+        "password subject"
+      )
+    );
+
+    const concreteAppResponse = appResponse as AppResponse;
+
+    let storage = new MemoryStorage(concreteAppResponse.clientAppId);
+    let client = harness.getAppClient(concreteAppResponse, storage);
+
+    // check storage
+    expect(client.auth.isLoggedIn).toBeFalsy();
+    expect(client.auth.user).toBeUndefined();
+
+    // login anonymously
+    const anonUser = await client.auth.loginWithCredential(
+      new AnonymousCredential()
+    );
+    expect(anonUser).toBeDefined();
+
+    // login with email provider and make sure user ID is updated
+    const emailUserId = await harness.registerAndLoginWithUserPass(
+      app as App,
+      client,
+      "test@10gen.com",
+      "hunter1"
+    );
+    expect(emailUserId).not.toEqual(anonUser.id);
+
+    // attempting to log out the anon user with logout should not work
+    try {
+      // @ts-ignore: Expected 0 arguments, but got 1
+      await client.auth.logout(anonUser.id);
+      fail("logout should have failed");
+    } catch (error) {
+      expect(error instanceof StitchClientError).toBeTruthy();
+      expect(error.errorCode).toEqual(
+        StitchClientErrorCode.UnexpectedArguments
+      );
+    }
+
+    expect(client.auth.user!.id).toEqual(emailUserId);
+    expect(client.auth.isLoggedIn).toBeTruthy();
+
+    expect(client.auth.listUsers().length).toBe(2);
+
+    // attempting to remove the anon user with removeUser should not work
+    try {
+      // @ts-ignore: Expected 0 arguments, but got 1
+      await client.auth.removeUser(anonUser.id);
+      fail("removeUser should have failed");
+    } catch (error) {
+      expect(error instanceof StitchClientError).toBeTruthy();
+      expect(error.errorCode).toEqual(
+        StitchClientErrorCode.UnexpectedArguments
+      );
+    }
+
+    expect(client.auth.user!.id).toEqual(emailUserId);
+    expect(client.auth.isLoggedIn).toBeTruthy();
+
+    expect(client.auth.listUsers().length).toBe(2);
+  });
 });