Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: migrate /auth endpoint handling to Typescript #215

Merged
merged 62 commits into from
Sep 7, 2020
Merged

refactor: migrate /auth endpoint handling to Typescript #215

merged 62 commits into from
Sep 7, 2020

Conversation

karrui
Copy link
Contributor

@karrui karrui commented Aug 26, 2020
edited
Loading

Problem

This PR tries to encapsulate the /auth route under a new auth module located in modules/auth.

The first Typescript integration tests are also written for auth.routes, using a new testing directory directly inside the module folder for closer integration. The various tsconfig and eslintrc files has been updated to accommodate this change.

Related to #144

Solution

Features:

  • New auth module containing
    • auth/auth.route
    • auth/auth.middlewares
    • auth/auth.controller
    • auth/auth.service
    • auth/auth.errors

Improvements:

  • Remove unused functions in old auth controller

Tests

  • Add unit tests for:

    • auth/auth.middlewares
    • auth/auth.controller
    • auth/auth.service

  • Add integration tests for:

    • auth/auth.route

Release Tests

  • Sign out should work properly
  • Logging in to existing user should work properly
    • Invalid OTP should return 422 with invalid OTP message
    • Entering wrong OTP 10 times should return 422, and subsequently entering correct OTP will still return 422.
    • Requesting for new OTP should work, and login successfully
  • Attempt to login as a new user by logging in with your open.gov.sg email; e.g. <youremail>+test@open.gov.sg
    • Should create new user successfully upon log in, test with creating a form, log out and log back in. Your form should still be there.

@karrui
refactor: replace authentication routes with nested router in ts
1e4997b
@karrui
feat(AuthService): add validateDomain method
1b33c2d
@karrui
feat(AuthController): add handleCheckUser function
6228e5c
@karrui
refactor(AuthMiddleware): extract validateDomain from AuthService
286f208
@karrui
feat(TokenModel): add upsertOtp static method to model
8630ce2
@karrui
feat(AuthService): add createLoginOtp function
5ff7333
@karrui
feat: add UserService to upsert User document on login
bcac535
@karrui
feat(AuthService): add verifyLoginOtp function
b5c0f80
@karrui
refactor: rename validateDomain to getAgencyWithEmail
2b7eccd 
This is so that this function can be repurposed to also fetch the agency whilst validating.
@karrui
feat(TokenModel): add incrementAttemptsByEmail function
40828f6
@karrui
refactor: rename the old AuthController OldAuthController temporarily
e634888
@karrui
feat: add validateDomain middleware for entire /auth route
e39a1a4
@karrui
feat(AuthController): add auth controller handler functions
88d6120
@karrui
fix: update imports to be relative
5dcd1c4
@karrui
fix: update middleware to not be router level
a91ddd9
@karrui
feat: add AuthRules
5a1356f
@karrui
feat: add better documentation for functions
50dad9f
@karrui
feat: remove unused functions in old auth controller
7dcc274
@karrui karrui marked this pull request as draft August 26, 2020 11:17
@karrui
feat: add documentation for validateDomain middleware
d0d238b
@karrui
test(AuthController): remove deleted function tests
1f4ba08
@karrui
Merge branch 'develop' into feat/ts-auth-controller
7871b74 
# Conflicts:
#	src/app/controllers/authentication.server.controller.js
#	src/app/modules/user/user.service.ts
#	src/loaders/express/index.ts
@karrui
fix: invalid otpGenerator import from merging
199ad00
@karrui
Merge branch 'develop' into feat/ts-auth-controller
8c853ce 
# Conflicts:
#	src/app/controllers/authentication.server.controller.js
@karrui
fix(Auth): use new logger instantiation
8b70e94
@karrui
Merge branch 'develop' into feat/ts-auth-controller
07da5ca 
# Conflicts:
#	src/app/controllers/authentication.server.controller.js
#	src/app/routes/authentication.server.routes.js
#	src/loaders/express/index.ts
#	tests/unit/backend/controllers/authentication.server.controller.spec.js
@karrui
chore: add eslint for all "*.spec.ts" files
153d0b8
@karrui
test(AuthService): add tests for getAgencyWithEmail function
3380d20
@karrui
test(AuthService): add tests for createLoginOtp function
4cb9f6f
@karrui
test(AuthService): add verifyLoginOtp tests
b6a5f9a
@karrui
Copy link
Contributor Author

karrui commented Sep 2, 2020

Ready for review. Please don't be scared by the high line count, it's just because it has a lot of new tests.

@karrui karrui marked this pull request as ready for review September 2, 2020 04:18
@karrui karrui changed the title wip: migrate /auth endpoint handling to Typescript feat: migrate /auth endpoint handling to Typescript Sep 2, 2020
@karrui karrui changed the title feat: migrate /auth endpoint handling to Typescript refactor: migrate /auth endpoint handling to Typescript Sep 2, 2020
@karrui
Copy link
Contributor Author

karrui commented Sep 2, 2020
edited
Loading

Forgot /signout integration tests...

liangyuanruo
liangyuanruo reviewed Sep 3, 2020
View reviewed changes
src/app/modules/auth/auth.controller.ts Outdated
Comment on lines 108 to 120
if (verifyErr) {
logger.warn({
message:
verifyErr instanceof InvalidOtpError
? 'Login OTP is invalid'
: 'Error occurred when trying to validate login OTP',
meta: logMeta,
error: verifyErr,
})

if (verifyErr instanceof InvalidOtpError) {
return res.status(verifyErr.status).send(verifyErr.message)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (verifyErr) {
logger.warn({
message:
verifyErr instanceof InvalidOtpError
? 'Login OTP is invalid'
: 'Error occurred when trying to validate login OTP',
meta: logMeta,
error: verifyErr,
})
if (verifyErr instanceof InvalidOtpError) {
return res.status(verifyErr.status).send(verifyErr.message)
}
if (verifyErr) {
logger.warn({
message:
verifyErr instanceof InvalidOtpError
? 'Login OTP is invalid'
: 'Error occurred when trying to validate login OTP',
meta: logMeta,
error: verifyErr,
return res.status(verifyErr.status).send(verifyErr.message)
}

Would this be safer? Although we have tests, I would like to minimise the chance of a future engineer refactoring wrongly or introducing a vulnerability to the login.

Copy link
Contributor Author

@karrui karrui Sep 3, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will change the check to instanceof ApplicationError, and all known errors should be an ApplicationError. However, we will still need the check, since normal errors don't have err.status.

EDIT: Updated the check in 9db99b4

liangyuanruo
liangyuanruo reviewed Sep 3, 2020
View reviewed changes
src/app/modules/auth/auth.controller.ts Outdated

// OTP is valid, proceed to login user.
try {
const agency = await AuthService.getAgencyWithEmail(email)
Copy link
Contributor

@liangyuanruo liangyuanruo Sep 3, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here we see that the middleware pattern with validateDomain results in an additional network call to the database to fetch the agency object again. can we revisit our discussion? because (1) adhering to a pattern at the cost of performance seems dogmatic, and (2) the controller can help to set the context in which an agency lookup failure occurs, so duplicate logging may not be a real issue.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can discuss after syncup later; but I also agree. I've experimented with passing agency into locals like before in b6a48db; seems like the best way to save some db calls. Take a look.

@karrui
refactor(User): move upsertUser method into user schema
754c7ed
@karrui
refactor: convert ApplicationError into abstract class
c8c0217 
This prevents developers from using ApplicationError directly and are forced to extend from the class (in Typescript).
@karrui
refactor(AuthController): update error type check to ApplicationError
9db99b4
@karrui
feat: add ResponseWithLocals typing to extend res.locals typing
45ef05d
@karrui
feat(AuthController): retrieve agency from res.locals instead
b6a48db
@karrui
refactor(UserService): rename upsertAndReturnUser to retrieveUser
0f910c0
@karrui
test: update tests to use UserService.retrieveUser instead
e0befed
@karrui
Merge branch 'develop' into feat/ts-auth-controller
f5c9136 
# Conflicts:
#	src/app/controllers/authentication.server.controller.js
@karrui
fix(Auth): import constant.ts instead of now deleted defaults.ts
ac85062
@karrui
style: fix lint from merging
f9b30bc
@karrui
Merge branch 'develop' into feat/ts-auth-controller
a05faaf 
# Conflicts:
#	src/app/models/user.server.model.ts
@karrui
lint: fix lint issues from stricter lint rules
04d7209
@liangyuanruo liangyuanruo merged commit 5cba28a into develop Sep 7, 2020
@liangyuanruo liangyuanruo deleted the feat/ts-auth-controller branch September 7, 2020 14:36
@karrui karrui mentioned this pull request Sep 17, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liangyuanruo liangyuanruo liangyuanruo approved these changes

@mantariksh mantariksh Awaiting requested review from mantariksh

@arshadali172 arshadali172 Awaiting requested review from arshadali172

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@karrui @liangyuanruo