From b946edd91219edbdef58a9ed63110be66bf8a2ac Mon Sep 17 00:00:00 2001 From: avivash Date: Fri, 24 Feb 2023 18:53:57 -0800 Subject: [PATCH 1/5] Feat: first bit of user/challenge/recover --- .../Fission/Web/API/User/Challenge/Types.hs | 22 +++++++++ .../library/Fission/Web/API/User/Types.hs | 12 +++-- .../library/Fission/Web/Client/V2.hs | 8 ++++ .../Fission/Web/Server/Handler/User.hs | 2 + .../Web/Server/Handler/User/Challenge.hs | 48 +++++++++++++++++++ fission-web-server/package.yaml | 2 +- 6 files changed, 88 insertions(+), 6 deletions(-) create mode 100644 fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs create mode 100644 fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs diff --git a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs new file mode 100644 index 000000000..454536bb1 --- /dev/null +++ b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs @@ -0,0 +1,22 @@ +module Fission.Web.API.User.Challenge.Types (Routes (..)) where + +-- import Fission.Challenge.Types + +import Fission.Web.API.Prelude + +import Fission.User.Username.Types +import qualified Fission.Web.API.Auth.Types as Auth + +data Routes mode = Routes + { recover :: + mode + :- "recover" + :> Summary "Return challenge for account recovery" + -- + :> Capture "Username" Username + -- + :> Auth.HigherOrder + :> GetNoContent + -- :> Post '[JSON] Challenge + } + deriving Generic diff --git a/fission-web-api/library/Fission/Web/API/User/Types.hs b/fission-web-api/library/Fission/Web/API/User/Types.hs index 781777350..a3f8f93e0 100644 --- a/fission-web-api/library/Fission/Web/API/User/Types.hs +++ b/fission-web-api/library/Fission/Web/API/User/Types.hs @@ -6,6 +6,7 @@ import qualified Fission.Web.API.Relay.Types as Relay import qualified Fission.Web.API.User.Create.Types as Create import qualified Fission.Web.API.User.DID.Types as DID import qualified Fission.Web.API.User.DataRoot.Types as DataRoot +import qualified Fission.Web.API.User.Challenge.Types as Challenge import qualified Fission.Web.API.User.Email.Types as Email import qualified Fission.Web.API.User.ExchangeKey.Types as ExchangeKeys import qualified Fission.Web.API.User.Password.Reset.Types as Password @@ -18,11 +19,12 @@ data RoutesV3 mode = RoutesV3 deriving Generic data RoutesV2 mode = RoutesV2 - { dataRoot :: mode :- "data" :> ToServantApi DataRoot.RoutesV2 - , email :: mode :- "email" :> ToServantApi Email.Routes - , did :: mode :- "did" :> ToServantApi DID.RoutesV_ - , whoAmI :: mode :- "whoami" :> ToServantApi WhoAmI.Routes - , linkingRelay :: mode :- "link" :> ToServantApi Relay.Routes + { dataRoot :: mode :- "data" :> ToServantApi DataRoot.RoutesV2 + , challenge :: mode :- "challenge" :> ToServantApi Challenge.Routes + , email :: mode :- "email" :> ToServantApi Email.Routes + , did :: mode :- "did" :> ToServantApi DID.RoutesV_ + , whoAmI :: mode :- "whoami" :> ToServantApi WhoAmI.Routes + , linkingRelay :: mode :- "link" :> ToServantApi Relay.Routes , create :: mode :- Create.WithDID } deriving Generic diff --git a/fission-web-client/library/Fission/Web/Client/V2.hs b/fission-web-client/library/Fission/Web/Client/V2.hs index 792ce5f71..020d1a250 100644 --- a/fission-web-client/library/Fission/Web/Client/V2.hs +++ b/fission-web-client/library/Fission/Web/Client/V2.hs @@ -17,6 +17,8 @@ module Fission.Web.Client.V2 , setDIDViaUCAN , setDIDViaChallenge -- + , recoverChallenge + -- , verifyViaEmail , resendVerificationEmail , recoverViaEmail @@ -36,6 +38,7 @@ import qualified Fission.Web.API.Types as Fission import qualified Fission.Web.API.User.DID.Types as User.DID import qualified Fission.Web.API.User.DataRoot.Types as User.DataRoot +import qualified Fission.Web.API.User.Challenge.Types as User.Challenge import qualified Fission.Web.API.User.Email.Types as User.Email import qualified Fission.Web.API.User.Types as User import qualified Fission.Web.API.User.WhoAmI.Types as User.WhoAmI @@ -83,6 +86,11 @@ Fission.Routes , setViaChallenge = setDIDViaChallenge } + , challenge = fromServant @_ @(AsClientT ClientM) -> + User.Challenge.Routes + { recover = recoverChallenge + } + , email = fromServant @_ @(AsClientT ClientM) -> User.Email.Routes { verify = verifyViaEmail diff --git a/fission-web-server/library/Fission/Web/Server/Handler/User.hs b/fission-web-server/library/Fission/Web/Server/Handler/User.hs index 6b3cd26cd..cc9e6781d 100644 --- a/fission-web-server/library/Fission/Web/Server/Handler/User.hs +++ b/fission-web-server/library/Fission/Web/Server/Handler/User.hs @@ -25,6 +25,7 @@ import qualified Fission.Web.Server.Handler.Relay as Relay import qualified Fission.Web.Server.Handler.User.Create as Create import qualified Fission.Web.Server.Handler.User.DID as DID import qualified Fission.Web.Server.Handler.User.DataRoot as DataRoot +import qualified Fission.Web.Server.Handler.User.Challenge as Challenge import qualified Fission.Web.Server.Handler.User.Email as Email import qualified Fission.Web.Server.Handler.User.ExchangeKey as ExchangeKey import qualified Fission.Web.Server.Handler.User.Password.Reset as Password.Reset @@ -69,6 +70,7 @@ handlerV2 = User.RoutesV2 { create = Create.withDID , whoAmI = genericServerT WhoAmI.handler + , challenge = genericServerT Challenge.handler , email = genericServerT Email.handler , did = genericServerT DID.handlerV_ , linkingRelay = genericServerT Relay.handler diff --git a/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs new file mode 100644 index 000000000..d3e09a188 --- /dev/null +++ b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs @@ -0,0 +1,48 @@ +module Fission.Web.Server.Handler.User.Challenge (handler) where + +import Servant +import Servant.Server.Generic + +import Fission.Prelude + +import qualified Fission.Web.API.User.Challenge.Types as Challenge + +import Fission.Web.Server.Authorization.Types +import qualified Fission.Web.Server.Challenge.Retriever.Class as Challenge +import qualified Fission.Web.Server.Challenge.Verifier.Class as Challenge +import qualified Fission.Web.Server.Error as Web.Err +import Fission.Web.Server.Models +import qualified Fission.Web.Server.RecoveryChallenge.Creator.Class as RecoveryChallenge +import Fission.Web.Server.Redirect +import Fission.Web.Server.User.Retriever.Class as User + +import Fission.Web.Server.Email.Types +import Fission.Web.Server.Email.Types + +handler :: + ( Challenge.Retriever m + , Challenge.Verifier m + , RecoveryChallenge.Creator m + , User.Retriever m + , MonadThrow m + , MonadLogger m + -- , MonadEmail m + , MonadTime m + ) + => Challenge.Routes (AsServerT m) +handler = Challenge.Routes {..} + where + recover username = do + Entity userId User { userEmail } <- Web.Err.ensureMaybe couldntFindUser =<< getByUsername username + email <- Web.Err.ensureMaybe noAssociatedEmail userEmail + now <- currentTime + challenge <- RecoveryChallenge.create userId now + return NoContent + -- return challenge + + where + couldntFindUser = + err422 { errBody = "Couldn't find a user with this username" } + + noAssociatedEmail = + err422 { errBody = "There is no email associated with the user" } diff --git a/fission-web-server/package.yaml b/fission-web-server/package.yaml index c21c313b6..4e1187a11 100644 --- a/fission-web-server/package.yaml +++ b/fission-web-server/package.yaml @@ -1,5 +1,5 @@ name: fission-web-server -version: "2.21.0.0" +version: "2.21.0.1" category: API author: - Brooklyn Zelenka From 890e57bcd59dea17483141a8dd6183e5e35c11d3 Mon Sep 17 00:00:00 2001 From: avivash Date: Wed, 1 Mar 2023 17:14:35 -0700 Subject: [PATCH 2/5] Chore: return challenge --- .../library/Fission/Web/API/User/Challenge/Types.hs | 7 +++---- .../Fission/Web/Server/Handler/User/Challenge.hs | 13 ++----------- fission-web-server/package.yaml | 2 +- 3 files changed, 6 insertions(+), 16 deletions(-) diff --git a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs index 454536bb1..3b1890138 100644 --- a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs +++ b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs @@ -1,6 +1,6 @@ module Fission.Web.API.User.Challenge.Types (Routes (..)) where --- import Fission.Challenge.Types +import Fission.Challenge.Types import Fission.Web.API.Prelude @@ -15,8 +15,7 @@ data Routes mode = Routes -- :> Capture "Username" Username -- - :> Auth.HigherOrder - :> GetNoContent - -- :> Post '[JSON] Challenge + -- :> Auth.HigherOrder + :> Post '[JSON] Challenge } deriving Generic diff --git a/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs index d3e09a188..905f33ba0 100644 --- a/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs +++ b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs @@ -16,9 +16,6 @@ import qualified Fission.Web.Server.RecoveryChallenge.Creator.Class as RecoveryC import Fission.Web.Server.Redirect import Fission.Web.Server.User.Retriever.Class as User -import Fission.Web.Server.Email.Types -import Fission.Web.Server.Email.Types - handler :: ( Challenge.Retriever m , Challenge.Verifier m @@ -26,23 +23,17 @@ handler :: , User.Retriever m , MonadThrow m , MonadLogger m - -- , MonadEmail m , MonadTime m ) => Challenge.Routes (AsServerT m) handler = Challenge.Routes {..} where recover username = do - Entity userId User { userEmail } <- Web.Err.ensureMaybe couldntFindUser =<< getByUsername username - email <- Web.Err.ensureMaybe noAssociatedEmail userEmail + Entity userId User { } <- Web.Err.ensureMaybe couldntFindUser =<< getByUsername username now <- currentTime challenge <- RecoveryChallenge.create userId now - return NoContent - -- return challenge + return challenge where couldntFindUser = err422 { errBody = "Couldn't find a user with this username" } - - noAssociatedEmail = - err422 { errBody = "There is no email associated with the user" } diff --git a/fission-web-server/package.yaml b/fission-web-server/package.yaml index 4e1187a11..841233222 100644 --- a/fission-web-server/package.yaml +++ b/fission-web-server/package.yaml @@ -15,7 +15,7 @@ maintainer: - james@fission.codes - brian@fission.codes - philipp@fission.codes -copyright: © 2021 Fission Internet Software Services for Open Networks Inc. +copyright: © 2023 Fission Internet Software Services for Open Networks Inc. license: AGPL-3.0-or-later license-file: LICENSE github: fission-suite/fission From 222db1f12141acb3a1a9acc4086dd36aa7d69d07 Mon Sep 17 00:00:00 2001 From: avivash Date: Mon, 6 Mar 2023 13:16:42 -0800 Subject: [PATCH 3/5] Chore: enable auth header check in user/challenge/recover --- fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs index 3b1890138..479b55cc8 100644 --- a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs +++ b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs @@ -15,7 +15,7 @@ data Routes mode = Routes -- :> Capture "Username" Username -- - -- :> Auth.HigherOrder + :> Auth.HigherOrder :> Post '[JSON] Challenge } deriving Generic From db24e2ce1ccd7ddd0002e5ac51adb9a302e15676 Mon Sep 17 00:00:00 2001 From: avivash Date: Tue, 7 Mar 2023 10:56:03 -0800 Subject: [PATCH 4/5] Fix: remove unused imports --- .../library/Fission/Web/API/User/Challenge/Types.hs | 3 --- .../library/Fission/Web/Server/Handler/User/Challenge.hs | 5 ++--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs index 479b55cc8..40c50ea61 100644 --- a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs +++ b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs @@ -4,7 +4,6 @@ import Fission.Challenge.Types import Fission.Web.API.Prelude -import Fission.User.Username.Types import qualified Fission.Web.API.Auth.Types as Auth data Routes mode = Routes @@ -13,8 +12,6 @@ data Routes mode = Routes :- "recover" :> Summary "Return challenge for account recovery" -- - :> Capture "Username" Username - -- :> Auth.HigherOrder :> Post '[JSON] Challenge } diff --git a/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs index 905f33ba0..a8b84f045 100644 --- a/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs +++ b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs @@ -13,7 +13,6 @@ import qualified Fission.Web.Server.Challenge.Verifier.Class as Challenge import qualified Fission.Web.Server.Error as Web.Err import Fission.Web.Server.Models import qualified Fission.Web.Server.RecoveryChallenge.Creator.Class as RecoveryChallenge -import Fission.Web.Server.Redirect import Fission.Web.Server.User.Retriever.Class as User handler :: @@ -28,8 +27,8 @@ handler :: => Challenge.Routes (AsServerT m) handler = Challenge.Routes {..} where - recover username = do - Entity userId User { } <- Web.Err.ensureMaybe couldntFindUser =<< getByUsername username + recover Authorization { about = Entity userId User { userUsername = username } } = do + Entity _ User { } <- Web.Err.ensureMaybe couldntFindUser =<< getByUsername username now <- currentTime challenge <- RecoveryChallenge.create userId now return challenge From 32654169c89373777d641e0ba021fe6005b85276 Mon Sep 17 00:00:00 2001 From: avivash Date: Wed, 22 Mar 2023 15:25:30 -0700 Subject: [PATCH 5/5] Fix: capture username from endpoint and add to docs --- .../library/Fission/Web/API/User/Challenge/Types.hs | 4 ++++ fission-web-client/library/Fission/Web/Client/V2.hs | 4 ++-- .../library/Fission/Web/Server/Handler/User/Challenge.hs | 8 ++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs index 40c50ea61..9695e55ea 100644 --- a/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs +++ b/fission-web-api/library/Fission/Web/API/User/Challenge/Types.hs @@ -4,6 +4,8 @@ import Fission.Challenge.Types import Fission.Web.API.Prelude +import Fission.User.Username.Types + import qualified Fission.Web.API.Auth.Types as Auth data Routes mode = Routes @@ -12,6 +14,8 @@ data Routes mode = Routes :- "recover" :> Summary "Return challenge for account recovery" -- + :> Capture "Username" Username + -- :> Auth.HigherOrder :> Post '[JSON] Challenge } diff --git a/fission-web-client/library/Fission/Web/Client/V2.hs b/fission-web-client/library/Fission/Web/Client/V2.hs index 020d1a250..348de172a 100644 --- a/fission-web-client/library/Fission/Web/Client/V2.hs +++ b/fission-web-client/library/Fission/Web/Client/V2.hs @@ -17,7 +17,7 @@ module Fission.Web.Client.V2 , setDIDViaUCAN , setDIDViaChallenge -- - , recoverChallenge + , recoverViaChallenge -- , verifyViaEmail , resendVerificationEmail @@ -88,7 +88,7 @@ Fission.Routes , challenge = fromServant @_ @(AsClientT ClientM) -> User.Challenge.Routes - { recover = recoverChallenge + { recover = recoverViaChallenge } , email = fromServant @_ @(AsClientT ClientM) -> diff --git a/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs index a8b84f045..b02332cfa 100644 --- a/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs +++ b/fission-web-server/library/Fission/Web/Server/Handler/User/Challenge.hs @@ -8,17 +8,13 @@ import Fission.Prelude import qualified Fission.Web.API.User.Challenge.Types as Challenge import Fission.Web.Server.Authorization.Types -import qualified Fission.Web.Server.Challenge.Retriever.Class as Challenge -import qualified Fission.Web.Server.Challenge.Verifier.Class as Challenge import qualified Fission.Web.Server.Error as Web.Err import Fission.Web.Server.Models import qualified Fission.Web.Server.RecoveryChallenge.Creator.Class as RecoveryChallenge import Fission.Web.Server.User.Retriever.Class as User handler :: - ( Challenge.Retriever m - , Challenge.Verifier m - , RecoveryChallenge.Creator m + ( RecoveryChallenge.Creator m , User.Retriever m , MonadThrow m , MonadLogger m @@ -27,7 +23,7 @@ handler :: => Challenge.Routes (AsServerT m) handler = Challenge.Routes {..} where - recover Authorization { about = Entity userId User { userUsername = username } } = do + recover username Authorization { about = Entity userId _ } = do Entity _ User { } <- Web.Err.ensureMaybe couldntFindUser =<< getByUsername username now <- currentTime challenge <- RecoveryChallenge.create userId now