Merge pull request #261 from supertokens/input-validation-fix

rishabhpoddar · web-flow · commit f3db5c0c24ef · 2023-04-05T12:44:05.000+05:30
fix: build fix
diff --git a/examples/go.sum b/examples/go.sum
@@ -214,6 +214,7 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -423,6 +424,7 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/nyaruka/phonenumbers v1.0.73 h1:bP2WN8/NUP8tQebR+WCIejFaibwYMHOaB7MQVayclUo=
 github.com/nyaruka/phonenumbers v1.0.73/go.mod h1:3aiS+PS3DuYwkbK3xdcmRwMiPNECZ0oENH8qUT1lY7Q=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -542,6 +544,7 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
+github.com/twilio/twilio-go v0.26.0 h1:wFW4oTe3/LKt6bvByP7eio8JsjtaLHjMQKOUEzQry7U=
 github.com/twilio/twilio-go v0.26.0/go.mod h1:lz62Hopu4vicpQ056H5TJ0JE4AP0rS3sQ35/ejmgOwE=
 github.com/twitchtv/twirp v8.1.0+incompatible h1:KGXanpa9LXdVE/V5P/tA27rkKFmXRGCtSNT7zdeeVOY=
 github.com/twitchtv/twirp v8.1.0+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
diff --git a/recipe/emailpassword/api/utils.go b/recipe/emailpassword/api/utils.go
@@ -17,35 +17,49 @@ package api
 
 import (
 	"encoding/json"
-	defaultErrors "errors"
 	"strings"
 
 	"github.com/supertokens/supertokens-golang/recipe/emailpassword/epmodels"
 	"github.com/supertokens/supertokens-golang/recipe/emailpassword/errors"
+	"github.com/supertokens/supertokens-golang/supertokens"
 )
 
 func validateFormFieldsOrThrowError(configFormFields []epmodels.NormalisedFormField, formFieldsRaw interface{}) ([]epmodels.TypeFormField, error) {
 	if formFieldsRaw == nil {
-		return nil, defaultErrors.New("Missing input param: formFields")
+		return nil, supertokens.BadInputError{
+			Msg: "Missing input param: formFields",
+		}
 	}
 
 	if _, ok := formFieldsRaw.([]interface{}); !ok {
-		return nil, defaultErrors.New("formFields must be an array")
+		return nil, supertokens.BadInputError{
+			Msg: "formFields must be an array",
+		}
 	}
 
 	var formFields []epmodels.TypeFormField
 	for _, rawFormField := range formFieldsRaw.([]interface{}) {
 
 		if _, ok := rawFormField.(map[string]interface{}); !ok {
-			return nil, defaultErrors.New("formFields must be an array of objects containing id and value of type string")
+			return nil, supertokens.BadInputError{
+				Msg: "formFields must be an array of objects containing id and value of type string",
+			}
 		}
 
-		if _, ok := rawFormField.(map[string]interface{})["id"].(string); !ok {
-			return nil, defaultErrors.New("formFields must be an array of objects containing id and value of type string")
+		if rawFormField.(map[string]interface{})["id"] != nil {
+			if _, ok := rawFormField.(map[string]interface{})["id"].(string); !ok {
+				return nil, supertokens.BadInputError{
+					Msg: "formFields must be an array of objects containing id and value of type string",
+				}
+			}
 		}
 
-		if _, ok := rawFormField.(map[string]interface{})["value"].(string); !ok {
-			return nil, defaultErrors.New("formFields must be an array of objects containing id and value of type string")
+		if rawFormField.(map[string]interface{})["value"] != nil {
+			if _, ok := rawFormField.(map[string]interface{})["value"].(string); !ok {
+				return nil, supertokens.BadInputError{
+					Msg: "formFields must be an array of objects containing id and value of type string",
+				}
+			}
 		}
 
 		jsonformField, err := json.Marshal(rawFormField)
@@ -77,7 +91,9 @@ func validateFormFieldsOrThrowError(configFormFields []epmodels.NormalisedFormFi
 func validateFormOrThrowError(configFormFields []epmodels.NormalisedFormField, inputs []epmodels.TypeFormField) error {
 	var validationErrors []errors.ErrorPayload
 	if len(configFormFields) != len(inputs) {
-		return defaultErrors.New("Are you sending too many / too few formFields?")
+		return supertokens.BadInputError{
+			Msg: "Are you sending too many / too few formFields?",
+		}
 	}
 	for _, field := range configFormFields {
 		var input epmodels.TypeFormField
diff --git a/recipe/emailpassword/authFlow_test.go b/recipe/emailpassword/authFlow_test.go
@@ -854,8 +854,13 @@ func TestFormFieldsHasNoEmailField(t *testing.T) {
 
 	resp.Body.Close()
 
-	assert.Equal(t, "Are you sending too many / too few formFields?\n", string(dataInBytes1))
-	assert.Equal(t, 500, resp.StatusCode)
+	assert.Equal(t, 400, resp.StatusCode)
+
+	err = json.Unmarshal(dataInBytes1, &data)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	assert.Equal(t, "Are you sending too many / too few formFields?", data["message"].(string))
 
 }
 
@@ -938,8 +943,12 @@ func TestFormFieldsHasNoPasswordField(t *testing.T) {
 
 	resp.Body.Close()
 
-	assert.Equal(t, "Are you sending too many / too few formFields?\n", string(dataInBytes1))
-	assert.Equal(t, 500, resp.StatusCode)
+	assert.Equal(t, 400, resp.StatusCode)
+	err = json.Unmarshal(dataInBytes1, &data)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	assert.Equal(t, "Are you sending too many / too few formFields?", data["message"].(string))
 
 }
 
@@ -2147,8 +2156,13 @@ func TestFormFieldsAddedInConfigButNotInInputToSignupCheckErrorAboutItBeingMissi
 		t.Error(err.Error())
 	}
 	res.Body.Close()
-	assert.Equal(t, 500, res.StatusCode)
-	assert.Equal(t, "Are you sending too many / too few formFields?\n", string(dataInBytes))
+	assert.Equal(t, 400, res.StatusCode)
+	var data map[string]interface{}
+	err = json.Unmarshal(dataInBytes, &data)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	assert.Equal(t, "Are you sending too many / too few formFields?", data["message"].(string))
 
 }
 
@@ -2380,16 +2394,19 @@ func TestInputFormFieldWithoutEmailField(t *testing.T) {
 		t.Error(err.Error())
 	}
 
-	assert.Equal(t, 500, resp.StatusCode)
-
 	dataInBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		t.Error(err.Error())
 	}
 	resp.Body.Close()
 
-	assert.Equal(t, 500, resp.StatusCode)
-	assert.Equal(t, "Are you sending too many / too few formFields?\n", string(dataInBytes))
+	assert.Equal(t, 400, resp.StatusCode)
+	var data map[string]interface{}
+	err = json.Unmarshal(dataInBytes, &data)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	assert.Equal(t, "Are you sending too many / too few formFields?", data["message"].(string))
 
 }
 
@@ -2444,17 +2461,19 @@ func TestInputFormFieldWithoutPasswordField(t *testing.T) {
 		t.Error(err.Error())
 	}
 
-	assert.Equal(t, 500, resp.StatusCode)
-
 	dataInBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		t.Error(err.Error())
 	}
 	resp.Body.Close()
 
-	assert.Equal(t, 500, resp.StatusCode)
-	assert.Equal(t, "Are you sending too many / too few formFields?\n", string(dataInBytes))
-
+	assert.Equal(t, 400, resp.StatusCode)
+	var data map[string]interface{}
+	err = json.Unmarshal(dataInBytes, &data)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	assert.Equal(t, "Are you sending too many / too few formFields?", data["message"].(string))
 }
 
 func TestInputFormFieldHasADifferentNumberOfCustomFiledsThanInConfigFormFields(t *testing.T) {
@@ -2529,16 +2548,19 @@ func TestInputFormFieldHasADifferentNumberOfCustomFiledsThanInConfigFormFields(t
 		t.Error(err.Error())
 	}
 
-	assert.Equal(t, 500, resp.StatusCode)
-
 	dataInBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		t.Error(err.Error())
 	}
 	resp.Body.Close()
 
-	assert.Equal(t, 500, resp.StatusCode)
-	assert.Equal(t, "Are you sending too many / too few formFields?\n", string(dataInBytes))
+	assert.Equal(t, 400, resp.StatusCode)
+	var data map[string]interface{}
+	err = json.Unmarshal(dataInBytes, &data)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	assert.Equal(t, "Are you sending too many / too few formFields?", data["message"].(string))
 
 }
 
diff --git a/recipe/emailpassword/formFieldValidator_test.go b/recipe/emailpassword/formFieldValidator_test.go
@@ -19,10 +19,9 @@ package emailpassword
 import (
 	"bytes"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
-	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -98,34 +97,42 @@ func TestInvalidAPIInputForFormFields(t *testing.T) {
 	}
 
 	testCases := []struct {
-		input    interface{}
-		expected string
+		input      interface{}
+		expected   string
+		fieldError bool
 	}{
 		{
-			input:    map[string]interface{}{},
-			expected: "Missing input param: formFields",
+			input:      map[string]interface{}{},
+			expected:   "Missing input param: formFields",
+			fieldError: false,
 		},
 		{
 			input: map[string]interface{}{
 				"formFields": "abcd",
 			},
-			expected: "formFields must be an array",
+			expected:   "formFields must be an array",
+			fieldError: false,
 		},
 		{
 			input: map[string]interface{}{
 				"formFields": []string{"hello"},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "formFields must be an array of objects containing id and value of type string",
+			fieldError: false,
 		},
 		{
 			input: map[string]interface{}{
 				"formFields": []map[string]interface{}{
 					{
 						"hello": "world",
 					},
+					{
+						"world": "hello",
+					},
 				},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "Field is not optional",
+			fieldError: true,
 		},
 		{
 			input: map[string]interface{}{
@@ -135,7 +142,8 @@ func TestInvalidAPIInputForFormFields(t *testing.T) {
 					},
 				},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "formFields must be an array of objects containing id and value of type string",
+			fieldError: false,
 		},
 		{
 			input: map[string]interface{}{
@@ -146,7 +154,8 @@ func TestInvalidAPIInputForFormFields(t *testing.T) {
 					},
 				},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "formFields must be an array of objects containing id and value of type string",
+			fieldError: false,
 		},
 		{
 			input: map[string]interface{}{
@@ -157,7 +166,8 @@ func TestInvalidAPIInputForFormFields(t *testing.T) {
 					},
 				},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "formFields must be an array of objects containing id and value of type string",
+			fieldError: false,
 		},
 		{
 			input: map[string]interface{}{
@@ -167,46 +177,76 @@ func TestInvalidAPIInputForFormFields(t *testing.T) {
 					},
 				},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "formFields must be an array of objects containing id and value of type string",
+			fieldError: false,
 		},
 		{
 			input: map[string]interface{}{
 				"formFields": []map[string]interface{}{
 					{
 						"id": "hello",
 					},
+					{
+						"id": "world",
+					},
 				},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "Field is not optional",
+			fieldError: true,
 		},
 		{
 			input: map[string]interface{}{
 				"formFields": []map[string]interface{}{
+					{
+						"value": "hello",
+					},
 					{
 						"value": "world",
 					},
 				},
 			},
-			expected: "formFields must be an array of objects containing id and value of type string",
+			expected:   "Field is not optional",
+			fieldError: true,
 		},
 	}
 
 	APIs := []string{
 		"/auth/signup",
 		"/auth/signin",
-		"/auth/user/password/reset/token",
-		"/auth/user/password/reset",
 	}
 
 	for _, testCase := range testCases {
 		for _, api := range APIs {
 			resp, err := http.Post(testServer.URL+api, "application/json", bytes.NewBuffer(objToJson(testCase.input)))
 			assert.NoError(t, err)
-			assert.Equal(t, 500, resp.StatusCode)
-			data, err := ioutil.ReadAll(resp.Body)
-			assert.NoError(t, err)
-			errorMessage := strings.Trim(string(data), "\n \t")
-			assert.Equal(t, testCase.expected, errorMessage)
+
+			if testCase.fieldError {
+				assert.Equal(t, 200, resp.StatusCode)
+			} else {
+				assert.Equal(t, 400, resp.StatusCode)
+			}
+			dataInBytes1, err := io.ReadAll(resp.Body)
+			if err != nil {
+				t.Error(err.Error())
+			}
+			resp.Body.Close()
+			var data map[string]interface{}
+			err = json.Unmarshal(dataInBytes1, &data)
+			if err != nil {
+				t.Error(err.Error())
+			}
+
+			if testCase.fieldError {
+				assert.Equal(t, "FIELD_ERROR", data["status"].(string))
+
+				for _, formField := range data["formFields"].([]interface{}) {
+					errorMessage := formField.(map[string]interface{})["error"]
+					assert.Equal(t, testCase.expected, errorMessage)
+				}
+			} else {
+				assert.Equal(t, testCase.expected, data["message"])
+			}
+
 		}
 	}
 }
