shishantbiswas/bknd
1
0
Fork 0
mirror of https://github.com/shishantbiswas/bknd.git synced 2026-03-15 20:17:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

otp: update docs on permissions, only require email driver if sendEmail is not false

Browse Source
This commit is contained in:
dswbx
2025-11-10 10:25:33 +01:00
parent c57f3e8070
commit b6717f0237
3 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
app/src/plugins/auth/email-otp.plugin.spec.ts
View File

@@ -24,6 +24,50 @@ describe("otp plugin", () => {
expect(res.status).toBe(404); expect(res.status).toBe(404);
}); });
test("should require email driver if sendEmail is true", async () => {
const app = createApp({
config: {
auth: {
enabled: true,
},
},
options: {
plugins: [emailOTP()],
},
});
await app.build();
const res = await app.server.request("/api/auth/otp/login", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({ email: "test@test.com" }),
});
expect(res.status).toBe(404);
{
const app = createApp({
config: {
auth: {
enabled: true,
},
},
options: {
plugins: [emailOTP({ sendEmail: false })],
},
});
await app.build();
const res = await app.server.request("/api/auth/otp/register", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({ email: "test@test.com" }),
});
expect(res.status).toBe(201);
}
});
test("should prevent mutations of the OTP entity", async () => { test("should prevent mutations of the OTP entity", async () => {
const app = createApp({ const app = createApp({
config: { config: {

2
app/src/plugins/auth/email-otp.plugin.ts
View File

@@ -126,7 +126,7 @@ export function emailOTP({
onBuilt: async () => { onBuilt: async () => {
const auth = app.module.auth; const auth = app.module.auth;
invariant(auth && auth.enabled === true, "Auth is not enabled"); invariant(auth && auth.enabled === true, "Auth is not enabled");
invariant(app.drivers?.email, "Email driver is not registered"); invariant(!sendEmail || app.drivers?.email, "Email driver is not registered");
const generateCode = const generateCode =
_generateCode ?? (() => Math.floor(100000 + Math.random() * 900000).toString()); _generateCode ?? (() => Math.floor(100000 + Math.random() * 900000).toString());

5
docs/content/docs/(documentation)/extending/plugins.mdx
View File

@@ -263,10 +263,11 @@ export default {
### `emailOTP` ### `emailOTP`
<Callout type="info"> <Callout type="warning">
This plugin requires the `email` driver to be registered. Make sure to setup proper permissions to restrict reading from the OTP entity. Also, this plugin requires the `email` driver to be registered.
</Callout> </Callout>
A plugin that adds email OTP functionality to your app. It will add two endpoints to your app: A plugin that adds email OTP functionality to your app. It will add two endpoints to your app:
- `POST /api/auth/otp/login` to login a user with an OTP code - `POST /api/auth/otp/login` to login a user with an OTP code
- `POST /api/auth/otp/register` to register a user with an OTP code - `POST /api/auth/otp/register` to register a user with an OTP code