chore(release): publish new version

- @standardnotes/auth-server@1.32.8
fix(auth): ttl for lock counter on login lockout
2026-01-22 20:01:10 -05:00 · 2022-09-27 13:22:13 +00:00 · 2022-09-27 15:20:42 +02:00 · 2022-09-27 10:35:15 +00:00 · 2022-09-27 12:33:29 +02:00 · 2022-09-27 08:29:51 +00:00
14 changed files with 98 additions and 26 deletions
--- a/packages/api-gateway/CHANGELOG.md
+++ b/packages/api-gateway/CHANGELOG.md
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.22.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.22.0...@standardnotes/api-gateway@1.22.1) (2022-09-27)
+
+### Bug Fixes
+
+* **api-gateway:** remove admin graphql endpoint from being publicly available ([0a90d98](https://github.com/standardnotes/api-gateway/commit/0a90d98c71c6023b700f852c91aedfe1ad23af55))
+
 # [1.22.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.21.1...@standardnotes/api-gateway@1.22.0) (2022-09-22)

 ### Features
--- a/packages/api-gateway/package.json
+++ b/packages/api-gateway/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@standardnotes/api-gateway",
-  "version": "1.22.0",
+  "version": "1.22.1",
  "engines": {
    "node": ">=16.0.0 <17.0.0"
  },
--- a/packages/api-gateway/src/Controller/v1/PaymentsController.ts
+++ b/packages/api-gateway/src/Controller/v1/PaymentsController.ts
@@ -70,11 +70,6 @@ export class PaymentsController extends BaseHttpController {
    await this.httpService.callPaymentsServer(request, response, 'admin/events/registration', request.body)
  }

-  @httpPost('/admin/graphql')
-  async adminGraphql(request: Request, response: Response): Promise<void> {
-    await this.httpService.callPaymentsServer(request, response, 'admin/graphql', request.body)
-  }
-
  @httpPost('/admin/auth/login')
  async adminLogin(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'admin/auth/login', request.body)
--- a/packages/auth/CHANGELOG.md
+++ b/packages/auth/CHANGELOG.md
@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.32.8](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.32.7...@standardnotes/auth-server@1.32.8) (2022-09-27)
+
+### Bug Fixes
+
+* **auth:** ttl for lock counter on login lockout ([54da5de](https://github.com/standardnotes/server/commit/54da5def4bbfbb4f74cbf02ae23e45103d250dd9))
+
+## [1.32.7](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.32.6...@standardnotes/auth-server@1.32.7) (2022-09-27)
+
+### Bug Fixes
+
+* **auth:** allow resending canceled subscription invites ([b190931](https://github.com/standardnotes/server/commit/b19093179baaa1fb8cdf3f9d9bee20e625ed0b9b))
+
+## [1.32.6](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.32.5...@standardnotes/auth-server@1.32.6) (2022-09-22)
+
+### Reverts
+
+* Revert "fix(auth): subscription token ttl" ([644c52a](https://github.com/standardnotes/server/commit/644c52ae36d3720dee0712e2cb826c7e617ab7b7))
+* Revert "fix(auth): increase subscription token ttl" ([2554273](https://github.com/standardnotes/server/commit/2554273a3f85a968fed4286d109bed5413ef9908))
+* Revert "tmp(auth): disable expiring of subscription tokens" ([a8ee149](https://github.com/standardnotes/server/commit/a8ee149d7ac78775bf447ab924458b116414a15e))
+
+## [1.32.5](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.32.4...@standardnotes/auth-server@1.32.5) (2022-09-22)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
 ## [1.32.4](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.32.3...@standardnotes/auth-server@1.32.4) (2022-09-22)

 ### Bug Fixes
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@standardnotes/auth-server",
-  "version": "1.32.4",
+  "version": "1.32.8",
  "engines": {
    "node": ">=16.0.0 <17.0.0"
  },
--- a/packages/auth/src/Domain/Subscription/SubscriptionToken.ts
+++ b/packages/auth/src/Domain/Subscription/SubscriptionToken.ts
@@ -1,5 +1,5 @@
 export type SubscriptionToken = {
  userUuid: string
  token: string
-  ttl: number
+  expiresAt: number
 }
--- a/packages/auth/src/Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken.spec.ts
+++ b/packages/auth/src/Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken.spec.ts
@@ -1,6 +1,7 @@
 import 'reflect-metadata'

 import { CryptoNode } from '@standardnotes/sncrypto-node'
+import { TimerInterface } from '@standardnotes/time'
 import { SubscriptionTokenRepositoryInterface } from '../../Subscription/SubscriptionTokenRepositoryInterface'

 import { CreateSubscriptionToken } from './CreateSubscriptionToken'
@@ -9,9 +10,10 @@ import { Logger } from 'winston'
 describe('CreateSubscriptionToken', () => {
  let subscriptionTokenRepository: SubscriptionTokenRepositoryInterface
  let cryptoNode: CryptoNode
+  let timer: TimerInterface
  let logger: Logger

-  const createUseCase = () => new CreateSubscriptionToken(subscriptionTokenRepository, cryptoNode, logger)
+  const createUseCase = () => new CreateSubscriptionToken(subscriptionTokenRepository, cryptoNode, timer, logger)

  beforeEach(() => {
    subscriptionTokenRepository = {} as jest.Mocked<SubscriptionTokenRepositoryInterface>
@@ -20,6 +22,10 @@ describe('CreateSubscriptionToken', () => {
    cryptoNode = {} as jest.Mocked<CryptoNode>
    cryptoNode.generateRandomKey = jest.fn().mockReturnValueOnce('random-string')

+    timer = {} as jest.Mocked<TimerInterface>
+    timer.convertStringDateToMicroseconds = jest.fn().mockReturnValue(1)
+    timer.getUTCDateNHoursAhead = jest.fn().mockReturnValue(new Date(1))
+
    logger = {} as jest.Mocked<Logger>
    logger.error = jest.fn()
  })
@@ -32,7 +38,7 @@ describe('CreateSubscriptionToken', () => {
    expect(subscriptionTokenRepository.save).toHaveBeenCalledWith({
      userUuid: '1-2-3',
      token: 'random-string',
-      ttl: 10_800_000,
+      expiresAt: 1,
    })
  })

--- a/packages/auth/src/Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken.ts
+++ b/packages/auth/src/Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken.ts
@@ -1,4 +1,5 @@
 import { CryptoNode } from '@standardnotes/sncrypto-node'
+import { TimerInterface } from '@standardnotes/time'
 import { inject, injectable } from 'inversify'
 import { Logger } from 'winston'

@@ -14,6 +15,7 @@ export class CreateSubscriptionToken implements UseCaseInterface {
    @inject(TYPES.SubscriptionTokenRepository)
    private subscriptionTokenRepository: SubscriptionTokenRepositoryInterface,
    @inject(TYPES.CryptoNode) private cryptoNode: CryptoNode,
+    @inject(TYPES.Timer) private timer: TimerInterface,
    @inject(TYPES.Logger) private logger: Logger,
  ) {}

@@ -23,7 +25,7 @@ export class CreateSubscriptionToken implements UseCaseInterface {
    const subscriptionToken = {
      userUuid: dto.userUuid,
      token,
-      ttl: 10_800_000,
+      expiresAt: this.timer.convertStringDateToMicroseconds(this.timer.getUTCDateNHoursAhead(3).toString()),
    }

    const subscriptionTokenWasSaved = await this.subscriptionTokenRepository.save(subscriptionToken)
--- a/packages/auth/src/Domain/UseCase/InviteToSharedSubscription/InviteToSharedSubscription.spec.ts
+++ b/packages/auth/src/Domain/UseCase/InviteToSharedSubscription/InviteToSharedSubscription.spec.ts
@@ -11,6 +11,7 @@ import { UserSubscription } from '../../Subscription/UserSubscription'
 import { RoleName } from '@standardnotes/common'
 import { UserSubscriptionType } from '../../Subscription/UserSubscriptionType'
 import { SharedSubscriptionInvitation } from '../../SharedSubscription/SharedSubscriptionInvitation'
+import { InvitationStatus } from '../../SharedSubscription/InvitationStatus'

 describe('InviteToSharedSubscription', () => {
  let userSubscriptionRepository: UserSubscriptionRepositoryInterface
@@ -187,7 +188,7 @@ describe('InviteToSharedSubscription', () => {
  it('should not create an invitation if it already exists', async () => {
    sharedSubscriptionInvitationRepository.findOneByInviteeAndInviterEmail = jest
      .fn()
-      .mockReturnValue({} as jest.Mocked<SharedSubscriptionInvitation>)
+      .mockReturnValue({ status: InvitationStatus.Sent } as jest.Mocked<SharedSubscriptionInvitation>)

    expect(
      await createUseCase().execute({
@@ -205,4 +206,27 @@ describe('InviteToSharedSubscription', () => {
    expect(domainEventFactory.createSharedSubscriptionInvitationCreatedEvent).not.toHaveBeenCalled()
    expect(domainEventPublisher.publish).not.toHaveBeenCalled()
  })
+
+  it('should create an invitation if it already exists but was canceled', async () => {
+    sharedSubscriptionInvitationRepository.findOneByInviteeAndInviterEmail = jest
+      .fn()
+      .mockReturnValue({ status: InvitationStatus.Canceled } as jest.Mocked<SharedSubscriptionInvitation>)
+
+    expect(
+      await createUseCase().execute({
+        inviteeIdentifier: 'invitee@test.te',
+        inviterUuid: '1-2-3',
+        inviterEmail: 'inviter@test.te',
+        inviterRoles: [RoleName.ProUser],
+      }),
+    ).toEqual({
+      success: true,
+      sharedSubscriptionInvitationUuid: '1-2-3',
+    })
+
+    expect(sharedSubscriptionInvitationRepository.save).toHaveBeenCalled()
+
+    expect(domainEventFactory.createSharedSubscriptionInvitationCreatedEvent).toHaveBeenCalled()
+    expect(domainEventPublisher.publish).toHaveBeenCalled()
+  })
 })
--- a/packages/auth/src/Domain/UseCase/InviteToSharedSubscription/InviteToSharedSubscription.ts
+++ b/packages/auth/src/Domain/UseCase/InviteToSharedSubscription/InviteToSharedSubscription.ts
@@ -57,7 +57,7 @@ export class InviteToSharedSubscription implements UseCaseInterface {
      dto.inviteeIdentifier,
      dto.inviterEmail,
    )
-    if (existingInvitation !== null) {
+    if (existingInvitation !== null && existingInvitation.status !== InvitationStatus.Canceled) {
      return {
        success: false,
      }
--- a/packages/auth/src/Infra/Redis/LockRepository.spec.ts
+++ b/packages/auth/src/Infra/Redis/LockRepository.spec.ts
@@ -15,7 +15,6 @@ describe('LockRepository', () => {
    redisClient.expire = jest.fn()
    redisClient.del = jest.fn()
    redisClient.get = jest.fn()
-    redisClient.set = jest.fn()
    redisClient.setex = jest.fn()
  })

@@ -88,6 +87,6 @@ describe('LockRepository', () => {
  it('should update a lock counter', async () => {
    await createRepository().updateLockCounter('123', 3)

-    expect(redisClient.set).toHaveBeenCalledWith('lock:123', 3)
+    expect(redisClient.setex).toHaveBeenCalledWith('lock:123', 120, 3)
  })
 })
--- a/packages/auth/src/Infra/Redis/LockRepository.ts
+++ b/packages/auth/src/Infra/Redis/LockRepository.ts
@@ -30,7 +30,7 @@ export class LockRepository implements LockRepositoryInterface {
  }

  async updateLockCounter(userIdentifier: string, counter: number): Promise<void> {
-    await this.redisClient.set(`${this.PREFIX}:${userIdentifier}`, counter)
+    await this.redisClient.setex(`${this.PREFIX}:${userIdentifier}`, this.failedLoginLockout, counter)
  }

  async getLockCounter(userIdentifier: string): Promise<number> {
--- a/packages/auth/src/Infra/Redis/RedisSubscriptionTokenRepository.spec.ts
+++ b/packages/auth/src/Infra/Redis/RedisSubscriptionTokenRepository.spec.ts
@@ -1,19 +1,25 @@
 import 'reflect-metadata'

 import * as IORedis from 'ioredis'
+import { TimerInterface } from '@standardnotes/time'

 import { RedisSubscriptionTokenRepository } from './RedisSubscriptionTokenRepository'
 import { SubscriptionToken } from '../../Domain/Subscription/SubscriptionToken'

 describe('RedisSubscriptionTokenRepository', () => {
  let redisClient: IORedis.Redis
+  let timer: TimerInterface

-  const createRepository = () => new RedisSubscriptionTokenRepository(redisClient)
+  const createRepository = () => new RedisSubscriptionTokenRepository(redisClient, timer)

  beforeEach(() => {
    redisClient = {} as jest.Mocked<IORedis.Redis>
-    redisClient.setex = jest.fn().mockReturnValue('OK')
+    redisClient.set = jest.fn().mockReturnValue('OK')
    redisClient.get = jest.fn()
+    redisClient.expireat = jest.fn().mockReturnValue(1)
+
+    timer = {} as jest.Mocked<TimerInterface>
+    timer.convertMicrosecondsToSeconds = jest.fn().mockReturnValue(1)
  })

  it('should get a user uuid in exchange for an subscription token', async () => {
@@ -36,25 +42,29 @@ describe('RedisSubscriptionTokenRepository', () => {
    const subscriptionToken: SubscriptionToken = {
      userUuid: '1-2-3',
      token: 'random-string',
-      ttl: 123,
+      expiresAt: 123,
    }

    expect(await createRepository().save(subscriptionToken)).toBeTruthy()

-    expect(redisClient.setex).toHaveBeenCalledWith('subscription-token:random-string', 123, '1-2-3')
+    expect(redisClient.set).toHaveBeenCalledWith('subscription-token:random-string', '1-2-3')
+
+    expect(redisClient.expireat).toHaveBeenCalledWith('subscription-token:random-string', 1)
  })

  it('should indicate subscription token was not saved', async () => {
-    redisClient.setex = jest.fn().mockReturnValue(null)
+    redisClient.set = jest.fn().mockReturnValue(null)

    const subscriptionToken: SubscriptionToken = {
      userUuid: '1-2-3',
      token: 'random-string',
-      ttl: 123,
+      expiresAt: 123,
    }

    expect(await createRepository().save(subscriptionToken)).toBeFalsy()

-    expect(redisClient.setex).toHaveBeenCalledWith('subscription-token:random-string', 123, '1-2-3')
+    expect(redisClient.set).toHaveBeenCalledWith('subscription-token:random-string', '1-2-3')
+
+    expect(redisClient.expireat).toHaveBeenCalledWith('subscription-token:random-string', 1)
  })
 })
--- a/packages/auth/src/Infra/Redis/RedisSubscriptionTokenRepository.ts
+++ b/packages/auth/src/Infra/Redis/RedisSubscriptionTokenRepository.ts
@@ -4,12 +4,16 @@ import { inject, injectable } from 'inversify'
 import TYPES from '../../Bootstrap/Types'
 import { SubscriptionToken } from '../../Domain/Subscription/SubscriptionToken'
 import { SubscriptionTokenRepositoryInterface } from '../../Domain/Subscription/SubscriptionTokenRepositoryInterface'
+import { TimerInterface } from '@standardnotes/time'

@injectable()
 export class RedisSubscriptionTokenRepository implements SubscriptionTokenRepositoryInterface {
  private readonly PREFIX = 'subscription-token'

-  constructor(@inject(TYPES.Redis) private redisClient: IORedis.Redis) {}
+  constructor(
+    @inject(TYPES.Redis) private redisClient: IORedis.Redis,
+    @inject(TYPES.Timer) private timer: TimerInterface,
+  ) {}

  async getUserUuidByToken(token: string): Promise<string | undefined> {
    const userUuid = await this.redisClient.get(`${this.PREFIX}:${token}`)
@@ -22,9 +26,11 @@ export class RedisSubscriptionTokenRepository implements SubscriptionTokenReposi

  async save(subscriptionToken: SubscriptionToken): Promise<boolean> {
    const key = `${this.PREFIX}:${subscriptionToken.token}`
+    const expiresAtTimestampInSeconds = this.timer.convertMicrosecondsToSeconds(subscriptionToken.expiresAt)

-    const wasSet = await this.redisClient.setex(key, subscriptionToken.ttl, subscriptionToken.userUuid)
+    const wasSet = await this.redisClient.set(key, subscriptionToken.userUuid)
+    const timeoutWasSet = await this.redisClient.expireat(key, expiresAtTimestampInSeconds)

-    return wasSet === 'OK'
+    return wasSet === 'OK' && timeoutWasSet !== 0
  }
 }
Author	SHA1	Message	Date
standardci	95f64d9952	chore(release): publish new version - @standardnotes/auth-server@1.32.8	2022-09-27 13:22:13 +00:00
Karol Sójko	54da5def4b	fix(auth): ttl for lock counter on login lockout	2022-09-27 15:20:42 +02:00
standardci	d2fc1e057d	chore(release): publish new version - @standardnotes/api-gateway@1.22.1	2022-09-27 10:35:15 +00:00
Karol Sójko	0a90d98c71	fix(api-gateway): remove admin graphql endpoint from being publicly available	2022-09-27 12:33:29 +02:00
standardci	cc269e3b35	chore(release): publish new version - @standardnotes/auth-server@1.32.7	2022-09-27 08:29:51 +00:00
Karol Sójko	b19093179b	fix(auth): allow resending canceled subscription invites	2022-09-27 10:28:13 +02:00
standardci	e2cc0bc003	chore(release): publish new version - @standardnotes/auth-server@1.32.6	2022-09-22 18:50:24 +00:00
Karol Sójko	644c52ae36	Revert "fix(auth): subscription token ttl" This reverts commit `6efd336f34`.	2022-09-22 20:48:51 +02:00
Karol Sójko	2554273a3f	Revert "fix(auth): increase subscription token ttl" This reverts commit `07def20f6b`.	2022-09-22 20:48:51 +02:00
Karol Sójko	a8ee149d7a	Revert "tmp(auth): disable expiring of subscription tokens" This reverts commit `053092031c`.	2022-09-22 20:48:51 +02:00
standardci	dcf92d58f9	chore(release): publish new version - @standardnotes/auth-server@1.32.5	2022-09-22 18:00:23 +00:00
Karol Sójko	053092031c	tmp(auth): disable expiring of subscription tokens	2022-09-22 19:58:35 +02:00