feat(auth): Add route and gql resolver to retrieve number of remainin…

…g backup codes Because: * We want to hook up the BackupCodeManager to the front end This commit: * Add new /recoveryCodes/exists route * Add new handler method that uses the BackupCodeManager to retrieve the count of remaining codes * Add backup codes to account resolver * Update fxa-settings account model to include backup codes count Closes #FXA-10231
mozilla · Nov 12, 2024 · f052cf0 · f052cf0
1 parent 4fef7bb
commit f052cf0
Show file tree

Hide file tree

Showing 14 changed files with 151 additions and 2 deletions.
diff --git a/packages/fxa-auth-client/lib/client.ts b/packages/fxa-auth-client/lib/client.ts
@@ -1912,6 +1912,13 @@ export default class AuthClient {
     );
   }
 
+  async getRecoveryCodesExist(
+    sessionToken: hexstring,
+    headers?: Headers
+  ): Promise<{ hasBackupCodes: boolean; count: number }> {
+    return this.sessionGet('/recoveryCodes/exists', sessionToken, headers);
+  }
+
   async consumeRecoveryCode(
     sessionToken: hexstring,
     code: string,

diff --git a/packages/fxa-auth-server/lib/routes/recovery-codes.js b/packages/fxa-auth-server/lib/routes/recovery-codes.js
@@ -4,18 +4,32 @@
 
 'use strict';
 
+import { AppConfig } from '../types';
 const errors = require('../error');
 const isA = require('joi');
 const validators = require('./validators');
+const { Container } = require('typedi');
 const RECOVERY_CODES_DOCS =
   require('../../docs/swagger/recovery-codes-api').default;
+const { BackupCodeManager } = require('@fxa/accounts/two-factor');
+import { setupAccountDatabase } from '@fxa/shared/db/mysql/account';
 
 const RECOVERY_CODE_SANE_MAX_LENGTH = 20;
 
 module.exports = (log, db, config, customs, mailer, glean) => {
   const codeConfig = config.recoveryCodes;
   const RECOVERY_CODE_COUNT = (codeConfig && codeConfig.count) || 8;
 
+  let backupCodeManager;
+  (async () => {
+    const appConfig = Container.get(AppConfig);
+    const kyselyDb = await setupAccountDatabase(appConfig.database.mysql.auth);
+    if (!Container.has(BackupCodeManager)) {
+      Container.set(BackupCodeManager, new BackupCodeManager(kyselyDb));
+    }
+    backupCodeManager = Container.get(BackupCodeManager);
+  })();
+
   // Validate backup authentication codes
   const recoveryCodesSchema = validators.recoveryCodes(
     RECOVERY_CODE_COUNT,
@@ -122,6 +136,42 @@ module.exports = (log, db, config, customs, mailer, glean) => {
         return { success: true };
       },
     },
+    {
+      method: 'GET',
+      path: '/recoveryCodes/exists',
+      options: {
+        auth: {
+          strategy: 'sessionToken',
+          payload: 'required',
+        },
+        response: {
+          schema: isA.object({
+            hasBackupCodes: isA.boolean(),
+            count: isA.number(),
+          }),
+        },
+      },
+      async handler(request) {
+        log.begin('checkRecoveryCodesExist', request);
+
+        const { email, uid } = request.auth.credentials;
+
+        await customs.check(
+          request,
+          email,
+          'checkRecoveryCodesExist'
+        );
+
+        const { hasBackupCodes, count } =
+          await backupCodeManager.getCountForUserId(uid);
+        log.info('account.recoveryCode.existsChecked', {
+          uid,
+          hasBackupCodes,
+          count,
+        });
+        return { hasBackupCodes, count };
+      },
+    },
     {
       method: 'POST',
       path: '/session/verify/recoveryCode',

diff --git a/packages/fxa-auth-server/test/client/api.js b/packages/fxa-auth-server/test/client/api.js
@@ -1172,6 +1172,16 @@ module.exports = (config) => {
     });
   };
 
+  ClientApi.prototype.getRecoveryCodesExist = function (sessionTokenHex) {
+    return tokens.SessionToken.fromHex(sessionTokenHex).then((token) => {
+      return this.doRequest(
+        'GET',
+        `${this.baseURL}/recoveryCodes/exists`,
+        token
+      );
+    });
+  };
+
   ClientApi.prototype.consumeRecoveryCode = function (
     sessionTokenHex,
     code,

diff --git a/packages/fxa-auth-server/test/client/index.js b/packages/fxa-auth-server/test/client/index.js
@@ -816,6 +816,10 @@ module.exports = (config) => {
     return this.api.replaceRecoveryCodes(this.sessionToken, options);
   };
 
+  Client.prototype.getRecoveryCodesExist = function () {
+    return this.api.getRecoveryCodesExist(this.sessionToken);
+  };
+
   Client.prototype.consumeRecoveryCode = function (code, options = {}) {
     return this.api.consumeRecoveryCode(this.sessionToken, code, options);
   };

diff --git a/packages/fxa-auth-server/test/local/routes/recovery-codes.js b/packages/fxa-auth-server/test/local/routes/recovery-codes.js
@@ -124,6 +124,20 @@ describe('backup authentication codes', () => {
     });
   });
 
+  describe('GET /recoveryCodes/exists', () => {
+    it('should return true if backup codes exist', () => {
+      // TODO in FXA-10231
+    });
+
+    it('should return false if backup codes do not exist', () => {
+      // TODO in FXA-10231
+    });
+
+    it('should return the remaining count of backup codes', () => {
+      // TODO in FXA-10231
+    });
+  });
+
   describe('POST /session/verify/recoveryCode', () => {
     it('sends email if backup authentication codes are low', async () => {
       db.consumeRecoveryCode = sinon.spy((code) => {

diff --git a/packages/fxa-auth-server/test/mocks.js b/packages/fxa-auth-server/test/mocks.js
@@ -72,6 +72,7 @@ const DB_METHOD_NAMES = [
   'emailBounces',
   'emailRecord',
   'forgotPasswordVerified',
+  'getRecoveryCodesExist',
   'getRecoveryKey',
   'getRecoveryKeyRecordWithHint',
   'getSecondaryEmail',

diff --git a/packages/fxa-graphql-api/src/gql/account.resolver.ts b/packages/fxa-graphql-api/src/gql/account.resolver.ts
@@ -817,6 +817,14 @@ export class AccountResolver {
     return this.authAPI.checkTotpTokenExists(token, headers);
   }
 
+  @ResolveField()
+  public backupCodes(
+    @GqlSessionToken() token: string,
+    @GqlXHeaders() headers: Headers
+  ) {
+    return this.authAPI.getRecoveryCodesExist(token, headers);
+  }
+
   @ResolveField()
   public attachedClients(
     @GqlSessionToken() token: string,

diff --git a/packages/fxa-graphql-api/src/gql/model/account.ts b/packages/fxa-graphql-api/src/gql/model/account.ts
@@ -11,6 +11,7 @@ import { Totp } from './totp';
 import { LinkedAccount } from './linkedAccount';
 import { SecurityEvent } from './securityEvent';
 import { RecoveryKey } from './recoveryKey';
+import { BackupCodes } from './backupCodes';
 
 @ObjectType({
   description: "The current authenticated user's Firefox Account record.",
@@ -42,6 +43,9 @@ export class Account {
   @Field((type) => Totp)
   public totp!: Totp;
 
+  @Field((type) => BackupCodes)
+  public backupCodes!: BackupCodes;
+
   @Field((type) => RecoveryKey, {
     description: 'Whether the user has had an account recovery key issued.',
   })

diff --git a/packages/fxa-graphql-api/src/gql/model/backupCodes.ts b/packages/fxa-graphql-api/src/gql/model/backupCodes.ts
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+import { Field, ObjectType } from '@nestjs/graphql';
+
+@ObjectType({ description: 'Two-factor authentication backup codes.' })
+export class BackupCodes {
+  @Field({ description: 'Whether backup codes exists for the user.' })
+  public hasBackupCodes!: boolean;
+
+  @Field({
+    description: 'The number of remaining backup codes the user has available.',
+  })
+  public count!: number;
+}
diff --git a/packages/fxa-settings/src/components/Settings/UnitRowTwoStepAuth/index.tsx b/packages/fxa-settings/src/components/Settings/UnitRowTwoStepAuth/index.tsx
@@ -2,7 +2,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-import React, { useCallback } from 'react';
+import React, { useCallback, useEffect } from 'react';
 import LinkExternal from 'fxa-react/components/LinkExternal';
 import { useBooleanState } from 'fxa-react/lib/hooks';
 import Modal from '../Modal';
@@ -23,6 +23,7 @@ export const UnitRowTwoStepAuth = () => {
   const {
     totp: { exists, verified },
   } = account;
+  const count = account.backupCodes?.count;
   const [modalRevealed, revealModal, hideModal] = useBooleanState();
   const [secondaryModalRevealed, revealSecondaryModal, hideSecondaryModal] =
     useBooleanState();
@@ -51,6 +52,15 @@ export const UnitRowTwoStepAuth = () => {
     }
   }, [account, hideModal, alertBar, l10n]);
 
+  console.log('Number of backup codes remaining: ', count);
+
+  // TODO in FXA-10206, remove this console log and use the count data for the backup codes subrow
+  useEffect(() => {
+    if (exists && verified) {
+      console.log('Number of backup codes remaining: ', count);
+    }
+  }, [count, exists, verified]);
+
   const conditionalUnitRowProps =
     exists && verified
       ? {

diff --git a/packages/fxa-settings/src/lib/interfaces.ts b/packages/fxa-settings/src/lib/interfaces.ts
@@ -13,3 +13,8 @@ export interface AccountTotp {
   exists: boolean;
   verified: boolean;
 }
+
+export interface AccountBackupCodes {
+  hasBackupCodes: boolean;
+  count: number;
+}
diff --git a/packages/fxa-settings/src/models/Account.ts b/packages/fxa-settings/src/models/Account.ts
@@ -28,7 +28,11 @@ import {
   GET_LOCAL_SIGNED_IN_STATUS,
   GET_TOTP_STATUS,
 } from '../components/App/gql';
-import { AccountAvatar, AccountTotp } from '../lib/interfaces';
+import {
+  AccountAvatar,
+  AccountBackupCodes,
+  AccountTotp,
+} from '../lib/interfaces';
 import { createSaltV2 } from 'fxa-auth-client/lib/salt';
 import { getHandledError } from '../lib/error-utils';
 
@@ -108,6 +112,7 @@ export interface AccountData {
   attachedClients: AttachedClient[];
   linkedAccounts: LinkedAccount[];
   totp: AccountTotp;
+  backupCodes: AccountBackupCodes;
   subscriptions: Subscription[];
   securityEvents: SecurityEvent[];
 }
@@ -187,6 +192,10 @@ export const GET_ACCOUNT = gql`
         exists
         verified
       }
+      backupCodes {
+        hasBackupCodes
+        count
+      }
       subscriptions {
         created
         productName
@@ -390,6 +399,10 @@ export class Account implements AccountData {
     return this.totp.exists && this.totp.verified;
   }
 
+  get backupCodes() {
+    return this.data.backupCodes;
+  }
+
   get attachedClients() {
     return this.data.attachedClients;
   }

diff --git a/packages/fxa-settings/src/models/contexts/AppContext.ts b/packages/fxa-settings/src/models/contexts/AppContext.ts
@@ -94,6 +94,10 @@ export function defaultAppContext(context?: AppContextValue) {
       exists: true,
       verified: true,
     },
+    backupCodes: {
+      hasBackupCodes: false,
+      count: 0,
+    },
     linkedAccounts: [],
     securityEvents: [],
   };

diff --git a/packages/fxa-settings/src/models/contexts/SettingsContext.ts b/packages/fxa-settings/src/models/contexts/SettingsContext.ts
@@ -58,6 +58,10 @@ export const INITIAL_SETTINGS_QUERY = gql`
         exists
         verified
       }
+      backupCodes {
+        hasBackupCodes
+        count
+      }
       subscriptions {
         created
         productName