Skip to content

Commit

Permalink
Merge pull request #1298 from isomerpages/v0.78.0-hotfix
Browse files Browse the repository at this point in the history
V0.78.1 release
  • Loading branch information
timotheeg authored Apr 12, 2024
2 parents f46fc3c + 11d63cf commit 30532a4
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 6 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,15 @@ All notable changes to this project will be documented in this file. Dates are d

Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).

#### [v0.78.1](https://github.com/isomerpages/isomercms-backend/compare/v0.78.0...v0.78.1)

- feat: add a test to verify suffix match is not applied for full emails [`5a14d72`](https://github.com/isomerpages/isomercms-backend/commit/5a14d7295e052d7136506fa9a9b953922a200e3a)
- fix: only allow suffix matches for domains NOT emails [`28604a0`](https://github.com/isomerpages/isomercms-backend/commit/28604a0571365e9d5b91d74edf86418bea665d44)

#### [v0.78.0](https://github.com/isomerpages/isomercms-backend/compare/v0.77.0...v0.78.0)

> 11 April 2024
- refactor(OTP): simplify code by using upsert() [`#1283`](https://github.com/isomerpages/isomercms-backend/pull/1283)
- refactor(UserService): simplify login by using findOrCreate() [`#1281`](https://github.com/isomerpages/isomercms-backend/pull/1281)
- build(deps): bump @aws-sdk/client-amplify from 3.540.0 to 3.549.0 [`#1289`](https://github.com/isomerpages/isomercms-backend/pull/1289)
Expand All @@ -20,6 +27,7 @@ Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
- build(deps): bump marked from 11.2.0 to 12.0.1 [`#1219`](https://github.com/isomerpages/isomercms-backend/pull/1219)
- chore(ci): enhance mergify [`#1245`](https://github.com/isomerpages/isomercms-backend/pull/1245)
- backport v0.77.0 [`#1277`](https://github.com/isomerpages/isomercms-backend/pull/1277)
- chore: bump version to v0.78.0 [`72f39bd`](https://github.com/isomerpages/isomercms-backend/commit/72f39bdc25f6afe82021ebbc630c6d3850ece1ae)

#### [v0.77.0](https://github.com/isomerpages/isomercms-backend/compare/v0.76.0...v0.77.0)

Expand Down
4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "isomercms",
"version": "0.78.0",
"version": "0.78.1",
"private": true,
"scripts": {
"build": "tsc -p tsconfig.build.json",
Expand Down
13 changes: 10 additions & 3 deletions src/services/identity/UsersService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ class UsersService {
}

async canSendEmailOtp(email: string) {
const parsedEmail = email.toLowerCase()
const normalizedEmail = email.toLowerCase()
const whitelistEntries = await this.whitelist.findAll({
attributes: ["email"],
where: {
Expand All @@ -165,8 +165,15 @@ class UsersService {
})
const whitelistDomains = whitelistEntries.map((entry) => entry.email)
const hasMatchDomain =
whitelistDomains.filter((domain) => parsedEmail.endsWith(domain)).length >
0
whitelistDomains.filter((domain) => {
// if domain is really just a domain (does not include a @ OR starts with a @), we can do a prefix match
if (/^@|^[^@]+$/.test(domain)) {
return normalizedEmail.endsWith(domain)
}

return normalizedEmail === domain
// otherwise we can ONLY do an exact match
}).length > 0
return hasMatchDomain
}

Expand Down
17 changes: 17 additions & 0 deletions src/services/identity/__tests__/UsersService.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -170,4 +170,21 @@ describe("User Service", () => {
// Assert
expect(actual).toBe(expected)
})

it("should not allow suffix match if the whitelist entry is a full email", async () => {
// Arrange
const expected = false
const mockWhitelistEntries = [
{
email: "[email protected]",
},
]
MockWhitelist.findAll.mockResolvedValueOnce(mockWhitelistEntries)

// Act
const actual = await UsersService.canSendEmailOtp("[email protected]")

// Assert
expect(actual).toBe(expected)
})
})

0 comments on commit 30532a4

Please sign in to comment.