fix: Update verify URLs (#258)

ory · Feb 18, 2020 · 5d4f909 · 5d4f909
1 parent b3a8220
commit 5d4f909
Show file tree

Hide file tree

Showing 7 changed files with 72 additions and 28 deletions.
diff --git a/contrib/quickstart/oathkeeper/access-rules.yml b/contrib/quickstart/oathkeeper/access-rules.yml
@@ -26,7 +26,7 @@
  preserve_host: true
  url: "http://kratos-selfservice-ui-node:4435"
  match:
- url: "http://127.0.0.1:4455/<(error|auth/login|auth/registration|(.+\\.css))(|/)>"
+ url: "http://127.0.0.1:4455/<(error|verify|auth/login|auth/registration|(.+\\.css))(|/)>"
  methods:
  - GET
  authenticators:
@@ -44,7 +44,7 @@
  preserve_host: true
  url: "http://kratos-selfservice-ui-node:4435"
  match:
- url: "http://127.0.0.1:4455<(/debug|/|/dashboard|/profile|/verify|)(|/)>"
+ url: "http://127.0.0.1:4455<(/debug|/|/dashboard|/profile|)(|/)>"
  methods:
  - GET
  authenticators:

diff --git a/docs/api.swagger.json b/docs/api.swagger.json
@@ -667,28 +667,24 @@
  }
  }
  },
- "/self-service/browser/flows/verification/complete": {
- "post": {
- "description": "This endpoint completes a browser-based profile management flow. This is usually achieved by POSTing data to this\nendpoint.\n\nIf the provided profile data is valid against the Identity's Traits JSON Schema, the data will be updated and\nthe browser redirected to `url.profile_ui` for further steps.\n\n\u003e This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.\n\nMore information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).",
- "consumes": [
- "application/json",
- "application/x-www-form-urlencoded"
- ],
+ "/self-service/browser/flows/verification/init/{via}": {
+ "get": {
+ "description": "This endpoint initializes a browser-based profile management flow. Once initialized, the browser will be redirected to\n`urls.profile_ui` with the request ID set as a query parameter. If no valid user session exists, a login\nflow will be initialized.\n\n\u003e This endpoint is NOT INTENDED for API clients and only works\nwith browsers (Chrome, Firefox, ...).\n\nMore information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).",
  "schemes": [
  "http",
  "https"
  ],
  "tags": [
  "public"
  ],
- "summary": "Complete the browser-based profile management flows",
- "operationId": "completeSelfServiceBrowserVerificationFlow",
+ "summary": "Initialize browser-based verification flow",
+ "operationId": "initializeSelfServiceBrowserVerificationFlow",
  "parameters": [
  {
  "type": "string",
- "description": "Request is the Request ID\n\nThe value for this parameter comes from `request` URL Query parameter sent to your\napplication (e.g. `/verify?request=abcde`).",
- "name": "request",
- "in": "query",
+ "description": "What to verify\n\nCurrently only \"email\" is supported.",
+ "name": "via",
+ "in": "path",
  "required": true
  }
  ],
@@ -705,19 +701,30 @@
  }
  }
  },
- "/self-service/browser/flows/verification/init/{via}": {
- "get": {
- "description": "This endpoint initializes a browser-based profile management flow. Once initialized, the browser will be redirected to\n`urls.profile_ui` with the request ID set as a query parameter. If no valid user session exists, a login\nflow will be initialized.\n\n\u003e This endpoint is NOT INTENDED for API clients and only works\nwith browsers (Chrome, Firefox, ...).\n\nMore information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).",
+ "/self-service/browser/flows/verification/{via}/complete": {
+ "post": {
+ "description": "This endpoint completes a browser-based profile management flow. This is usually achieved by POSTing data to this\nendpoint.\n\nIf the provided profile data is valid against the Identity's Traits JSON Schema, the data will be updated and\nthe browser redirected to `url.profile_ui` for further steps.\n\n\u003e This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.\n\nMore information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).",
+ "consumes": [
+ "application/json",
+ "application/x-www-form-urlencoded"
+ ],
  "schemes": [
  "http",
  "https"
  ],
  "tags": [
  "public"
  ],
- "summary": "Initialize browser-based verification flow",
- "operationId": "initializeSelfServiceBrowserVerificationFlow",
+ "summary": "Complete the browser-based profile management flows",
+ "operationId": "completeSelfServiceBrowserVerificationFlow",
  "parameters": [
+ {
+ "type": "string",
+ "description": "Request is the Request ID\n\nThe value for this parameter comes from `request` URL Query parameter sent to your\napplication (e.g. `/verify?request=abcde`).",
+ "name": "request",
+ "in": "query",
+ "required": true
+ },
  {
  "type": "string",
  "description": "What to verify\n\nCurrently only \"email\" is supported.",

diff --git a/...al/httpclient/client/public/complete_self_service_browser_verification_flow_parameters.go b/...al/httpclient/client/public/complete_self_service_browser_verification_flow_parameters.go
diff --git a/...nal/httpclient/client/public/complete_self_service_browser_verification_flow_responses.go b/...nal/httpclient/client/public/complete_self_service_browser_verification_flow_responses.go
diff --git a/internal/httpclient/client/public/public_client.go b/internal/httpclient/client/public/public_client.go
diff --git a/selfservice/flow/verify/handler.go b/selfservice/flow/verify/handler.go
@@ -3,6 +3,7 @@ package verify
 import (
  "net/http"
  "net/url"
+ "strings"
 
  "github.com/julienschmidt/httprouter"
  "github.com/justinas/nosurf"
@@ -25,7 +26,7 @@ import (
 
 const (
  PublicVerificationInitPath = "/self-service/browser/flows/verification/:via"
- PublicVerificationCompletePath = "/self-service/browser/flows/verification/complete"
+ PublicVerificationCompletePath = "/self-service/browser/flows/verification/:via/complete"
  PublicVerificationRequestPath = "/self-service/browser/flows/requests/verification"
  PublicVerificationConfirmPath = "/self-service/browser/flows/verification/:via/confirm/:code"
 )
@@ -105,7 +106,7 @@ func (h *Handler) init(w http.ResponseWriter, r *http.Request, ps httprouter.Par
 
  a := NewRequest(
  h.c.SelfServiceProfileRequestLifespan(), r, via,
- urlx.AppendPaths(h.c.SelfPublicURL(), PublicVerificationCompletePath), h.d.GenerateCSRFToken,
+ urlx.AppendPaths(h.c.SelfPublicURL(), strings.ReplaceAll(PublicVerificationCompletePath, ":via", string(via))), h.d.GenerateCSRFToken,
  )
 
  if err := h.d.VerificationPersister().CreateVerifyRequest(r.Context(), a); err != nil {
@@ -192,9 +193,17 @@ type completeSelfServiceBrowserVerificationFlowParameters struct {
  // required: true
  // in: query
  Request string `json:"request"`
+
+ // What to verify
+ //
+ // Currently only "email" is supported.
+ //
+ // required: true
+ // in: path
+ Via string `json:"via"`
 }
 
-// swagger:route POST /self-service/browser/flows/verification/complete public completeSelfServiceBrowserVerificationFlow
+// swagger:route POST /self-service/browser/flows/verification/{via}/complete public completeSelfServiceBrowserVerificationFlow
 //
 // Complete the browser-based profile management flows
 //
@@ -217,7 +226,12 @@ type completeSelfServiceBrowserVerificationFlowParameters struct {
 // Responses:
 // 302: emptyResponse
 // 500: genericError
-func (h *Handler) complete(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+func (h *Handler) complete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+ if _, err := h.toVia(ps); err != nil {
+ h.handleError(w, r, nil, err)
+ return
+ }
+
  if err := r.ParseForm(); err != nil {
  h.handleError(w, r, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Unable to parse the request: %s", err)))
  return
@@ -325,7 +339,7 @@ func (h *Handler) verify(w http.ResponseWriter, r *http.Request, ps httprouter.P
  if errorsx.Cause(err) == sqlcon.ErrNoRows {
  a := NewRequest(
  h.c.SelfServiceProfileRequestLifespan(), r, via,
- urlx.AppendPaths(h.c.SelfPublicURL(), PublicVerificationCompletePath), h.d.GenerateCSRFToken,
+ urlx.AppendPaths(h.c.SelfPublicURL(), strings.ReplaceAll(PublicVerificationCompletePath, ":via", string(via))), h.d.GenerateCSRFToken,
  )
  a.Form.AddError(&form.Error{Message: "The verification code has expired or was otherwise invalid. Please request another code."})
 

diff --git a/selfservice/flow/verify/handler_test.go b/selfservice/flow/verify/handler_test.go
@@ -113,7 +113,7 @@ func TestHandler(t *testing.T) {
  assert.True(t, time.Time(svr.Payload.ExpiresAt).After(time.Now()))
  assert.Contains(t, svr.Payload.RequestURL, initURL)
  assert.Contains(t, svr.Payload.ID, rid)
- assert.Equal(t, publicTS.URL+verify.PublicVerificationCompletePath+"?request="+rid, *svr.Payload.Form.Action)
+ assert.Equal(t, publicTS.URL+strings.Replace(verify.PublicVerificationCompletePath, ":via", "email", 1)+"?request="+rid, *svr.Payload.Form.Action)
  assert.Contains(t, "csrf_token", *svr.Payload.Form.Fields[0].Name)
  assert.Contains(t, "to_verify", *svr.Payload.Form.Fields[1].Name)
  assert.Contains(t, "email", *svr.Payload.Form.Fields[1].Type)