diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3e5cb35721..633bd46ea4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -212,7 +212,17 @@ jobs: name: benchmark.json path: benchmark.json retention-days: 7 - - name: Comment on PR - uses: thollander/actions-comment-pull-request@v2 + - name: Find Comment + uses: peter-evans/find-comment@v3 + id: fc with: - filePath: benchmark.txt + issue-number: ${{ github.event.pull_request.number }} + comment-author: 'github-actions[bot]' + body-includes: Benchmark results + - name: Comment on PR + uses: peter-evans/create-or-update-comment@v4 + with: + comment-id: ${{ steps.fc.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body-path: benchmark.txt + edit-mode: replace diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index af4e60364e..e2d6788f96 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -177,6 +177,12 @@ $createSession = function (string $userId, string $secret, Request $request, Res default => throw new Exception(Exception::USER_INVALID_TOKEN) }); + $sendAlert = (match ($verifiedToken->getAttribute('type')) { + Auth::TOKEN_TYPE_MAGIC_URL, + Auth::TOKEN_TYPE_EMAIL => false, + default => true + }); + $session = new Document(array_merge( [ '$id' => ID::unique(), @@ -223,7 +229,7 @@ $createSession = function (string $userId, string $secret, Request $request, Res throw new Exception(Exception::GENERAL_SERVER_ERROR, 'Failed saving user to DB'); } - if ($project->getAttribute('auths', [])['sessionAlerts'] ?? false) { + if (($project->getAttribute('auths', [])['sessionAlerts'] ?? false) && $sendAlert) { if ($dbForProject->count('sessions', [ Query::equal('userId', [$user->getId()]), ]) !== 1) { diff --git a/src/Appwrite/Utopia/Response/Model/TemplateFunction.php b/src/Appwrite/Utopia/Response/Model/TemplateFunction.php index f5df10986f..c630880a95 100644 --- a/src/Appwrite/Utopia/Response/Model/TemplateFunction.php +++ b/src/Appwrite/Utopia/Response/Model/TemplateFunction.php @@ -110,6 +110,13 @@ class TemplateFunction extends Model 'default' => [], 'example' => [], 'array' => true + ]) + ->addRule('scopes', [ + 'type' => self::TYPE_STRING, + 'description' => 'Function scopes.', + 'default' => [], + 'example' => 'users.read', + 'array' => true, ]); } diff --git a/tests/e2e/Services/Account/AccountCustomClientTest.php b/tests/e2e/Services/Account/AccountCustomClientTest.php index 7f465a8260..244f84b161 100644 --- a/tests/e2e/Services/Account/AccountCustomClientTest.php +++ b/tests/e2e/Services/Account/AccountCustomClientTest.php @@ -620,9 +620,9 @@ class AccountCustomClientTest extends Scope 'x-appwrite-project' => $this->getProject()['$id'], ]), [ 'userId' => ID::unique(), - 'email' => $data['email'], - 'password' => $data['password'], - 'name' => $data['name'], + 'email' => $data['email'], + 'password' => $data['password'], + 'name' => $data['name'], ]); $this->assertEquals(201, $response['headers']['status-code']); @@ -1258,6 +1258,56 @@ class AccountCustomClientTest extends Scope $this->assertStringContainsString($response['body']['ip'], $lastEmail['text']); // IP Address $this->assertStringContainsString('Unknown', $lastEmail['text']); // Country $this->assertStringContainsString($response['body']['clientName'], $lastEmail['text']); // Client name + + // Verify no alert sent in OTP login + $response = $this->client->call(Client::METHOD_POST, '/account/tokens/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ]), [ + 'userId' => ID::unique(), + 'email' => 'otpuser2@appwrite.io' + ]); + + $this->assertEquals($response['headers']['status-code'], 201); + $this->assertNotEmpty($response['body']['$id']); + $this->assertNotEmpty($response['body']['$createdAt']); + $this->assertNotEmpty($response['body']['userId']); + $this->assertNotEmpty($response['body']['expire']); + $this->assertEmpty($response['body']['secret']); + $this->assertEmpty($response['body']['phrase']); + + $userId = $response['body']['userId']; + + $lastEmail = $this->getLastEmail(); + + $this->assertEquals('otpuser2@appwrite.io', $lastEmail['to'][0]['address']); + $this->assertEquals('OTP for ' . $this->getProject()['name'] . ' Login', $lastEmail['subject']); + + // FInd 6 concurrent digits in email text - OTP + preg_match_all("/\b\d{6}\b/", $lastEmail['text'], $matches); + $code = ($matches[0] ?? [])[0] ?? ''; + + $this->assertNotEmpty($code); + + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/token', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ]), [ + 'userId' => $userId, + 'secret' => $code + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + $this->assertEquals($userId, $response['body']['userId']); + $this->assertNotEmpty($response['body']['$id']); + $this->assertNotEmpty($response['body']['expire']); + $this->assertEmpty($response['body']['secret']); + + $lastEmailId = $lastEmail['id']; + $lastEmail = $this->getLastEmail(); + $this->assertEquals($lastEmailId, $lastEmail['id']); } /** diff --git a/tests/e2e/Services/Functions/FunctionsCustomClientTest.php b/tests/e2e/Services/Functions/FunctionsCustomClientTest.php index 3aaa18594e..79e7a83dda 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomClientTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomClientTest.php @@ -881,6 +881,9 @@ class FunctionsCustomClientTest extends Scope $this->assertEquals($expectedTemplates[$i]['vcsProvider'], $templates['body']['templates'][$i]['vcsProvider']); $this->assertEquals($expectedTemplates[$i]['runtimes'], $templates['body']['templates'][$i]['runtimes']); $this->assertEquals($expectedTemplates[$i]['variables'], $templates['body']['templates'][$i]['variables']); + if (array_key_exists('scopes', $expectedTemplates[$i])) { + $this->assertEquals($expectedTemplates[$i]['scopes'], $templates['body']['templates'][$i]['scopes']); + } } $templates_offset = $this->client->call(Client::METHOD_GET, '/functions/templates', array_merge([