Merge pull request #125 from authsmith/v0.7.3

V0.7.3

Author: sourabpramanik

package.json

@@ -1,6 +1,6 @@
 {
   "name": "payload-auth-plugin",
-  "version": "0.7.2",
+  "version": "0.7.3",
   "type": "module",
   "sideEffects": false,
   "author": "Sourab Pramanik<shubpramanik241@gmail.com>",

src/core/errors/apiErrors.ts

@@ -100,7 +100,7 @@ export class InternalServerError extends AuthAPIError {
 export class MissingOrInvalidVerification extends AuthAPIError {
   constructor() {
     super(
-      "Verifcation failed. Missing or invalid verification code.",
+      "Verification failed. Missing or invalid verification code.",
       ErrorKind.BadRequest,
     )
   }

src/core/protocols/email.ts

@@ -31,8 +31,11 @@ export async function OAuthAuthentication(
     picture?: string | undefined
   },
 ): Promise<Response> {
-  const { email, sub, name, scope, issuer, picture } = account
+  const { email: _email, sub, name, scope, issuer, picture } = account
   const { payload } = request
+
+  const email = _email.toLowerCase()
+
   const userRecords = await payload.find({
     collection: collections.usersCollection,
     where: {

src/core/protocols/oauth/oauth_authentication.ts

@@ -1,11 +1,5 @@
+import { parseCookies, type PayloadRequest } from "payload"
 import {
-  BasePayload,
-  getCookieExpiration,
-  parseCookies,
-  type PayloadRequest,
-} from "payload"
-import {
-  AuthenticationFailed,
   EmailAlreadyExistError,
   InvalidCredentials,
   InvalidRequestBodyError,
@@ -16,14 +10,10 @@ import {
 import { hashPassword, verifyPassword } from "../utils/password.js"
 import { SuccessKind } from "../../types.js"
 import { ephemeralCode, verifyEphemeralCode } from "../utils/hash.js"
-import {
-  APP_COOKIE_SUFFIX,
-  EPHEMERAL_CODE_COOKIE_NAME,
-} from "../../constants.js"
+import { APP_COOKIE_SUFFIX } from "../../constants.js"
 import {
   createSessionCookies,
   invalidateOAuthCookies,
-  invalidateSessionCookies,
   verifySessionCookie,
 } from "../utils/cookies.js"
 
@@ -72,11 +62,13 @@ export const PasswordSignin = async (
     return new InvalidRequestBodyError()
   }
 
+  const email = body.email.toLowerCase()
+
   const { payload } = request
   const { docs } = await payload.find({
     collection: internal.usersCollectionSlug,
     where: {
-      email: { equals: body.email },
+      email: { equals: email },
     },
     limit: 1,
   })
@@ -104,7 +96,7 @@ export const PasswordSignin = async (
     : `__${pluginType}-${APP_COOKIE_SUFFIX}`
   const signinFields = {
     id: userRecord.id,
-    email: body.email,
+    email,
     collection: internal.usersCollectionSlug,
   }
   return await redirectWithSession(
@@ -140,11 +132,12 @@ export const PasswordSignup = async (
     return new InvalidRequestBodyError()
   }
 
+  const email = body.email.toLowerCase()
   const { payload } = request
   const { docs } = await payload.find({
     collection: internal.usersCollectionSlug,
     where: {
-      email: { equals: body.email },
+      email: { equals: email },
     },
     limit: 1,
   })
@@ -162,7 +155,7 @@ export const PasswordSignup = async (
   const userRecord = await payload.create({
     collection: internal.usersCollectionSlug,
     data: {
-      email: body.email,
+      email,
       hashedPassword: hashedPassword,
       hashIterations: iterations,
       hashSalt,
@@ -176,7 +169,7 @@ export const PasswordSignup = async (
       : `__${pluginType}-${APP_COOKIE_SUFFIX}`
     const signinFields = {
       id: userRecord.id,
-      email: body.email,
+      email,
       collection: internal.usersCollectionSlug,
     }
     return await redirectWithSession(
@@ -217,11 +210,11 @@ export const ForgotPasswordInit = async (
   if (!body?.email) {
     return new InvalidRequestBodyError()
   }
-
+  const email = body.email.toLowerCase()
   const { docs } = await payload.find({
     collection: internal.usersCollectionSlug,
     where: {
-      email: { equals: body.email },
+      email: { equals: email },
     },
     limit: 1,
   })
@@ -232,7 +225,7 @@ export const ForgotPasswordInit = async (
   const { code, hash } = await ephemeralCode(6, payload.secret)
 
   await payload.sendEmail({
-    to: body.email,
+    to: email,
     subject: "Password recovery",
     html: await emailTemplate({
       verificationCode: code,
@@ -375,10 +368,12 @@ export const ResetPassword = async (
     return new InvalidRequestBodyError()
   }
 
+  const email = body.email.toLowerCase()
+
   const { docs } = await payload.find({
     collection: internal.usersCollectionSlug,
     where: {
-      email: { equals: body.email },
+      email: { equals: email },
     },
     limit: 1,
   })

src/core/protocols/password.ts

@@ -7,8 +7,6 @@ import type {
 
 type AppleAuthConfig = OAuthBaseProviderConfig
 
-const algorithm = "oauth2"
-
 const authorization_server: AuthorizationServer = {
   issuer: "https://appleid.apple.com",
   authorization_endpoint: "https://appleid.apple.com/auth/authorize",
@@ -47,13 +45,15 @@ const authorization_server: AuthorizationServer = {
  */
 
 function AppleOAuth2Provider(config: AppleAuthConfig): OAuth2ProviderConfig {
+  const { overrideScope, ...restConfig } = config
+
   return {
-    ...config,
+    ...restConfig,
     id: "apple",
-    scope: "name email",
+    scope: overrideScope ?? "name email",
     authorization_server,
     name: "Apple",
-    algorithm,
+    algorithm: "oauth2",
     params: {
       ...config.params,
       response_mode: "form_post",

src/providers/oauth2/apple.ts

@@ -49,13 +49,14 @@ type AtlassianAuthConfig = OAuthBaseProviderConfig
 function AtlassianAuthProvider(
   config: AtlassianAuthConfig,
 ): OAuth2ProviderConfig {
+  const { overrideScope, ...restConfig } = config
   return {
-    ...config,
+    ...restConfig,
     id: "atlassian",
     authorization_server,
     name: "Atlassian",
     algorithm,
-    scope: "read:me read:account",
+    scope: overrideScope ?? "read:me read:account",
     kind: "oauth",
     profile: (profile): AccountInfo => {
       return {

src/providers/oauth2/atlassian.ts

@@ -41,7 +41,7 @@ interface Auth0AuthConfig extends OAuthBaseProviderConfig {
  */
 
 function Auth0AuthProvider(config: Auth0AuthConfig): OAuth2ProviderConfig {
-  const { domain, ...restConfig } = config
+  const { domain, overrideScope, ...restConfig } = config
   const authorization_server: oauth.AuthorizationServer = {
     issuer: `https://${domain}/`,
     authorization_endpoint: `https://${domain}/authorize`,
@@ -52,7 +52,7 @@ function Auth0AuthProvider(config: Auth0AuthConfig): OAuth2ProviderConfig {
   return {
     ...restConfig,
     id: "auth0",
-    scope: "openid email profile",
+    scope: overrideScope ?? "openid email profile",
     authorization_server,
     name: "Auth0",
     algorithm: "oauth2",

src/providers/oauth2/auth0.ts

@@ -42,10 +42,12 @@ type DiscordAuthConfig = OAuthBaseProviderConfig
  */
 
 function DiscordAuthProvider(config: DiscordAuthConfig): OAuth2ProviderConfig {
+  const { overrideScope, ...restConfig } = config
+
   return {
-    ...config,
+    ...restConfig,
     id: "discord",
-    scope: "identify email",
+    scope: overrideScope ?? "identify email",
     authorization_server,
     name: "Discord",
     algorithm: "oauth2",

src/providers/oauth2/discord.ts

@@ -47,10 +47,12 @@ type FacebookAuthConfig = OAuthBaseProviderConfig
 function FacebookAuthProvider(
   config: FacebookAuthConfig,
 ): OAuth2ProviderConfig {
+  const { overrideScope, ...restConfig } = config
+
   return {
-    ...config,
+    ...restConfig,
     id: "facebook",
-    scope: "email",
+    scope: overrideScope ?? "email",
     authorization_server,
     name: "Facebook",
     algorithm: "oauth2",