MCPcopy Index your code
hub / github.com/supabase/auth / verifyReauthentication

Method verifyReauthentication

internal/api/reauthenticate.go:70–99  ·  view source on GitHub ↗

verifyReauthentication checks if the nonce provided is valid

(nonce string, tx *storage.Connection, config *conf.GlobalConfiguration, user *models.User)

Source from the content-addressed store, hash-verified

68
69// verifyReauthentication checks if the nonce provided is valid
70func (a *API) verifyReauthentication(nonce string, tx *storage.Connection, config *conf.GlobalConfiguration, user *models.User) error {
71 if user.ReauthenticationToken == "" || user.ReauthenticationSentAt == nil {
72 return apierrors.NewUnprocessableEntityError(apierrors.ErrorCodeReauthenticationNotValid, InvalidNonceMessage)
73 }
74 var isValid bool
75 if user.GetEmail() != "" {
76 tokenHash := crypto.GenerateTokenHash(user.GetEmail(), nonce)
77 isValid = isOtpValid(tokenHash, user.ReauthenticationToken, user.ReauthenticationSentAt, config.Mailer.OtpExp)
78 } else if user.GetPhone() != "" {
79 if config.Sms.IsTwilioVerifyProvider() {
80 smsProvider, _ := sms_provider.GetSmsProvider(*config)
81 if err := smsProvider.(*sms_provider.TwilioVerifyProvider).VerifyOTP(string(user.Phone), nonce); err != nil {
82 return apierrors.NewForbiddenError(apierrors.ErrorCodeOTPExpired, "Token has expired or is invalid").WithInternalError(err)
83 }
84 return nil
85 } else {
86 tokenHash := crypto.GenerateTokenHash(user.GetPhone(), nonce)
87 isValid = isOtpValid(tokenHash, user.ReauthenticationToken, user.ReauthenticationSentAt, config.Sms.OtpExp)
88 }
89 } else {
90 return apierrors.NewUnprocessableEntityError(apierrors.ErrorCodeReauthenticationNotValid, "Reauthentication requires an email or a phone number")
91 }
92 if !isValid {
93 return apierrors.NewUnprocessableEntityError(apierrors.ErrorCodeReauthenticationNotValid, InvalidNonceMessage)
94 }
95 if err := user.ConfirmReauthentication(tx); err != nil {
96 return apierrors.NewInternalServerError("Error during reauthentication").WithInternalError(err)
97 }
98 return nil
99}

Callers 1

UserUpdateMethod · 0.95

Calls 12

GenerateTokenHashFunction · 0.92
GetSmsProviderFunction · 0.92
NewForbiddenErrorFunction · 0.92
NewInternalServerErrorFunction · 0.92
isOtpValidFunction · 0.85
GetPhoneMethod · 0.80
VerifyOTPMethod · 0.65
GetEmailMethod · 0.45
WithInternalErrorMethod · 0.45

Tested by

no test coverage detected