refactor(core): refactor the interaction set profile flow

refactor the interaction set profile flow

packages/core/src/routes/experience/classes/experience-interaction.ts

@@ -1,19 +1,19 @@
 import { type ToZodObject } from '@logto/connector-kit';
-import {
-  InteractionEvent,
-  VerificationType,
-  type UpdateProfileApiPayload,
-  type User,
-} from '@logto/schemas';
-import { conditional, removeUndefinedKeys } from '@silverhand/essentials';
+import { InteractionEvent, type User } from '@logto/schemas';
+import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
 import RequestError from '#src/errors/RequestError/index.js';
 import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { interactionProfileGuard, type Interaction, type InteractionProfile } from '../types.js';
+import {
+  interactionProfileGuard,
+  type Interaction,
+  type InteractionContext,
+  type InteractionProfile,
+} from '../types.js';
 
 import {
   getNewUserProfileFromVerificationRecord,
@@ -56,14 +56,14 @@ const interactionStorageGuard = z.object({
 export default class ExperienceInteraction {
   public readonly signInExperienceValidator: SignInExperienceValidator;
   public readonly provisionLibrary: ProvisionLibrary;
+  readonly profile: Profile;
 
   /** The user verification record list for the current interaction. */
   private readonly verificationRecords = new VerificationRecordsMap();
   /** The userId of the user for the current interaction. Only available once the user is identified. */
   private userId?: string;
   private userCache?: User;
   /** The user provided profile data in the current interaction that needs to be stored to database. */
-  readonly #profile: Profile;
   /** The interaction event for the current interaction. */
   #interactionEvent?: InteractionEvent;
 
@@ -83,8 +83,14 @@ export default class ExperienceInteraction {
     this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
     this.provisionLibrary = new ProvisionLibrary(tenant, ctx);
 
+    const interactionContext: InteractionContext = {
+      getIdentifierUser: async () => this.getIdentifiedUser(),
+      getVerificationRecordByTypeAndId: (type, verificationId) =>
+        this.getVerificationRecordByTypeAndId(type, verificationId),
+    };
+
     if (!interactionDetails) {
-      this.#profile = new Profile(libraries, queries, {}, async () => this.getIdentifiedUser());
+      this.profile = new Profile(libraries, queries, {}, interactionContext);
       return;
     }
 
@@ -100,7 +106,7 @@ export default class ExperienceInteraction {
 
     this.#interactionEvent = interactionEvent;
     this.userId = userId;
-    this.#profile = new Profile(libraries, queries, profile, async () => this.getIdentifiedUser());
+    this.profile = new Profile(libraries, queries, profile, interactionContext);
 
     for (const record of verificationRecords) {
       const instance = buildVerificationRecord(libraries, queries, record);
@@ -202,42 +208,6 @@ export default class ExperienceInteraction {
     return record;
   }
 
-  public async addUserProfile({ email, phone, username, password }: UpdateProfileApiPayload) {
-    // Guard current interaction event is MFA verified
-    await this.guardMfaVerificationStatus();
-
-    const primaryEmail =
-      email &&
-      this.getVerificationRecordByTypeAndId(
-        VerificationType.EmailVerificationCode,
-        email.verificationId
-      ).toUserProfile().primaryEmail;
-
-    const primaryPhone =
-      phone &&
-      this.getVerificationRecordByTypeAndId(
-        VerificationType.PhoneVerificationCode,
-        phone.verificationId
-      ).toUserProfile().primaryPhone;
-
-    await this.#profile.setProfileWithValidation(
-      removeUndefinedKeys({
-        primaryEmail,
-        primaryPhone,
-        username,
-      })
-    );
-
-    if (password) {
-      await this.#profile.setPasswordDigest(password);
-    }
-  }
-
-  public async resetPassword(password: string) {
-    await this.getIdentifiedUser();
-    await this.#profile.setPasswordDigest(password, true);
-  }
-
   /**
    * Validate the interaction verification records against the sign-in experience and user MFA settings.
    * The interaction is verified if at least one user enabled MFA verification record is present and verified.
@@ -249,7 +219,6 @@ export default class ExperienceInteraction {
     const user = await this.getIdentifiedUser();
     const mfaSettings = await this.signInExperienceValidator.getMfaSettings();
     const mfaValidator = new MfaValidator(mfaSettings, user);
-
     const isVerified = mfaValidator.isMfaVerified(this.verificationRecordsArray);
 
     assertThat(
@@ -307,7 +276,7 @@ export default class ExperienceInteraction {
 
     // Forgot Password: No need to verify MFAs and profile data for forgot password flow
     if (this.#interactionEvent === InteractionEvent.ForgotPassword) {
-      const { passwordEncrypted, passwordEncryptionMethod } = this.#profile.data;
+      const { passwordEncrypted, passwordEncryptionMethod } = this.profile.data;
 
       assertThat(
         passwordEncrypted && passwordEncryptionMethod,
@@ -330,12 +299,12 @@ export default class ExperienceInteraction {
     await this.guardMfaVerificationStatus();
 
     // Revalidate the new profile data if any
-    await this.#profile.checkAvailability();
+    await this.profile.validateAvailability();
 
     // Profile fulfilled
-    await this.#profile.assertUserMandatoryProfileFulfilled();
+    await this.profile.assertUserMandatoryProfileFulfilled();
 
-    const { socialIdentity, enterpriseSsoIdentity, ...rest } = this.#profile.data;
+    const { socialIdentity, enterpriseSsoIdentity, ...rest } = this.profile.data;
 
     // Update user profile
     await userQueries.updateUserById(user.id, {
@@ -373,7 +342,7 @@ export default class ExperienceInteraction {
     return {
       interactionEvent,
       userId,
-      profile: this.#profile.data,
+      profile: this.profile.data,
       verificationRecords: this.verificationRecordsArray.map((record) => record.toJson()),
     };
   }
@@ -422,7 +391,7 @@ export default class ExperienceInteraction {
     // Note: The profile data is not saved to the user profile until the user submits the interaction.
     // Also no need to validate the synced profile data availability as it is already validated during the identification process.
     if (syncedProfile) {
-      this.#profile.unsafeSet(syncedProfile);
+      this.profile.unsafeSet(syncedProfile);
     }
   }
 
@@ -434,7 +403,7 @@ export default class ExperienceInteraction {
    */
   private async createNewUser(verificationRecord: VerificationRecord) {
     const newProfile = await getNewUserProfileFromVerificationRecord(verificationRecord);
-    await this.#profile.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
+    await this.profile.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
 
     const user = await this.provisionLibrary.createUser(newProfile);
 

packages/core/src/routes/experience/classes/profile.ts

@@ -1,14 +1,14 @@
-import { type User } from '@logto/schemas';
+import { type VerificationType } from '@logto/schemas';
 
 import RequestError from '#src/errors/RequestError/index.js';
 import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 
-import { type InteractionProfile } from '../types.js';
+import { type InteractionContext, type InteractionProfile } from '../types.js';
 
-import { PasswordValidator } from './validators/password-validator.js';
-import { ProfileValidator } from './validators/profile-validator.js';
-import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
+import { PasswordValidator } from './libraries/password-validator.js';
+import { ProfileValidator } from './libraries/profile-validator.js';
+import { SignInExperienceValidator } from './libraries/sign-in-experience-validator.js';
 
 export class Profile {
   readonly profileValidator: ProfileValidator;
@@ -19,7 +19,7 @@ export class Profile {
     private readonly libraries: Libraries,
     queries: Queries,
     data: InteractionProfile,
-    private readonly getUserFromContext: () => Promise<User>
+    private readonly interactionContext: InteractionContext
   ) {
     this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
     this.profileValidator = new ProfileValidator(queries);
@@ -31,13 +31,31 @@ export class Profile {
   }
 
   /**
-   * Sets the profile data with validation.
+   * Set the identified email or phone to the profile using the verification record.
+   *
+   * @throws {RequestError} 422 if the profile data already exists in the current user account.
+   * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
+   */
+  async setProfileByVerificationRecord(
+    type: VerificationType.EmailVerificationCode | VerificationType.PhoneVerificationCode,
+    verificationId: string
+  ) {
+    const verificationRecord = this.interactionContext.getVerificationRecordByTypeAndId(
+      type,
+      verificationId
+    );
+    const profile = verificationRecord.toUserProfile();
+    await this.setProfileWithValidation(profile);
+  }
+
+  /**
+   * Set the profile data with validation.
    *
    * @throws {RequestError} 422 if the profile data already exists in the current user account.
    * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
    */
   async setProfileWithValidation(profile: InteractionProfile) {
-    const user = await this.getUserFromContext();
+    const user = await this.interactionContext.getIdentifierUser();
     this.profileValidator.guardProfileNotExistInCurrentUserAccount(user, profile);
     await this.profileValidator.guardProfileUniquenessAcrossUsers(profile);
     this.unsafeSet(profile);
@@ -50,8 +68,8 @@ export class Profile {
    * @throws {RequestError} 422 if the password does not meet the password policy.
    * @throws {RequestError} 422 if the password is the same as the current user's password.
    */
-  async setPasswordDigest(password: string, reset = false) {
-    const user = await this.getUserFromContext();
+  async setPasswordDigestWithValidation(password: string, reset = false) {
+    const user = await this.interactionContext.getIdentifierUser();
     const passwordPolicy = await this.signInExperienceValidator.getPasswordPolicy();
     const passwordValidator = new PasswordValidator(passwordPolicy, user);
     await passwordValidator.validatePassword(password, this.#data);
@@ -70,8 +88,8 @@ export class Profile {
    * @throws {RequestError} 422 if the profile data already exists in the current user account.
    * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
    */
-  async checkAvailability() {
-    const user = await this.getUserFromContext();
+  async validateAvailability() {
+    const user = await this.interactionContext.getIdentifierUser();
     this.profileValidator.guardProfileNotExistInCurrentUserAccount(user, this.#data);
     await this.profileValidator.guardProfileUniquenessAcrossUsers(this.#data);
   }
@@ -80,7 +98,7 @@ export class Profile {
    * Checks if the user has fulfilled the mandatory profile fields.
    */
   async assertUserMandatoryProfileFulfilled() {
-    const user = await this.getUserFromContext();
+    const user = await this.interactionContext.getIdentifierUser();
     const mandatoryProfileFields =
       await this.signInExperienceValidator.getMandatoryUserProfileBySignUpMethods();
 

packages/core/src/routes/experience/classes/verifications/code-verification.ts

@@ -5,6 +5,7 @@ import {
   VerificationType,
   type User,
   type VerificationCodeIdentifier,
+  type VerificationCodeSignInIdentifier,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { z } from 'zod';
@@ -67,6 +68,11 @@ export type CodeVerificationRecordData<T extends CodeVerificationType = CodeVeri
   verified: boolean;
 };
 
+export const identifierCodeVerificationTypeMap = Object.freeze({
+  [SignInIdentifier.Email]: VerificationType.EmailVerificationCode,
+  [SignInIdentifier.Phone]: VerificationType.PhoneVerificationCode,
+}) satisfies Record<VerificationCodeSignInIdentifier, CodeVerificationType>;
+
 /**
  * This is the parent class for `EmailCodeVerification` and `PhoneCodeVerification`. Not publicly exposed.
  */

packages/core/src/routes/experience/profile-routes.ts

@@ -1,4 +1,4 @@
-import { InteractionEvent, updateProfileApiPayloadGuard } from '@logto/schemas';
+import { InteractionEvent, SignInIdentifier, updateProfileApiPayloadGuard } from '@logto/schemas';
 import type Router from 'koa-router';
 import { z } from 'zod';
 
@@ -8,14 +8,15 @@ import koaGuard from '#src/middleware/koa-guard.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
 
+import { identifierCodeVerificationTypeMap } from './classes/verifications/code-verification.js';
 import { experienceRoutes } from './const.js';
 import { type WithExperienceInteractionContext } from './middleware/koa-experience-interaction.js';
 
 export default function interactionProfileRoutes<T extends WithLogContext>(
   router: Router<unknown, WithExperienceInteractionContext<T>>,
   tenant: TenantContext
 ) {
-  router.patch(
+  router.post(
     `${experienceRoutes.profile}`,
     koaGuard({
       body: updateProfileApiPayloadGuard,
@@ -33,16 +34,40 @@ export default function interactionProfileRoutes<T extends WithLogContext>(
         })
       );
 
+      // Guard MFA verification status
+      await experienceInteraction.guardMfaVerificationStatus();
+
       const profilePayload = guard.body;
 
-      await experienceInteraction.addUserProfile(profilePayload);
+      switch (profilePayload.type) {
+        case SignInIdentifier.Email:
+        case SignInIdentifier.Phone: {
+          const verificationType = identifierCodeVerificationTypeMap[profilePayload.type];
+          await experienceInteraction.profile.setProfileByVerificationRecord(
+            verificationType,
+            profilePayload.verificationId
+          );
+          break;
+        }
+        case SignInIdentifier.Username: {
+          await experienceInteraction.profile.setProfileWithValidation({
+            username: profilePayload.value,
+          });
+          break;
+        }
+        case 'password': {
+          await experienceInteraction.profile.setPasswordDigestWithValidation(profilePayload.value);
+        }
+      }
+
       await experienceInteraction.save();
 
       ctx.status = 204;
 
       return next();
     }
   );
+
   router.put(
     `${experienceRoutes.profile}/password`,
     koaGuard({
@@ -63,7 +88,16 @@ export default function interactionProfileRoutes<T extends WithLogContext>(
         })
       );
 
-      await experienceInteraction.resetPassword(password);
+      // Guard interaction is identified
+      assertThat(
+        experienceInteraction.identifiedUserId,
+        new RequestError({
+          code: 'session.identifier_not_found',
+          status: 404,
+        })
+      );
+
+      await experienceInteraction.profile.setPasswordDigestWithValidation(password, true);
       await experienceInteraction.save();
 
       ctx.status = 204;