From dc2391d15f2c0725710aa388cd32a18797e6769c Mon Sep 17 00:00:00 2001
From: Stojan Dimitrovski <sdimitrovski@gmail.com>
Date: Wed, 21 Aug 2024 15:52:05 +0200
Subject: [PATCH] fix: custom SMS does not work with Twilio Verify (#1733)

Custom SMS verification did not work if Twilio Verify was enabled.
Furthermore, test OTP flow was misplaced.
---
 internal/api/verify.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/internal/api/verify.go b/internal/api/verify.go
index 97a13b93b..74a25bd85 100644
--- a/internal/api/verify.go
+++ b/internal/api/verify.go
@@ -688,6 +688,12 @@ func (a *API) verifyUserAndToken(conn *storage.Connection, params *VerifyParams,
 		isValid = isOtpValid(tokenHash, user.EmailChangeTokenCurrent, user.EmailChangeSentAt, config.Mailer.OtpExp) ||
 			isOtpValid(tokenHash, user.EmailChangeTokenNew, user.EmailChangeSentAt, config.Mailer.OtpExp)
 	case phoneChangeVerification, smsVerification:
+		if testOTP, ok := config.Sms.GetTestOTP(params.Phone, time.Now()); ok {
+			if params.Token == testOTP {
+				return user, nil
+			}
+		}
+
 		phone := params.Phone
 		sentAt := user.ConfirmationSentAt
 		expectedToken := user.ConfirmationToken
@@ -696,12 +702,8 @@ func (a *API) verifyUserAndToken(conn *storage.Connection, params *VerifyParams,
 			sentAt = user.PhoneChangeSentAt
 			expectedToken = user.PhoneChangeToken
 		}
-		if config.Sms.IsTwilioVerifyProvider() {
-			if testOTP, ok := config.Sms.GetTestOTP(params.Phone, time.Now()); ok {
-				if params.Token == testOTP {
-					return user, nil
-				}
-			}
+
+		if !config.Hook.SendSMS.Enabled && config.Sms.IsTwilioVerifyProvider() {
 			if err := smsProvider.(*sms_provider.TwilioVerifyProvider).VerifyOTP(phone, params.Token); err != nil {
 				return nil, forbiddenError(ErrorCodeOTPExpired, "Token has expired or is invalid").WithInternalError(err)
 			}