feat: add test OTP support for mobile app reviews

supabase · Jul 25, 2023 · f89dd79 · f89dd79
1 parent 3cd4bd5
commit f89dd79
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 22 deletions.
diff --git a/internal/api/phone.go b/internal/api/phone.go
@@ -67,30 +67,41 @@ func (a *API) sendPhoneConfirmation(ctx context.Context, tx *storage.Connection,
 		return "", internalServerError("invalid otp type")
 	}
 
+	// intentionally keeping this before the test OTP, so that the behavior
+	// of regular and test OTPs is similar
 	if sentAt != nil && !sentAt.Add(config.Sms.MaxFrequency).Before(time.Now()) {
 		return "", MaxFrequencyLimitError
 	}
-	oldToken := *token
-	otp, err := crypto.GenerateOtp(config.Sms.OtpLength)
-	if err != nil {
-		return "", internalServerError("error generating otp").WithInternalError(err)
-	}
-	*token = crypto.GenerateTokenHash(phone, otp)
 
-	var message string
-	if config.Sms.Template == "" {
-		message = fmt.Sprintf(defaultSmsMessage, otp)
-	} else {
-		message = strings.Replace(config.Sms.Template, "{{ .Code }}", otp, -1)
+	now := time.Now()
+
+	var otp, messageID string
+
+	if testOTP, ok := config.Sms.GetTestOTP(phone, now); ok {
+		otp = testOTP
+		messageID = "test-otp"
 	}
 
-	messageID, serr := smsProvider.SendMessage(phone, message, channel)
-	if serr != nil {
-		*token = oldToken
-		return messageID, serr
+	if otp == "" { // not using test OTPs
+		otp, err := crypto.GenerateOtp(config.Sms.OtpLength)
+		if err != nil {
+			return "", internalServerError("error generating otp").WithInternalError(err)
+		}
+
+		var message string
+		if config.Sms.Template == "" {
+			message = fmt.Sprintf(defaultSmsMessage, otp)
+		} else {
+			message = strings.Replace(config.Sms.Template, "{{ .Code }}", otp, -1)
+		}
+
+		messageID, err = smsProvider.SendMessage(phone, message, channel)
+		if err != nil {
+			return messageID, err
+		}
 	}
 
-	now := time.Now()
+	*token = crypto.GenerateTokenHash(phone, otp)
 
 	switch otpType {
 	case phoneConfirmationOtp:

diff --git a/internal/api/phone_test.go b/internal/api/phone_test.go
@@ -166,6 +166,19 @@ func (ts *PhoneTestSuite) TestMissingSmsProviderConfig() {
 				"message": "Error sending sms:",
 			},
 		},
+		{
+			desc:     "Sms OTP with test phone number",
+			endpoint: "/otp",
+			method:   http.MethodPost,
+			header:   "",
+			body: map[string]string{
+				"phone": "555555555",
+			},
+			expected: map[string]interface{}{
+				"code":    http.StatusBadRequest,
+				"message": "Error sending sms:",
+			},
+		},
 		{
 			desc:     "Phone change",
 			endpoint: "/user",
@@ -198,6 +211,10 @@ func (ts *PhoneTestSuite) TestMissingSmsProviderConfig() {
 	ts.Config.Sms.Messagebird.AccessKey = ""
 	ts.Config.Sms.Textlocal.ApiKey = ""
 	ts.Config.Sms.Vonage.ApiKey = ""
+	ts.Config.Sms.TestOTP = map[string]string{
+		"555555555": "555555",
+	}
+
 	for _, c := range cases {
 		for _, provider := range smsProviders {
 			ts.Config.Sms.Provider = provider

diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
@@ -221,19 +221,31 @@ type PhoneProviderConfiguration struct {
 }
 
 type SmsProviderConfiguration struct {
-	Autoconfirm  bool                              `json:"autoconfirm"`
-	MaxFrequency time.Duration                     `json:"max_frequency" split_words:"true"`
-	OtpExp       uint                              `json:"otp_exp" split_words:"true"`
-	OtpLength    int                               `json:"otp_length" split_words:"true"`
-	Provider     string                            `json:"provider"`
-	Template     string                            `json:"template"`
+	Autoconfirm       bool              `json:"autoconfirm"`
+	MaxFrequency      time.Duration     `json:"max_frequency" split_words:"true"`
+	OtpExp            uint              `json:"otp_exp" split_words:"true"`
+	OtpLength         int               `json:"otp_length" split_words:"true"`
+	Provider          string            `json:"provider"`
+	Template          string            `json:"template"`
+	TestOTP           map[string]string `json:"test_otp" split_words:"true"`
+	TestOTPValidUntil time.Time         `json:"test_otp_valid_until" split_words:"true"`
+
 	Twilio       TwilioProviderConfiguration       `json:"twilio"`
 	TwilioVerify TwilioVerifyProviderConfiguration `json:"twilio_verify" split_words:"true"`
 	Messagebird  MessagebirdProviderConfiguration  `json:"messagebird"`
 	Textlocal    TextlocalProviderConfiguration    `json:"textlocal"`
 	Vonage       VonageProviderConfiguration       `json:"vonage"`
 }
 
+func (c *SmsProviderConfiguration) GetTestOTP(phone string, now time.Time) (string, bool) {
+	if c.TestOTP != nil && (c.TestOTPValidUntil.IsZero() || now.Before(c.TestOTPValidUntil)) {
+		testOTP, ok := c.TestOTP[phone]
+		return testOTP, ok
+	}
+
+	return "", false
+}
+
 type TwilioProviderConfiguration struct {
 	AccountSid        string `json:"account_sid" split_words:"true"`
 	AuthToken         string `json:"auth_token" split_words:"true"`