Implement 'inviteCode' and 'nonce' lengths via 'registration.js' in backend and webapp

backend/src/constants/registration.js

@@ -0,0 +1,5 @@
+// this file is duplicated in `backend/src/config/metadata.js` and `webapp/constants/metadata.js`
+export default {
+  NONCE_LENGTH: 5,
+  INVITE_CODE_LENGTH: 6,
+}

backend/src/schema/resolvers/emails.spec.js

@@ -158,7 +158,7 @@ describe('VerifyEmailAddress', () => {
   `
 
   beforeEach(() => {
-    variables = { ...variables, email: 'to-be-verified@example.org', nonce: '123456' }
+    variables = { ...variables, email: 'to-be-verified@example.org', nonce: '12345' }
   })
 
   describe('unauthenticated', () => {

backend/src/schema/resolvers/helpers/generateInviteCode.js

@@ -1,8 +1,13 @@
+import CONSTANTS_REGISTRATION from './../../../constants/registration'
+
 export default function generateInviteCode() {
   // 6 random numbers in [ 0, 35 ] are 36 possible numbers (10 [0-9] + 26 [A-Z])
-  return Array.from({ length: 6 }, (n = Math.floor(Math.random() * 36)) => {
+  return Array.from(
-    // n > 9: it is a letter (ASCII 65 is A) -> 10 + 55 = 65
+    { length: CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH },
-    // else: it is a number (ASCII 48 is 0) -> 0 + 48 = 48
+    (n = Math.floor(Math.random() * 36)) => {
-    return String.fromCharCode(n > 9 ? n + 55 : n + 48)
+      // n > 9: it is a letter (ASCII 65 is A) -> 10 + 55 = 65
-  }).join('')
+      // else: it is a number (ASCII 48 is 0) -> 0 + 48 = 48
+      return String.fromCharCode(n > 9 ? n + 55 : n + 48)
+    },
+  ).join('')
 }

backend/src/schema/resolvers/helpers/generateNonce.js

@@ -1,5 +1,11 @@
+import CONSTANTS_REGISTRATION from './../../../constants/registration'
+
+// TODO: why this is not used in resolver 'requestPasswordReset'?
 export default function generateNonce() {
-  return Array.from({ length: 5 }, (n = Math.floor(Math.random() * 10)) => {
+  return Array.from(
-    return String.fromCharCode(n + 48)
+    { length: CONSTANTS_REGISTRATION.NONCE_LENGTH },
-  }).join('')
+    (n = Math.floor(Math.random() * 10)) => {
+      return String.fromCharCode(n + 48)
+    },
+  ).join('')
 }

backend/src/schema/resolvers/inviteCodes.spec.js

@@ -3,6 +3,7 @@ import { getDriver } from '../../db/neo4j'
 import { gql } from '../../helpers/jest'
 import createServer from '../../server'
 import { createTestClient } from 'apollo-server-testing'
+import CONSTANTS_REGISTRATION from './../../constants/registration'
 
 let user
 let query
@@ -107,7 +108,11 @@ describe('inviteCodes', () => {
           errors: undefined,
           data: {
             GenerateInviteCode: {
-              code: expect.stringMatching(/^[0-9A-Z]{6,6}$/),
+              code: expect.stringMatching(
+                new RegExp(
+                  `^[0-9A-Z]{${CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH},${CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH}}$`,
+                ),
+              ),
               expiresAt: null,
               createdAt: expect.any(String),
             },
@@ -129,7 +134,11 @@ describe('inviteCodes', () => {
           errors: undefined,
           data: {
             GenerateInviteCode: {
-              code: expect.stringMatching(/^[0-9A-Z]{6,6}$/),
+              code: expect.stringMatching(
+                new RegExp(
+                  `^[0-9A-Z]{${CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH},${CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH}}$`,
+                ),
+              ),
               expiresAt: nextWeek.toISOString(),
               createdAt: expect.any(String),
             },

backend/src/schema/resolvers/passwordReset.js

@@ -1,11 +1,13 @@
 import { v4 as uuid } from 'uuid'
 import bcrypt from 'bcryptjs'
+import CONSTANTS_REGISTRATION from './../../constants/registration'
 import createPasswordReset from './helpers/createPasswordReset'
 
 export default {
   Mutation: {
     requestPasswordReset: async (_parent, { email }, { driver }) => {
-      const nonce = uuid().substring(0, 6)
+      // TODO: why this is generated differntly from 'backend/src/schema/resolvers/helpers/generateNonce.js'?
+      const nonce = uuid().substring(0, CONSTANTS_REGISTRATION.NONCE_LENGTH)
       return createPasswordReset({ driver, nonce, email })
     },
     resetPassword: async (_parent, { email, nonce, newPassword }, { driver }) => {

backend/src/schema/resolvers/passwordReset.spec.js

@@ -1,6 +1,7 @@
 import Factory, { cleanDatabase } from '../../db/factories'
 import { gql } from '../../helpers/jest'
 import { getNeode, getDriver } from '../../db/neo4j'
+import CONSTANTS_REGISTRATION from './../../constants/registration'
 import createPasswordReset from './helpers/createPasswordReset'
 import createServer from '../../server'
 import { createTestClient } from 'apollo-server-testing'
@@ -109,7 +110,7 @@ describe('passwordReset', () => {
           const resets = await getAllPasswordResets()
           const [reset] = resets
           const { nonce } = reset.properties
-          expect(nonce).toHaveLength(6)
+          expect(nonce).toHaveLength(CONSTANTS_REGISTRATION.NONCE_LENGTH)
         })
       })
     })
@@ -118,7 +119,7 @@ describe('passwordReset', () => {
 
 describe('resetPassword', () => {
   const setup = async (options = {}) => {
-    const { email = 'user@example.org', issuedAt = new Date(), nonce = 'abcde' } = options
+    const { email = 'user@example.org', issuedAt = new Date(), nonce = '12345' } = options
     await createPasswordReset({ driver, email, issuedAt, nonce })
   }
 
@@ -148,7 +149,7 @@ describe('resetPassword', () => {
     describe('invalid email', () => {
       it('resolves to false', async () => {
         await setup()
-        variables = { ...variables, email: 'non-existent@example.org', nonce: 'abcde' }
+        variables = { ...variables, email: 'non-existent@example.org', nonce: '12345' }
         await expect(mutate({ mutation, variables })).resolves.toMatchObject({
           data: { resetPassword: false },
         })
@@ -162,7 +163,7 @@ describe('resetPassword', () => {
 
       describe('but invalid nonce', () => {
         beforeEach(() => {
-          variables = { ...variables, nonce: 'slkdjf' }
+          variables = { ...variables, nonce: 'slkdj' }
         })
 
         it('resolves to false', async () => {
@@ -177,7 +178,7 @@ describe('resetPassword', () => {
         beforeEach(() => {
           variables = {
             ...variables,
-            nonce: 'abcde',
+            nonce: '12345',
           }
         })
 

webapp/components/Registration/RegistrationSlideInvite.vue

@@ -22,6 +22,7 @@
 
 <script>
 import gql from 'graphql-tag'
+import CONSTANTS_REGISTRATION from './../../constants/registration'
 
 export const isValidInviteCodeQuery = gql`
   query($code: ID!) {
@@ -41,10 +42,12 @@ export default {
       formSchema: {
         inviteCode: {
           type: 'string',
-          min: 6,
+          min: CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH,
-          max: 6,
+          max: CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH,
           required: true,
-          message: this.$t('components.registration.invite-code.form.validations.length'),
+          message: this.$t('components.registration.invite-code.form.validations.length', {
+            inviteCodeLength: CONSTANTS_REGISTRATION.INVITE_CODE_LENGTH,
+          }),
         },
       },
       dbRequestInProgress: false,

webapp/components/Registration/RegistrationSlideNonce.vue

@@ -25,6 +25,8 @@
 <script>
 import gql from 'graphql-tag'
 import { isEmail } from 'validator'
+import CONSTANTS_REGISTRATION from './../../constants/registration'
+
 import EmailDisplayAndVerify from './EmailDisplayAndVerify'
 
 export const verifyNonceQuery = gql`
@@ -48,10 +50,12 @@ export default {
       formSchema: {
         nonce: {
           type: 'string',
-          min: 5,
+          min: CONSTANTS_REGISTRATION.NONCE_LENGTH,
-          max: 5,
+          max: CONSTANTS_REGISTRATION.NONCE_LENGTH,
           required: true,
-          message: this.$t('components.registration.email-nonce.form.validations.length'),
+          message: this.$t('components.registration.email-nonce.form.validations.length', {
+            nonceLength: CONSTANTS_REGISTRATION.NONCE_LENGTH,
+          }),
         },
       },
       dbRequestInProgress: false,

webapp/constants/registration.js

@@ -0,0 +1,5 @@
+// this file is duplicated in `backend/src/config/metadata.js` and `webapp/constants/metadata.js`
+export default {
+  NONCE_LENGTH: 5,
+  INVITE_CODE_LENGTH: 6,
+}

webapp/locales/de.json

@@ -170,7 +170,7 @@
           "nonce": "E-Mail-Code: 32143",
           "validations": {
             "error": "Ungültiger Bestätigungs-Code <b>{nonce}</b> für E-Mail <b>{email}</b>!",
-            "length": "muss genau 5 Buchstaben lang sein",
+            "length": "muss genau {nonceLength} Buchstaben lang sein",
             "success": "Gültiger Bestätigungs-Code <b>{nonce}</b> für E-Mail <b>{email}</b>!"
           }
         },
@@ -184,7 +184,7 @@
           "next": "Weiter",
           "validations": {
             "error": "Ungültiger Einladungs-Code <b>{inviteCode}</b>!",
-            "length": "muss genau 6 Buchstaben lang sein",
+            "length": "muss genau {inviteCodeLength} Buchstaben lang sein",
             "success": "Gültiger Einladungs-Code <b>{inviteCode}</b>!"
           }
         }

webapp/locales/en.json

@@ -170,7 +170,7 @@
           "nonce": "E-mail code: 32143",
           "validations": {
             "error": "Invalid verification code <b>{nonce}</b> for e-mail <b>{email}</b>!",
-            "length": "must be 5 characters long",
+            "length": "must be {nonceLength} characters long",
             "success": "Valid verification code <b>{nonce}</b> for e-mail <b>{email}</b>!"
           }
         },
@@ -184,7 +184,7 @@
           "next": "Continue",
           "validations": {
             "error": "Invalid invite code <b>{inviteCode}</b>!",
-            "length": "must be 6 characters long",
+            "length": "must be {inviteCodeLength} characters long",
             "success": "Valid invite code <b>{inviteCode}</b>!"
           }
         }

webapp/locales/es.json

@@ -143,7 +143,7 @@
           "next": "Continuar",
           "nonce": "Introduzca el código",
           "validations": {
-            "length": "debe tener exactamente 5 letras"
+            "length": "debe tener exactamente {nonceLength} letras"
           }
         }
       },

webapp/locales/fr.json

@@ -143,7 +143,7 @@
           "next": "Continuer",
           "nonce": "Entrez votre code",
           "validations": {
-            "length": "doit comporter 5 caractères"
+            "length": "doit comporter {nonceLength} caractères"
           }
         }
       },

webapp/locales/pl.json

@@ -104,7 +104,7 @@
           "next": "Kontynuuj",
           "nonce": "Wprowadź swój kod",
           "validations": {
-            "length": "musi mieć długość 5 znaków."
+            "length": "musi mieć długość {nonceLength} znaków."
           }
         }
       }

webapp/locales/pt.json

@@ -190,7 +190,7 @@
           "next": "Continue",
           "nonce": "Digite seu código",
           "validations": {
-            "length": "deve ter 5 caracteres"
+            "length": "deve ter {nonceLength} caracteres"
           }
         }
       },

webapp/locales/ru.json

@@ -143,7 +143,7 @@
           "next": "Продолжить",
           "nonce": "Введите код",
           "validations": {
-            "length": "длина должна быть 5 символов"
+            "length": "длина должна быть {nonceLength} символов"
           }
         }
       },