Merge pull request #513 from supertokens/fix/emailverification-claim

feat!: remove default maxAgeInSeconds in emailverification claim

Author: porcellus

CHANGELOG.md

@@ -8,6 +8,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.24.0] - 2024-07-10
+
+### Breaking change
+
+-   Removes the default `max_age_in_seconds` value (previously 300 seconds) in EmailVerification Claim. If the claim value is true and `max_age_in_seconds` is not provided, it will not be refetched.
+
 ## [0.23.1] - 2024-07-09
 
 ### Changes

setup.py

@@ -83,7 +83,7 @@
 
 setup(
     name="supertokens_python",
-    version="0.23.1",
+    version="0.24.0",
     author="SuperTokens",
     license="Apache 2.0",
     author_email="[email protected]",

supertokens_python/constants.py

@@ -14,7 +14,7 @@
 from __future__ import annotations
 
 SUPPORTED_CDI_VERSIONS = ["3.0"]
-VERSION = "0.23.1"
+VERSION = "0.24.0"
 TELEMETRY = "/telemetry"
 USER_COUNT = "/users/count"
 USER_DELETE = "/user/remove"

supertokens_python/recipe/emailverification/recipe.py

@@ -280,18 +280,15 @@ def add_get_email_for_user_id_func(self, f: TypeGetEmailForUserIdFunction):
 
 
 class EmailVerificationClaimValidators(BooleanClaimValidators):
-    def __init__(self, claim: EmailVerificationClaimClass, default_max_age_in_sec: int):
-        super().__init__(claim, default_max_age_in_sec)
-        # required to override the type as "int":
-        self.default_max_age_in_sec = default_max_age_in_sec
+    def __init__(self, claim: EmailVerificationClaimClass):
+        super().__init__(claim, None)
 
     def is_verified(
         self,
         refetch_time_on_false_in_seconds: int = 10,
         max_age_in_seconds: Optional[int] = None,
         id_: Optional[str] = None,
     ) -> SessionClaimValidator:
-        max_age_in_seconds = max_age_in_seconds or self.default_max_age_in_sec
 
         assert isinstance(self.claim, EmailVerificationClaimClass)
         return IsVerifiedSCV(
@@ -305,8 +302,6 @@ def is_verified(
 
 class EmailVerificationClaimClass(BooleanClaim):
     def __init__(self):
-        default_max_age_in_sec = 300
-
         async def fetch_value(
             user_id: str, _tenant_id: str, user_context: Dict[str, Any]
         ) -> bool:
@@ -322,11 +317,9 @@ async def fetch_value(
                 return True
             raise Exception("UNKNOWN_USER_ID")
 
-        super().__init__("st-ev", fetch_value, default_max_age_in_sec)
+        super().__init__("st-ev", fetch_value, None)
 
-        self.validators = EmailVerificationClaimValidators(
-            claim=self, default_max_age_in_sec=default_max_age_in_sec
-        )
+        self.validators = EmailVerificationClaimValidators(claim=self)
 
 
 EmailVerificationClaim = EmailVerificationClaimClass()
@@ -477,14 +470,13 @@ def __init__(
         claim: EmailVerificationClaimClass,
         ev_claim_validators: EmailVerificationClaimValidators,
         refetch_time_on_false_in_seconds: int,
-        max_age_in_seconds: int,
+        max_age_in_seconds: Optional[int],
     ):
         super().__init__(id_)
         self.claim: EmailVerificationClaimClass = claim
         self.ev_claim_validators = ev_claim_validators
         self.refetch_time_on_false_in_ms = refetch_time_on_false_in_seconds * 1000
         self.max_age_in_sec = max_age_in_seconds
-        self.max_age_in_ms = max_age_in_seconds * 1000
 
     async def validate(
         self, payload: JSONObject, user_context: Dict[str, Any]
@@ -500,13 +492,16 @@ def should_refetch(
         if value is None:
             return True
 
+        current_time = get_timestamp_ms()
         last_refetch_time = self.claim.get_last_refetch_time(payload, user_context)
         assert last_refetch_time is not None
 
-        return (last_refetch_time < get_timestamp_ms() - self.max_age_in_ms) or (
-            value is False
-            and (
-                last_refetch_time
-                < (get_timestamp_ms() - self.refetch_time_on_false_in_ms)
-            )
-        )
+        if self.max_age_in_sec is not None:
+            if last_refetch_time < current_time - self.max_age_in_sec * 1000:
+                return True
+
+        if value is False:
+            if last_refetch_time < current_time - self.refetch_time_on_false_in_ms:
+                return True
+
+        return False

tests/emailverification/test_emailverification_claim.py

@@ -0,0 +1,96 @@
+# Copyright (c) 2024, VRAI Labs and/or its affiliates. All rights reserved.
+#
+# This software is licensed under the Apache License, Version 2.0 (the
+# "License") as published by the Apache Software Foundation.
+#
+# You may not use this file except in compliance with the License. You may
+# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from supertokens_python.recipe.emailverification import EmailVerificationClaim
+import time
+
+
+def test_claim_value_should_be_fetched_if_it_is_None():
+    validator = EmailVerificationClaim.validators.is_verified()
+
+    should_refetch_none = validator.should_refetch({}, {})
+    assert should_refetch_none == True
+
+
+def test_claim_value_should_be_fetched_as_per_max_age_if_provided():
+    validator = EmailVerificationClaim.validators.is_verified(10, 200)
+
+    payload = {
+        "st-ev": {
+            "v": True,
+            "t": int(time.time() * 1000) - 199 * 1000,
+        }
+    }
+
+    should_refetch_valid = validator.should_refetch(payload, {})
+    assert should_refetch_valid == False
+
+    payload = {
+        "st-ev": {
+            "v": True,
+            "t": int(time.time() * 1000) - 201 * 1000,
+        }
+    }
+
+    should_refetch_expired = validator.should_refetch(payload, {})
+    assert should_refetch_expired == True
+
+
+def test_claim_value_should_be_fetched_as_per_refetch_time_on_false_if_provided():
+    validator = EmailVerificationClaim.validators.is_verified(8)
+
+    payload = {
+        "st-ev": {
+            "v": False,
+            "t": int(time.time() * 1000) - 7 * 1000,
+        }
+    }
+
+    should_refetch_valid = validator.should_refetch(payload, {})
+    assert should_refetch_valid == False
+
+    payload = {
+        "st-ev": {
+            "v": False,
+            "t": int(time.time() * 1000) - 9 * 1000,
+        }
+    }
+
+    should_refetch_expired = validator.should_refetch(payload, {})
+    assert should_refetch_expired == True
+
+
+def test_claim_value_should_be_fetched_as_per_default_refetch_time_on_false_if_not_provided():
+    validator = EmailVerificationClaim.validators.is_verified()
+
+    # NOTE: the default value of refetchTimeOnFalseInSeconds is 10 seconds
+    payload = {
+        "st-ev": {
+            "v": False,
+            "t": int(time.time() * 1000) - 9 * 1000,
+        }
+    }
+
+    should_refetch_valid = validator.should_refetch(payload, {})
+    assert should_refetch_valid == False
+
+    payload = {
+        "st-ev": {
+            "v": False,
+            "t": int(time.time() * 1000) - 11 * 1000,
+        }
+    }
+
+    should_refetch_expired = validator.should_refetch(payload, {})
+    assert should_refetch_expired == True