optional password validation in update_email_or_password

Author: iresharma

supertokens_python/recipe/emailpassword/asyncio/__init__.py

@@ -23,11 +23,12 @@ async def update_email_or_password(
     email: Union[str, None] = None,
     password: Union[str, None] = None,
     user_context: Union[None, Dict[str, Any]] = None,
+    apply_password_policy: Union[bool, None] = None,
 ):
     if user_context is None:
         user_context = {}
     return await EmailPasswordRecipe.get_instance().recipe_implementation.update_email_or_password(
-        user_id, email, password, user_context
+        user_id, email, password, user_context, apply_password_policy
     )
 
 

supertokens_python/recipe/emailpassword/interfaces.py

@@ -78,6 +78,13 @@ class UpdateEmailOrPasswordUnknownUserIdError:
     pass
 
 
+class UpdateEmailOrPasswordPasswordPolicyViolationError:
+    failure_reason: str
+
+    def __init__(self, failure_reason: str):
+        self.failure_reason = failure_reason
+
+
 class RecipeInterface(ABC):
     def __init__(self):
         pass
@@ -127,10 +134,12 @@ async def update_email_or_password(
         email: Union[str, None],
         password: Union[str, None],
         user_context: Dict[str, Any],
+        apply_password_policy: Union[bool, None],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         pass
 

supertokens_python/recipe/emailpassword/recipe.py

@@ -64,6 +64,7 @@
     InputResetPasswordUsingTokenFeature,
     InputSignUpFeature,
     validate_and_normalise_user_input,
+    EmailPasswordConfig,
 )
 
 
@@ -92,7 +93,13 @@ def __init__(
             override,
             email_delivery,
         )
-        recipe_implementation = RecipeImplementation(Querier.get_instance(recipe_id))
+
+        def get_emailpassword_config() -> EmailPasswordConfig:
+            return self.config
+
+        recipe_implementation = RecipeImplementation(
+            Querier.get_instance(recipe_id), get_emailpassword_config
+        )
         self.recipe_implementation = (
             recipe_implementation
             if self.config.override.functions is None

supertokens_python/recipe/emailpassword/recipe_implementation.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any, Dict, Union
+from typing import TYPE_CHECKING, Any, Dict, Union, Callable
 
 from supertokens_python.normalised_url_path import NormalisedURLPath
 
@@ -30,17 +30,25 @@
     UpdateEmailOrPasswordEmailAlreadyExistsError,
     UpdateEmailOrPasswordOkResult,
     UpdateEmailOrPasswordUnknownUserIdError,
+    UpdateEmailOrPasswordPasswordPolicyViolationError,
 )
 from .types import User
+from .utils import EmailPasswordConfig
+from .constants import FORM_FIELD_PASSWORD_ID
 
 if TYPE_CHECKING:
     from supertokens_python.querier import Querier
 
 
 class RecipeImplementation(RecipeInterface):
-    def __init__(self, querier: Querier):
+    def __init__(
+        self,
+        querier: Querier,
+        get_emailpassword_config: Callable[[], EmailPasswordConfig],
+    ):
         super().__init__()
         self.querier = querier
+        self.get_emailpassword_config = get_emailpassword_config
 
     async def get_user_by_id(
         self, user_id: str, user_context: Dict[str, Any]
@@ -139,15 +147,28 @@ async def update_email_or_password(
         email: Union[str, None],
         password: Union[str, None],
         user_context: Dict[str, Any],
+        apply_password_policy: Union[bool, None],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         data = {"userId": user_id}
         if email is not None:
             data = {"email": email, **data}
         if password is not None:
+            if apply_password_policy is None or apply_password_policy:
+                form_fields = (
+                    self.get_emailpassword_config().sign_up_feature.form_fields
+                )
+                if form_fields is not None:
+                    password_field = list(
+                        filter(lambda x: x.id == FORM_FIELD_PASSWORD_ID, form_fields)
+                    )[0]
+                    error = await password_field.validate(password)
+                    if error is not None:
+                        return UpdateEmailOrPasswordPasswordPolicyViolationError(error)
             data = {"password": password, **data}
         response = await self.querier.send_put_request(
             NormalisedURLPath("/recipe/user"), data

supertokens_python/recipe/emailpassword/syncio/__init__.py

@@ -24,10 +24,15 @@ def update_email_or_password(
     email: Union[str, None] = None,
     password: Union[str, None] = None,
     user_context: Union[None, Dict[str, Any]] = None,
+    apply_password_policy: Union[bool, None] = None,
 ):
     from supertokens_python.recipe.emailpassword.asyncio import update_email_or_password
 
-    return sync(update_email_or_password(user_id, email, password, user_context))
+    return sync(
+        update_email_or_password(
+            user_id, email, password, user_context, apply_password_policy
+        )
+    )
 
 
 def get_user_by_id(

supertokens_python/recipe/thirdpartyemailpassword/asyncio/__init__.py

@@ -101,11 +101,12 @@ async def update_email_or_password(
     email: Union[None, str] = None,
     password: Union[None, str] = None,
     user_context: Union[None, Dict[str, Any]] = None,
+    apply_password_policy: Union[bool, None] = None,
 ):
     if user_context is None:
         user_context = {}
     return await ThirdPartyEmailPasswordRecipe.get_instance().recipe_implementation.update_email_or_password(
-        user_id, email, password, user_context
+        user_id, email, password, user_context, apply_password_policy
     )
 
 

supertokens_python/recipe/thirdpartyemailpassword/interfaces.py

@@ -43,6 +43,9 @@
 UpdateEmailOrPasswordUnknownUserIdError = (
     EPInterfaces.UpdateEmailOrPasswordUnknownUserIdError
 )
+UpdateEmailOrPasswordPasswordPolicyViolationError = (
+    EPInterfaces.UpdateEmailOrPasswordPasswordPolicyViolationError
+)
 
 AuthorisationUrlGetOkResult = ThirdPartyInterfaces.AuthorisationUrlGetOkResult
 ThirdPartySignInUpPostNoEmailGivenByProviderResponse = (
@@ -134,10 +137,12 @@ async def update_email_or_password(
         email: Union[str, None],
         password: Union[str, None],
         user_context: Dict[str, Any],
+        apply_password_policy: Union[bool, None],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         pass
 

supertokens_python/recipe/thirdpartyemailpassword/recipe.py

@@ -66,6 +66,7 @@
 
 from ..emailpassword.interfaces import APIInterface as EmailPasswordAPIInterface
 from ..emailpassword.interfaces import RecipeInterface as EmailPasswordRecipeInterface
+from ..emailpassword.utils import EmailPasswordConfig
 from ..thirdparty.interfaces import APIInterface as ThirdPartyAPIInterface
 from ..thirdparty.interfaces import RecipeInterface as ThirdPartyRecipeInterface
 from .exceptions import SupertokensThirdPartyEmailPasswordError
@@ -103,9 +104,13 @@ def __init__(
             email_delivery,
         )
 
+        def get_emailpassword_config() -> EmailPasswordConfig:
+            return self.email_password_recipe.config
+
         recipe_implementation = RecipeImplementation(
             Querier.get_instance(EmailPasswordRecipe.recipe_id),
             Querier.get_instance(ThirdPartyRecipe.recipe_id),
+            get_emailpassword_config,
         )
         self.recipe_implementation: RecipeInterface = (
             recipe_implementation
@@ -120,7 +125,7 @@ def __init__(
         )
 
         ep_recipe_implementation = EmailPasswordRecipeImplementation(
-            self.recipe_implementation
+            self.recipe_implementation, get_emailpassword_config
         )
 
         email_delivery_ingredient = ingredients.email_delivery

supertokens_python/recipe/thirdpartyemailpassword/recipeimplementation/email_password_recipe_implementation.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import Any, Dict, Union
+from typing import Any, Dict, Union, Callable
 
 from supertokens_python.recipe.emailpassword.interfaces import (
     CreateResetPasswordOkResult,
@@ -28,8 +28,10 @@
     UpdateEmailOrPasswordEmailAlreadyExistsError,
     UpdateEmailOrPasswordOkResult,
     UpdateEmailOrPasswordUnknownUserIdError,
+    UpdateEmailOrPasswordPasswordPolicyViolationError,
 )
 from supertokens_python.recipe.emailpassword.types import User
+from supertokens_python.recipe.emailpassword.utils import EmailPasswordConfig
 
 from ..interfaces import (
     RecipeInterface as ThirdPartyEmailPasswordRecipeInterface,
@@ -39,9 +41,14 @@
 
 
 class RecipeImplementation(RecipeInterface):
-    def __init__(self, recipe_implementation: ThirdPartyEmailPasswordRecipeInterface):
+    def __init__(
+        self,
+        recipe_implementation: ThirdPartyEmailPasswordRecipeInterface,
+        get_emailpassword_config: Callable[[], EmailPasswordConfig],
+    ):
         super().__init__()
         self.recipe_implementation = recipe_implementation
+        self.get_emailpassword_config = get_emailpassword_config
 
     async def get_user_by_id(
         self, user_id: str, user_context: Dict[str, Any]
@@ -114,11 +121,13 @@ async def update_email_or_password(
         email: Union[str, None],
         password: Union[str, None],
         user_context: Dict[str, Any],
+        apply_password_policy: Union[bool, None],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         return await self.recipe_implementation.update_email_or_password(
-            user_id, email, password, user_context
+            user_id, email, password, user_context, apply_password_policy
         )

supertokens_python/recipe/thirdpartyemailpassword/recipeimplementation/implementation.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any, Dict, List, Union
+from typing import TYPE_CHECKING, Any, Dict, List, Union, Callable
 
 import supertokens_python.recipe.emailpassword.interfaces as EPInterfaces
 
@@ -41,6 +41,7 @@
     UpdateEmailOrPasswordEmailAlreadyExistsError,
     UpdateEmailOrPasswordOkResult,
     UpdateEmailOrPasswordUnknownUserIdError,
+    UpdateEmailOrPasswordPasswordPolicyViolationError,
 )
 from ..types import User
 from .email_password_recipe_implementation import (
@@ -49,15 +50,19 @@
 from .third_party_recipe_implementation import (
     RecipeImplementation as DerivedThirdPartyImplementation,
 )
+from supertokens_python.recipe.emailpassword.utils import EmailPasswordConfig
 
 
 class RecipeImplementation(RecipeInterface):
     def __init__(
-        self, emailpassword_querier: Querier, thirdparty_querier: Union[Querier, None]
+        self,
+        emailpassword_querier: Querier,
+        thirdparty_querier: Union[Querier, None],
+        get_emailpassword_config: Callable[[], EmailPasswordConfig],
     ):
         super().__init__()
         emailpassword_implementation = EmailPasswordImplementation(
-            emailpassword_querier
+            emailpassword_querier, get_emailpassword_config
         )
 
         self.ep_get_user_by_id = emailpassword_implementation.get_user_by_id
@@ -74,7 +79,7 @@ def __init__(
             emailpassword_implementation.update_email_or_password
         )
 
-        derived_ep = DerivedEmailPasswordImplementation(self)
+        derived_ep = DerivedEmailPasswordImplementation(self, get_emailpassword_config)
         emailpassword_implementation.create_reset_password_token = (
             derived_ep.create_reset_password_token
         )
@@ -263,10 +268,12 @@ async def update_email_or_password(
         email: Union[None, str],
         password: Union[None, str],
         user_context: Dict[str, Any],
+        apply_password_policy: Union[bool, None],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         user = await self.get_user_by_id(user_id, user_context)
         if user is None:
@@ -276,5 +283,5 @@ async def update_email_or_password(
                 "Cannot update email or password of a user who signed up using third party login."
             )
         return await self.ep_update_email_or_password(
-            user_id, email, password, user_context
+            user_id, email, password, user_context, apply_password_policy
         )

supertokens_python/recipe/thirdpartyemailpassword/syncio/__init__.py

@@ -105,12 +105,17 @@ def update_email_or_password(
     email: Union[None, str] = None,
     password: Union[None, str] = None,
     user_context: Union[None, Dict[str, Any]] = None,
+    apply_password_policy: Union[bool, None] = None,
 ):
     from supertokens_python.recipe.thirdpartyemailpassword.asyncio import (
         update_email_or_password,
     )
 
-    return sync(update_email_or_password(user_id, email, password, user_context))
+    return sync(
+        update_email_or_password(
+            user_id, email, password, user_context, apply_password_policy
+        )
+    )
 
 
 def get_users_by_email(