Merge pull request #319 from supertokens/passwordPolicyOnUpgrade

feat: optional password validation in update_email_or_password

Author: rishabhpoddar

CHANGELOG.md

@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## unreleased
 
+## [0.13.0] - 2023-05-03
+
+- added optional password policy check in `update_email_or_password`
 
 ## [0.12.9] - 2023-04-28
 

setup.py

@@ -70,7 +70,7 @@
 
 setup(
     name="supertokens_python",
-    version="0.12.9",
+    version="0.13.0",
     author="SuperTokens",
     license="Apache 2.0",
     author_email="[email protected]",

supertokens_python/constants.py

@@ -25,7 +25,7 @@
     "2.19",
     "2.20",
 ]
-VERSION = "0.12.9"
+VERSION = "0.13.0"
 TELEMETRY = "/telemetry"
 USER_COUNT = "/users/count"
 USER_DELETE = "/user/remove"

supertokens_python/recipe/emailpassword/asyncio/__init__.py

@@ -22,12 +22,13 @@ async def update_email_or_password(
     user_id: str,
     email: Union[str, None] = None,
     password: Union[str, None] = None,
+    apply_password_policy: Union[bool, None] = None,
     user_context: Union[None, Dict[str, Any]] = None,
 ):
     if user_context is None:
         user_context = {}
     return await EmailPasswordRecipe.get_instance().recipe_implementation.update_email_or_password(
-        user_id, email, password, user_context
+        user_id, email, password, apply_password_policy, user_context
     )
 
 

supertokens_python/recipe/emailpassword/interfaces.py

@@ -78,6 +78,13 @@ class UpdateEmailOrPasswordUnknownUserIdError:
     pass
 
 
+class UpdateEmailOrPasswordPasswordPolicyViolationError:
+    failure_reason: str
+
+    def __init__(self, failure_reason: str):
+        self.failure_reason = failure_reason
+
+
 class RecipeInterface(ABC):
     def __init__(self):
         pass
@@ -126,11 +133,13 @@ async def update_email_or_password(
         user_id: str,
         email: Union[str, None],
         password: Union[str, None],
+        apply_password_policy: Union[bool, None],
         user_context: Dict[str, Any],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         pass
 

supertokens_python/recipe/emailpassword/recipe.py

@@ -64,6 +64,7 @@
     InputResetPasswordUsingTokenFeature,
     InputSignUpFeature,
     validate_and_normalise_user_input,
+    EmailPasswordConfig,
 )
 
 
@@ -92,7 +93,13 @@ def __init__(
             override,
             email_delivery,
         )
-        recipe_implementation = RecipeImplementation(Querier.get_instance(recipe_id))
+
+        def get_emailpassword_config() -> EmailPasswordConfig:
+            return self.config
+
+        recipe_implementation = RecipeImplementation(
+            Querier.get_instance(recipe_id), get_emailpassword_config
+        )
         self.recipe_implementation = (
             recipe_implementation
             if self.config.override.functions is None

supertokens_python/recipe/emailpassword/recipe_implementation.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any, Dict, Union
+from typing import TYPE_CHECKING, Any, Dict, Union, Callable
 
 from supertokens_python.normalised_url_path import NormalisedURLPath
 
@@ -30,17 +30,25 @@
     UpdateEmailOrPasswordEmailAlreadyExistsError,
     UpdateEmailOrPasswordOkResult,
     UpdateEmailOrPasswordUnknownUserIdError,
+    UpdateEmailOrPasswordPasswordPolicyViolationError,
 )
 from .types import User
+from .utils import EmailPasswordConfig
+from .constants import FORM_FIELD_PASSWORD_ID
 
 if TYPE_CHECKING:
     from supertokens_python.querier import Querier
 
 
 class RecipeImplementation(RecipeInterface):
-    def __init__(self, querier: Querier):
+    def __init__(
+        self,
+        querier: Querier,
+        get_emailpassword_config: Callable[[], EmailPasswordConfig],
+    ):
         super().__init__()
         self.querier = querier
+        self.get_emailpassword_config = get_emailpassword_config
 
     async def get_user_by_id(
         self, user_id: str, user_context: Dict[str, Any]
@@ -138,16 +146,28 @@ async def update_email_or_password(
         user_id: str,
         email: Union[str, None],
         password: Union[str, None],
+        apply_password_policy: Union[bool, None],
         user_context: Dict[str, Any],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         data = {"userId": user_id}
         if email is not None:
             data = {"email": email, **data}
         if password is not None:
+            if apply_password_policy is None or apply_password_policy:
+                form_fields = (
+                    self.get_emailpassword_config().sign_up_feature.form_fields
+                )
+                password_field = list(
+                    filter(lambda x: x.id == FORM_FIELD_PASSWORD_ID, form_fields)
+                )[0]
+                error = await password_field.validate(password)
+                if error is not None:
+                    return UpdateEmailOrPasswordPasswordPolicyViolationError(error)
             data = {"password": password, **data}
         response = await self.querier.send_put_request(
             NormalisedURLPath("/recipe/user"), data

supertokens_python/recipe/emailpassword/syncio/__init__.py

@@ -23,11 +23,16 @@ def update_email_or_password(
     user_id: str,
     email: Union[str, None] = None,
     password: Union[str, None] = None,
+    apply_password_policy: Union[bool, None] = None,
     user_context: Union[None, Dict[str, Any]] = None,
 ):
     from supertokens_python.recipe.emailpassword.asyncio import update_email_or_password
 
-    return sync(update_email_or_password(user_id, email, password, user_context))
+    return sync(
+        update_email_or_password(
+            user_id, email, password, apply_password_policy, user_context
+        )
+    )
 
 
 def get_user_by_id(

supertokens_python/recipe/thirdpartyemailpassword/asyncio/__init__.py

@@ -100,12 +100,13 @@ async def update_email_or_password(
     user_id: str,
     email: Union[None, str] = None,
     password: Union[None, str] = None,
+    apply_password_policy: Union[bool, None] = None,
     user_context: Union[None, Dict[str, Any]] = None,
 ):
     if user_context is None:
         user_context = {}
     return await ThirdPartyEmailPasswordRecipe.get_instance().recipe_implementation.update_email_or_password(
-        user_id, email, password, user_context
+        user_id, email, password, apply_password_policy, user_context
     )
 
 

supertokens_python/recipe/thirdpartyemailpassword/interfaces.py

@@ -43,6 +43,9 @@
 UpdateEmailOrPasswordUnknownUserIdError = (
     EPInterfaces.UpdateEmailOrPasswordUnknownUserIdError
 )
+UpdateEmailOrPasswordPasswordPolicyViolationError = (
+    EPInterfaces.UpdateEmailOrPasswordPasswordPolicyViolationError
+)
 
 AuthorisationUrlGetOkResult = ThirdPartyInterfaces.AuthorisationUrlGetOkResult
 ThirdPartySignInUpPostNoEmailGivenByProviderResponse = (
@@ -133,11 +136,13 @@ async def update_email_or_password(
         user_id: str,
         email: Union[str, None],
         password: Union[str, None],
+        apply_password_policy: Union[bool, None],
         user_context: Dict[str, Any],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         pass
 

supertokens_python/recipe/thirdpartyemailpassword/recipe.py

@@ -66,6 +66,7 @@
 
 from ..emailpassword.interfaces import APIInterface as EmailPasswordAPIInterface
 from ..emailpassword.interfaces import RecipeInterface as EmailPasswordRecipeInterface
+from ..emailpassword.utils import EmailPasswordConfig
 from ..thirdparty.interfaces import APIInterface as ThirdPartyAPIInterface
 from ..thirdparty.interfaces import RecipeInterface as ThirdPartyRecipeInterface
 from .exceptions import SupertokensThirdPartyEmailPasswordError
@@ -103,9 +104,13 @@ def __init__(
             email_delivery,
         )
 
+        def get_emailpassword_config() -> EmailPasswordConfig:
+            return self.email_password_recipe.config
+
         recipe_implementation = RecipeImplementation(
             Querier.get_instance(EmailPasswordRecipe.recipe_id),
             Querier.get_instance(ThirdPartyRecipe.recipe_id),
+            get_emailpassword_config,
         )
         self.recipe_implementation: RecipeInterface = (
             recipe_implementation

supertokens_python/recipe/thirdpartyemailpassword/recipeimplementation/email_password_recipe_implementation.py

@@ -28,6 +28,7 @@
     UpdateEmailOrPasswordEmailAlreadyExistsError,
     UpdateEmailOrPasswordOkResult,
     UpdateEmailOrPasswordUnknownUserIdError,
+    UpdateEmailOrPasswordPasswordPolicyViolationError,
 )
 from supertokens_python.recipe.emailpassword.types import User
 
@@ -39,7 +40,10 @@
 
 
 class RecipeImplementation(RecipeInterface):
-    def __init__(self, recipe_implementation: ThirdPartyEmailPasswordRecipeInterface):
+    def __init__(
+        self,
+        recipe_implementation: ThirdPartyEmailPasswordRecipeInterface,
+    ):
         super().__init__()
         self.recipe_implementation = recipe_implementation
 
@@ -113,12 +117,14 @@ async def update_email_or_password(
         user_id: str,
         email: Union[str, None],
         password: Union[str, None],
+        apply_password_policy: Union[bool, None],
         user_context: Dict[str, Any],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         return await self.recipe_implementation.update_email_or_password(
-            user_id, email, password, user_context
+            user_id, email, password, apply_password_policy, user_context
         )

supertokens_python/recipe/thirdpartyemailpassword/recipeimplementation/implementation.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any, Dict, List, Union
+from typing import TYPE_CHECKING, Any, Dict, List, Union, Callable
 
 import supertokens_python.recipe.emailpassword.interfaces as EPInterfaces
 
@@ -41,6 +41,7 @@
     UpdateEmailOrPasswordEmailAlreadyExistsError,
     UpdateEmailOrPasswordOkResult,
     UpdateEmailOrPasswordUnknownUserIdError,
+    UpdateEmailOrPasswordPasswordPolicyViolationError,
 )
 from ..types import User
 from .email_password_recipe_implementation import (
@@ -49,15 +50,19 @@
 from .third_party_recipe_implementation import (
     RecipeImplementation as DerivedThirdPartyImplementation,
 )
+from supertokens_python.recipe.emailpassword.utils import EmailPasswordConfig
 
 
 class RecipeImplementation(RecipeInterface):
     def __init__(
-        self, emailpassword_querier: Querier, thirdparty_querier: Union[Querier, None]
+        self,
+        emailpassword_querier: Querier,
+        thirdparty_querier: Union[Querier, None],
+        get_emailpassword_config: Callable[[], EmailPasswordConfig],
     ):
         super().__init__()
         emailpassword_implementation = EmailPasswordImplementation(
-            emailpassword_querier
+            emailpassword_querier, get_emailpassword_config
         )
 
         self.ep_get_user_by_id = emailpassword_implementation.get_user_by_id
@@ -262,11 +267,13 @@ async def update_email_or_password(
         user_id: str,
         email: Union[None, str],
         password: Union[None, str],
+        apply_password_policy: Union[bool, None],
         user_context: Dict[str, Any],
     ) -> Union[
         UpdateEmailOrPasswordOkResult,
         UpdateEmailOrPasswordEmailAlreadyExistsError,
         UpdateEmailOrPasswordUnknownUserIdError,
+        UpdateEmailOrPasswordPasswordPolicyViolationError,
     ]:
         user = await self.get_user_by_id(user_id, user_context)
         if user is None:
@@ -276,5 +283,5 @@ async def update_email_or_password(
                 "Cannot update email or password of a user who signed up using third party login."
             )
         return await self.ep_update_email_or_password(
-            user_id, email, password, user_context
+            user_id, email, password, apply_password_policy, user_context
         )

supertokens_python/recipe/thirdpartyemailpassword/syncio/__init__.py

@@ -104,13 +104,18 @@ def update_email_or_password(
     user_id: str,
     email: Union[None, str] = None,
     password: Union[None, str] = None,
+    apply_password_policy: Union[bool, None] = None,
     user_context: Union[None, Dict[str, Any]] = None,
 ):
     from supertokens_python.recipe.thirdpartyemailpassword.asyncio import (
         update_email_or_password,
     )
 
-    return sync(update_email_or_password(user_id, email, password, user_context))
+    return sync(
+        update_email_or_password(
+            user_id, email, password, apply_password_policy, user_context
+        )
+    )
 
 
 def get_users_by_email(