hashintel · thehabbos007 · Dec 13, 2022 · Dec 9, 2022 · Dec 12, 2022 · Dec 12, 2022
diff --git a/packages/hash/api/src/auth/index.ts b/packages/hash/api/src/auth/index.ts
@@ -118,8 +118,10 @@ const setupAuth = (params: {
  if (err.response && err.response.status === 403) {
  /** @todo: figure out if this should be handled here, or in the next.js app (when implementing 2FA) */
  }
- logger.error(
- `Could not fetch session, got error: [${err.response?.status}] ${err.response?.data}`,
+ logger.debug(
+ `Kratos response error: Could not fetch session, got: [${
+ err.response?.status
+ }] ${JSON.stringify(err.response?.data)}`,
  );
  return undefined;
  });

diff --git a/packages/hash/external-services/kratos/Dockerfile b/packages/hash/external-services/kratos/Dockerfile
@@ -15,6 +15,7 @@ ENV API_SECRET=$API_SECRET
 RUN mkdir -p /etc/config/kratos && \
  mkdir -p /home/ory/.postgresql
 
+COPY ./templates /etc/config/kratos/templates
 COPY ./hooks /etc/config/kratos/hooks
 COPY ./identity.schema.json /etc/config/kratos/
 COPY kratos.$ENV.yml /etc/config/kratos/kratos.$ENV.yml

diff --git a/packages/hash/external-services/kratos/kratos.dev.yml b/packages/hash/external-services/kratos/kratos.dev.yml
@@ -23,6 +23,18 @@ selfservice:
  password:
  enabled: true
 
+ link:
+ config:
+ # The URL for verification emails are set through the link method
+ # but we're using the code method, so we disable this method for usage.
+ enabled: false
+ # Set through SELFSERVICE_METHODS_LINK_CONFIG_BASE_URL
+ base_url: http://localhost:3000/api/ory
+ code:
+ config:
+ # and make sure to enable the code method.
+ enabled: true
+
  flows:
  error:
  ui_url: http://localhost:3000/error
@@ -59,6 +71,13 @@ selfservice:
  in: header
  - hook: session
 
+ verification:
+ use: code
+ lifespan: 48h
+ # Set though SELFSERVICE_FLOWS_VERIFICATION_UI_URL
+ ui_url: http://localhost:3000/verification
+ enabled: true
+
 log:
  level: debug
  format: text
@@ -78,3 +97,9 @@ identity:
  schemas:
  - id: default
  url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+ template_override_path: /etc/config/kratos/templates
+ smtp:
+ # Set through COURIER_SMTP_CONNECTION_URI
+ connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
diff --git a/packages/hash/external-services/kratos/kratos.prod.yml b/packages/hash/external-services/kratos/kratos.prod.yml
@@ -23,6 +23,19 @@ selfservice:
  password:
  enabled: true
 
+ # Email sending diabled in production for now
+ # link:
+ # config:
+ # # The URL for verification emails are set through the link method
+ # # but we're using the code method, so we disable this method for usage.
+ # enabled: false
+ # # Set through SELFSERVICE_METHODS_LINK_CONFIG_BASE_URL
+ # base_url: http://localhost:3000/api/ory
+ # code:
+ # config:
+ # # and make sure to enable the code method.
+ # enabled: true
+
  flows:
  error:
  ui_url: http://localhost:3000/error
@@ -59,6 +72,14 @@ selfservice:
  in: header
  - hook: session
 
+ # Email sending diabled in production for now
+ # verification:
+ # use: code
+ # lifespan: 48h
+ # # Set though SELFSERVICE_FLOWS_VERIFICATION_UI_URL
+ # ui_url: http://localhost:3000/verification
+ # enabled: true
+
 log:
  level: info
  format: json
@@ -78,3 +99,9 @@ identity:
  schemas:
  - id: default
  url: file:///etc/config/kratos/identity.schema.json
+# Email sending diabled in production for now
+# courier:
+# template_override_path: /etc/config/kratos/templates
+# smtp:
+# # Set through COURIER_SMTP_CONNECTION_URI
+# connection_uri: set-through-env-arg-COURIER_SMTP_CONNECTION_URI
diff --git a/packages/hash/external-services/kratos/templates/otp/sms.body.gotmpl b/packages/hash/external-services/kratos/templates/otp/sms.body.gotmpl
@@ -0,0 +1 @@
+Your verification code is: {{ .Code }}
diff --git a/packages/hash/external-services/kratos/templates/recovery/invalid/email.body.gotmpl b/packages/hash/external-services/kratos/templates/recovery/invalid/email.body.gotmpl
@@ -0,0 +1,9 @@
+Hi,
+
+you (or someone else) entered this email address when trying to recover access to an account.
+
+However, this email address is not on our database of registered users and therefore the attempt has failed.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/...ages/hash/external-services/kratos/templates/recovery/invalid/email.body.plaintext.gotmpl b/...ages/hash/external-services/kratos/templates/recovery/invalid/email.body.plaintext.gotmpl
@@ -0,0 +1,9 @@
+Hi,
+
+you (or someone else) entered this email address when trying to recover access to an account.
+
+However, this email address is not on our database of registered users and therefore the attempt has failed.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/packages/hash/external-services/kratos/templates/recovery/invalid/email.subject.gotmpl b/packages/hash/external-services/kratos/templates/recovery/invalid/email.subject.gotmpl
@@ -0,0 +1 @@
+Account access attempted
diff --git a/packages/hash/external-services/kratos/templates/recovery/valid/email.body.gotmpl b/packages/hash/external-services/kratos/templates/recovery/valid/email.body.gotmpl
@@ -0,0 +1,5 @@
+Hi,
+
+please recover access to your account by clicking the following link:
+
+<a href="{{ .RecoveryURL }}">{{ .RecoveryURL }}</a>
diff --git a/packages/hash/external-services/kratos/templates/recovery/valid/email.body.plaintext.gotmpl b/packages/hash/external-services/kratos/templates/recovery/valid/email.body.plaintext.gotmpl
@@ -0,0 +1,5 @@
+Hi,
+
+please recover access to your account by clicking the following link:
+
+{{ .RecoveryURL }}
diff --git a/packages/hash/external-services/kratos/templates/recovery/valid/email.subject.gotmpl b/packages/hash/external-services/kratos/templates/recovery/valid/email.subject.gotmpl
@@ -0,0 +1 @@
+Recover access to your account
diff --git a/packages/hash/external-services/kratos/templates/recovery_code/invalid/email.body.gotmpl b/packages/hash/external-services/kratos/templates/recovery_code/invalid/email.body.gotmpl
@@ -0,0 +1,9 @@
+Hi,
+
+you (or someone else) entered this email address when trying to recover access to an account.
+
+However, this email address is not on our database of registered users and therefore the attempt has failed.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/...hash/external-services/kratos/templates/recovery_code/invalid/email.body.plaintext.gotmpl b/...hash/external-services/kratos/templates/recovery_code/invalid/email.body.plaintext.gotmpl
@@ -0,0 +1,9 @@
+Hi,
+
+you (or someone else) entered this email address when trying to recover access to a HASH account.
+
+However, this email address is not on our database of registered users and therefore the attempt has failed.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/packages/hash/external-services/kratos/templates/recovery_code/invalid/email.subject.gotmpl b/packages/hash/external-services/kratos/templates/recovery_code/invalid/email.subject.gotmpl
@@ -0,0 +1 @@
+Account access attempted
diff --git a/packages/hash/external-services/kratos/templates/recovery_code/valid/email.body.gotmpl b/packages/hash/external-services/kratos/templates/recovery_code/valid/email.body.gotmpl
@@ -0,0 +1,5 @@
+Hi,
+
+please recover access to your account by entering the following code:
+
+{{ .RecoveryCode }}
diff --git a/...s/hash/external-services/kratos/templates/recovery_code/valid/email.body.plaintext.gotmpl b/...s/hash/external-services/kratos/templates/recovery_code/valid/email.body.plaintext.gotmpl
@@ -0,0 +1,5 @@
+Hi,
+
+please recover access to your account by entering the following code:
+
+{{ .RecoveryCode }}
diff --git a/packages/hash/external-services/kratos/templates/recovery_code/valid/email.subject.gotmpl b/packages/hash/external-services/kratos/templates/recovery_code/valid/email.subject.gotmpl
@@ -0,0 +1 @@
+Recover access to your account
diff --git a/packages/hash/external-services/kratos/templates/verification_code/invalid/email.body.gotmpl b/packages/hash/external-services/kratos/templates/verification_code/invalid/email.body.gotmpl
@@ -0,0 +1,7 @@
+Hi,
+
+someone asked to verify this email address, but we were unable to find an account for this address.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/.../external-services/kratos/templates/verification_code/invalid/email.body.plaintext.gotmpl b/.../external-services/kratos/templates/verification_code/invalid/email.body.plaintext.gotmpl
@@ -0,0 +1,7 @@
+Hi,
+
+someone asked to verify this email address, but we were unable to find an account for this address.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/...es/hash/external-services/kratos/templates/verification_code/invalid/email.subject.gotmpl b/...es/hash/external-services/kratos/templates/verification_code/invalid/email.subject.gotmpl
@@ -0,0 +1 @@
+Someone tried to verify this email address
diff --git a/packages/hash/external-services/kratos/templates/verification_code/valid/email.body.gotmpl b/packages/hash/external-services/kratos/templates/verification_code/valid/email.body.gotmpl
@@ -0,0 +1,8 @@
+Hi,
+
+please verify your account by entering the following code:<br />
+{{ .VerificationCode }}<br />
+or clicking the following link:<br />
+<a href="{{ .VerificationURL }}" target="_blank">{{ .VerificationURL }}</a><br />
+
+The link is valid for 48 hours.
diff --git a/...sh/external-services/kratos/templates/verification_code/valid/email.body.plaintext.gotmpl b/...sh/external-services/kratos/templates/verification_code/valid/email.body.plaintext.gotmpl
@@ -0,0 +1,9 @@
+Hi,
+
+please verify your account by entering the following code:
+
+{{ .VerificationCode }}
+
+or clicking the following link:
+
+{{ .VerificationURL }}
diff --git a/...ages/hash/external-services/kratos/templates/verification_code/valid/email.subject.gotmpl b/...ages/hash/external-services/kratos/templates/verification_code/valid/email.subject.gotmpl
@@ -0,0 +1 @@
+Please verify your email address
diff --git a/packages/hash/frontend/src/pages/shared/ory-kratos.ts b/packages/hash/frontend/src/pages/shared/ory-kratos.ts
@@ -11,6 +11,11 @@ import {
  SettingsFlow,
  VerificationFlow,
  UiNodeInputAttributes,
+ UpdateLoginFlowBody,
+ UpdateRegistrationFlowBody,
+ UpdateRecoveryFlowBody,
+ UpdateSettingsFlowBody,
+ UpdateVerificationFlowBody,
 } from "@ory/client";
 import { isUiNodeInputAttributes } from "@ory/integrations/ui";
 import { AxiosError } from "axios";
@@ -54,15 +59,15 @@ export type IdentityTraits = {
 };
 
 type Flows = {
- login: LoginFlow;
- recovery: RecoveryFlow;
- registration: RegistrationFlow;
- settings: SettingsFlow;
- verification: VerificationFlow;
+ login: [LoginFlow, UpdateLoginFlowBody];
+ recovery: [RecoveryFlow, UpdateRecoveryFlowBody];
+ registration: [RegistrationFlow, UpdateRegistrationFlowBody];
+ settings: [SettingsFlow, UpdateSettingsFlowBody];
+ verification: [VerificationFlow, UpdateVerificationFlowBody];
 };
 
 type FlowNames = keyof Flows;
-type FlowValues = Flows[FlowNames];
+type FlowValues = Flows[FlowNames][0];
 
 /**
  * A helper function that creates an error handling function for some common errors
@@ -171,6 +176,19 @@ export const createFlowErrorHandler =
  return Promise.reject(err);
  };
 
+export const gatherUiNodeValuesFromFlow = <T extends FlowNames>(
+ flow: FlowValues,
+): Flows[T][1] =>
+ flow.ui.nodes
+ .map(({ attributes }) => attributes)
+ .filter((attrs): attrs is UiNodeInputAttributes =>
+ isUiNodeInputAttributes(attrs),
+ )
+ .reduce((acc, attributes) => {
+ const { name, value } = attributes;
+ return { ...acc, [name]: value };
+ }, {} as Flows[T][1]);
+
 const maybeGetCsrfTokenFromFlow = (flow: FlowValues) =>
  flow.ui.nodes
  .map(({ attributes }) => attributes)