feat(core): add hasPassword field to custom JWT user context

logto-io · Jun 24, 2024 · 0423c00 · 0423c00
1 parent a43434c
commit 0423c00
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 8 deletions.
diff --git a/.changeset/sharp-cooks-explain.md b/.changeset/sharp-cooks-explain.md
@@ -0,0 +1,7 @@
+---
+"@logto/console": minor
+"@logto/schemas": minor
+"@logto/core": minor
+---
+
+add `hasPassword` to custom JWT user context
diff --git a/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx b/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx
@@ -182,6 +182,7 @@ export const defaultClientCredentialsPayload: ClientCredentialsPayload = {
 
 const defaultUserContext: Partial<JwtCustomizerUserContext> = {
  id: '123',
+ hasPassword: false,
  username: 'foo',
  primaryEmail: 'foo@logto.io',
  primaryPhone: '+1234567890',

diff --git a/packages/core/src/libraries/jwt-customizer.ts b/packages/core/src/libraries/jwt-customizer.ts
@@ -87,6 +87,7 @@ export class JwtCustomizerLibrary {
  await this.queries.organizations.relations.users.getOrganizationsByUserId(userId);
  const userContext = {
  ...pick(user, ...userInfoSelectFields),
+ hasPassword: Boolean(user.passwordEncrypted),
  ssoIdentities: fullSsoIdentities.map(pickState('issuer', 'identityId', 'detail')),
  mfaVerificationFactors: deduplicate(user.mfaVerifications.map(({ type }) => type)),
  roles: roles.map((role) => {

diff --git a/packages/schemas/src/types/logto-config/jwt-customizer.ts b/packages/schemas/src/types/logto-config/jwt-customizer.ts
@@ -1,10 +1,17 @@
 import { jsonObjectGuard } from '@logto/connector-kit';
-import { z } from 'zod';
+import { type ZodType, z } from 'zod';
 
-import { Organizations, Roles, UserSsoIdentities } from '../../db-entries/index.js';
-import { mfaFactorsGuard } from '../../foundations/index.js';
-import { scopeResponseGuard } from '../scope.js';
-import { userInfoGuard } from '../user.js';
+import {
+ Organizations,
+ type Organization,
+ type Role,
+ Roles,
+ UserSsoIdentities,
+ type UserSsoIdentity,
+} from '../../db-entries/index.js';
+import { mfaFactorsGuard, type MfaFactors } from '../../foundations/index.js';
+import { scopeResponseGuard, type ScopeResponse } from '../scope.js';
+import { userInfoGuard, type UserInfo } from '../user.js';
 
 import { accessTokenPayloadGuard, clientCredentialsPayloadGuard } from './oidc-provider.js';
 
@@ -19,7 +26,25 @@ export enum LogtoJwtTokenKeyType {
  ClientCredentials = 'client-credentials',
 }
 
+export type JwtCustomizerUserContext = UserInfo & {
+ hasPassword: boolean;
+ ssoIdentities: Array<Pick<UserSsoIdentity, 'issuer' | 'identityId' | 'detail'>>;
+ mfaVerificationFactors: MfaFactors;
+ roles: Array<
+ Pick<Role, 'id' | 'name' | 'description'> & {
+ scopes: Array<Pick<ScopeResponse, 'id' | 'name' | 'description' | 'resourceId' | 'resource'>>;
+ }
+ >;
+ organizations: Array<Pick<Organization, 'id' | 'name' | 'description'>>;
+ organizationRoles: Array<{
+ organizationId: string;
+ roleId: string;
+ roleName: string;
+ }>;
+};
+
 export const jwtCustomizerUserContextGuard = userInfoGuard.extend({
+ hasPassword: z.boolean(),
  ssoIdentities: UserSsoIdentities.guard
  .pick({ issuer: true, identityId: true, detail: true })
  .array(),
@@ -40,9 +65,7 @@ export const jwtCustomizerUserContextGuard = userInfoGuard.extend({
  roleName: z.string(),
  })
  .array(),
-});
-
-export type JwtCustomizerUserContext = z.infer<typeof jwtCustomizerUserContextGuard>;
+}) satisfies ZodType<JwtCustomizerUserContext>;
 
 export const accessTokenJwtCustomizerGuard = jwtCustomizerGuard
  .extend({