Skip to content

Commit

Permalink
fix: custom SMS does not work with Twilio Verify (#1733)
Browse files Browse the repository at this point in the history
Custom SMS verification did not work if Twilio Verify was enabled.
Furthermore, test OTP flow was misplaced.
  • Loading branch information
hf authored Aug 21, 2024
1 parent a9ff361 commit dc2391d
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions internal/api/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,12 @@ func (a *API) verifyUserAndToken(conn *storage.Connection, params *VerifyParams,
isValid = isOtpValid(tokenHash, user.EmailChangeTokenCurrent, user.EmailChangeSentAt, config.Mailer.OtpExp) ||
isOtpValid(tokenHash, user.EmailChangeTokenNew, user.EmailChangeSentAt, config.Mailer.OtpExp)
case phoneChangeVerification, smsVerification:
if testOTP, ok := config.Sms.GetTestOTP(params.Phone, time.Now()); ok {
if params.Token == testOTP {
return user, nil
}
}

phone := params.Phone
sentAt := user.ConfirmationSentAt
expectedToken := user.ConfirmationToken
Expand All @@ -696,12 +702,8 @@ func (a *API) verifyUserAndToken(conn *storage.Connection, params *VerifyParams,
sentAt = user.PhoneChangeSentAt
expectedToken = user.PhoneChangeToken
}
if config.Sms.IsTwilioVerifyProvider() {
if testOTP, ok := config.Sms.GetTestOTP(params.Phone, time.Now()); ok {
if params.Token == testOTP {
return user, nil
}
}

if !config.Hook.SendSMS.Enabled && config.Sms.IsTwilioVerifyProvider() {
if err := smsProvider.(*sms_provider.TwilioVerifyProvider).VerifyOTP(phone, params.Token); err != nil {
return nil, forbiddenError(ErrorCodeOTPExpired, "Token has expired or is invalid").WithInternalError(err)
}
Expand Down

0 comments on commit dc2391d

Please sign in to comment.