verifyAccountCreation static method

Future<({String email, UuidValue emailAccountRequestId})> verifyAccountCreation(
  1. Session session, {
  2. required UuidValue accountRequestId,
  3. required String verificationCode,
  4. Transaction? transaction,
})

Checks whether the verification code matches the pending account creation request.

If this returns successfully, this means completeAccountCreation can be called.

Throws an EmailAccountRequestNotFoundException in case the accountRequestId does not point to an existing request. Throws an EmailAccountRequestExpiredException in case the request's validation window has elapsed. Throws an EmailAccountRequestTooManyAttemptsException in case too many attempts have been made at finishing the same account request. Throws an EmailAccountRequestUnauthorizedException in case the verificationCode is not valid.

In case of an invalid verificationCode, the failed attempt will be logged to the database outside of the transaction and can not be rolled back.

Implementation

static Future<({UuidValue emailAccountRequestId, String email})>
    verifyAccountCreation(
  final Session session, {
  required final UuidValue accountRequestId,
  required final String verificationCode,
  final Transaction? transaction,
}) async {
  final request = await EmailAccountRequest.db.findById(
    session,
    accountRequestId,
    transaction: transaction,
  );

  if (request == null) {
    throw EmailAccountRequestNotFoundException();
  }

  if (request.isExpired) {
    await EmailAccountRequest.db.deleteRow(
      session,
      request,
      // passing no transaction, so this will not be rolled back
    );

    throw EmailAccountRequestExpiredException();
  }

  if (await _hasTooManyEmailAccountCompletionAttempts(
    session,
    emailAccountRequestId: request.id!,
  )) {
    await EmailAccountRequest.db.deleteRow(
      session,
      request,
      // passing no transaction, so this will not be rolled back
    );

    throw EmailAccountRequestTooManyAttemptsException();
  }

  if (!await EmailAccountSecretHash.validateHash(
    value: verificationCode,
    hash: request.verificationCodeHash.asUint8List,
    salt: request.verificationCodeSalt.asUint8List,
  )) {
    throw EmailAccountRequestUnauthorizedException();
  }

  await EmailAccountRequest.db.updateRow(
    session,
    request.copyWith(verifiedAt: clock.now()),
    transaction: transaction,
  );

  return (emailAccountRequestId: request.id!, email: request.email);
}