[WIP] feat: skip field validations on non signup routes

CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+-   Remove form validation on signin and password reset routes in emailpassword recipe
+
 ## [20.0.4] - 2024-08-30
 
 -   Improves thirdParty debug logging to help with debugging issues with JSON parsing.

lib/build/recipe/emailpassword/api/generatePasswordResetToken.js

@@ -27,7 +27,8 @@ async function generatePasswordResetToken(apiImplementation, tenantId, options,
         options.config.resetPasswordUsingTokenFeature.formFieldsForGenerateTokenForm,
         requestBody.formFields,
         tenantId,
-        userContext
+        userContext,
+        false
     );
     let result = await apiImplementation.generatePasswordResetTokenPOST({
         formFields,

lib/build/recipe/emailpassword/api/implementation.js

@@ -40,7 +40,12 @@ function getAPIImplementation() {
             };
         },
         generatePasswordResetTokenPOST: async function ({ formFields, tenantId, options, userContext }) {
-            const email = formFields.filter((f) => f.id === "email")[0].value;
+            var _a, _b;
+            const email =
+                (_b = (_a = formFields.find((f) => f.id === "email")) === null || _a === void 0 ? void 0 : _a.value) !==
+                    null && _b !== void 0
+                    ? _b
+                    : "";
             // this function will be reused in different parts of the flow below..
             async function generateAndSendPasswordResetToken(primaryUserId, recipeUserId) {
                 // the user ID here can be primary or recipe level.
@@ -259,6 +264,7 @@ function getAPIImplementation() {
             );
         },
         passwordResetPOST: async function ({ formFields, token, tenantId, options, userContext }) {
+            var _a;
             async function markEmailAsVerified(recipeUserId, email) {
                 const emailVerificationInstance = recipe_2.default.getInstance();
                 if (emailVerificationInstance) {
@@ -355,7 +361,9 @@ function getAPIImplementation() {
                     };
                 }
             }
-            let newPassword = formFields.filter((f) => f.id === "password")[0].value;
+            let newPassword =
+                ((_a = formFields.find((f) => f.id === "password")) === null || _a === void 0 ? void 0 : _a.value) ||
+                "";
             let tokenConsumptionResponse = await options.recipeImplementation.consumePasswordResetToken({
                 token,
                 tenantId,
@@ -482,6 +490,7 @@ function getAPIImplementation() {
             }
         },
         signInPOST: async function ({ formFields, tenantId, session, options, userContext }) {
+            var _a, _b, _c, _d;
             const errorCodeMap = {
                 SIGN_IN_NOT_ALLOWED:
                     "Cannot sign in due to security reasons. Please try resetting your password, use a different login method or contact support. (ERR_CODE_008)",
@@ -496,8 +505,18 @@ function getAPIImplementation() {
                         "Cannot sign in / up due to security reasons. Please contact support. (ERR_CODE_012)",
                 },
             };
-            let email = formFields.filter((f) => f.id === "email")[0].value;
-            let password = formFields.filter((f) => f.id === "password")[0].value;
+            let email =
+                (_b = (_a = formFields.find((f) => f.id === "email")) === null || _a === void 0 ? void 0 : _a.value) !==
+                    null && _b !== void 0
+                    ? _b
+                    : "";
+            let password =
+                (_d =
+                    (_c = formFields.find((f) => f.id === "password")) === null || _c === void 0
+                        ? void 0
+                        : _c.value) !== null && _d !== void 0
+                    ? _d
+                    : "";
             const recipeId = "emailpassword";
             const checkCredentialsOnTenant = async (tenantId) => {
                 return (

lib/build/recipe/emailpassword/api/passwordReset.js

@@ -36,7 +36,8 @@ async function passwordReset(apiImplementation, tenantId, options, userContext)
         options.config.resetPasswordUsingTokenFeature.formFieldsForPasswordResetForm,
         requestBody.formFields,
         tenantId,
-        userContext
+        userContext,
+        false
     );
     let token = requestBody.token;
     if (token === undefined) {

lib/build/recipe/emailpassword/api/signin.js

@@ -32,7 +32,8 @@ async function signInAPI(apiImplementation, tenantId, options, userContext) {
         options.config.signInFeature.formFields,
         (await options.req.getJSONBody()).formFields,
         tenantId,
-        userContext
+        userContext,
+        false
     );
     let session = await session_1.default.getSession(
         options.req,

lib/build/recipe/emailpassword/api/signup.js

@@ -34,7 +34,8 @@ async function signUpAPI(apiImplementation, tenantId, options, userContext) {
         options.config.signUpFeature.formFields,
         requestBody.formFields,
         tenantId,
-        userContext
+        userContext,
+        true
     );
     let session = await session_1.default.getSession(
         options.req,

lib/build/recipe/emailpassword/api/utils.d.ts

@@ -5,7 +5,8 @@ export declare function validateFormFieldsOrThrowError(
     configFormFields: NormalisedFormField[],
     formFieldsRaw: any,
     tenantId: string,
-    userContext: UserContext
+    userContext: UserContext,
+    runValidators?: boolean
 ): Promise<
     {
         id: string;

lib/build/recipe/emailpassword/api/utils.js

@@ -8,7 +8,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateFormFieldsOrThrowError = void 0;
 const error_1 = __importDefault(require("../error"));
 const constants_1 = require("../constants");
-async function validateFormFieldsOrThrowError(configFormFields, formFieldsRaw, tenantId, userContext) {
+async function validateFormFieldsOrThrowError(
+    configFormFields,
+    formFieldsRaw,
+    tenantId,
+    userContext,
+    runValidators = true
+) {
     // first we check syntax ----------------------------
     if (formFieldsRaw === undefined) {
         throw newBadRequestError("Missing input param: formFields");
@@ -39,8 +45,11 @@ async function validateFormFieldsOrThrowError(configFormFields, formFieldsRaw, t
         }
         return field;
     });
-    // then run validators through them-----------------------
-    await validateFormOrThrowError(formFields, configFormFields, tenantId, userContext);
+    // Run form field validators for only signup, see: https://github.com/supertokens/supertokens-node/issues/447
+    if (runValidators) {
+        // then run validators through them-----------------------
+        await validateFormOrThrowError(formFields, configFormFields, tenantId, userContext);
+    }
     return formFields;
 }
 exports.validateFormFieldsOrThrowError = validateFormFieldsOrThrowError;

lib/ts/recipe/emailpassword/api/generatePasswordResetToken.ts

@@ -40,7 +40,8 @@ export default async function generatePasswordResetToken(
         options.config.resetPasswordUsingTokenFeature.formFieldsForGenerateTokenForm,
         requestBody.formFields,
         tenantId,
-        userContext
+        userContext,
+        false
     );
 
     let result = await apiImplementation.generatePasswordResetTokenPOST({

lib/ts/recipe/emailpassword/api/implementation.ts

@@ -65,7 +65,7 @@ export default function getAPIImplementation(): APIInterface {
             | { status: "PASSWORD_RESET_NOT_ALLOWED"; reason: string }
             | GeneralErrorResponse
         > {
-            const email = formFields.filter((f) => f.id === "email")[0].value;
+            const email = formFields.find((f) => f.id === "email")?.value ?? "";
 
             // this function will be reused in different parts of the flow below..
             async function generateAndSendPasswordResetToken(
@@ -451,7 +451,7 @@ export default function getAPIImplementation(): APIInterface {
                 }
             }
 
-            let newPassword = formFields.filter((f) => f.id === "password")[0].value;
+            let newPassword = formFields.find((f) => f.id === "password")?.value || "";
 
             let tokenConsumptionResponse = await options.recipeImplementation.consumePasswordResetToken({
                 token,
@@ -631,8 +631,8 @@ export default function getAPIImplementation(): APIInterface {
                         "Cannot sign in / up due to security reasons. Please contact support. (ERR_CODE_012)",
                 },
             };
-            let email = formFields.filter((f) => f.id === "email")[0].value;
-            let password = formFields.filter((f) => f.id === "password")[0].value;
+            let email = formFields.find((f) => f.id === "email")?.value ?? "";
+            let password = formFields.find((f) => f.id === "password")?.value ?? "";
 
             const recipeId = "emailpassword";
 

lib/ts/recipe/emailpassword/api/passwordReset.ts

@@ -44,7 +44,8 @@ export default async function passwordReset(
         options.config.resetPasswordUsingTokenFeature.formFieldsForPasswordResetForm,
         requestBody.formFields,
         tenantId,
-        userContext
+        userContext,
+        false
     );
 
     let token = requestBody.token;

lib/ts/recipe/emailpassword/api/signin.ts

@@ -38,7 +38,8 @@ export default async function signInAPI(
         options.config.signInFeature.formFields,
         (await options.req.getJSONBody()).formFields,
         tenantId,
-        userContext
+        userContext,
+        false
     );
 
     let session = await Session.getSession(

lib/ts/recipe/emailpassword/api/signup.ts

@@ -42,7 +42,8 @@ export default async function signUpAPI(
         options.config.signUpFeature.formFields,
         requestBody.formFields,
         tenantId,
-        userContext
+        userContext,
+        true
     );
 
     let session = await Session.getSession(

lib/ts/recipe/emailpassword/api/utils.ts

@@ -21,7 +21,8 @@ export async function validateFormFieldsOrThrowError(
     configFormFields: NormalisedFormField[],
     formFieldsRaw: any,
     tenantId: string,
-    userContext: UserContext
+    userContext: UserContext,
+    runValidators: boolean = true
 ): Promise<
     {
         id: string;
@@ -69,9 +70,11 @@ export async function validateFormFieldsOrThrowError(
         return field;
     });
 
-    // then run validators through them-----------------------
-    await validateFormOrThrowError(formFields, configFormFields, tenantId, userContext);
-
+    // Run form field validators for only signup, see: https://github.com/supertokens/supertokens-node/issues/447
+    if (runValidators) {
+        // then run validators through them-----------------------
+        await validateFormOrThrowError(formFields, configFormFields, tenantId, userContext);
+    }
     return formFields;
 }
 

lib/ts/version.ts

@@ -12,7 +12,7 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
-export const version = "20.0.4";
+export const version = "20.0.5";
 
 export const cdiSupported = ["5.1"];
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "supertokens-node",
-    "version": "20.0.4",
+    "version": "20.0.5",
     "description": "NodeJS driver for SuperTokens core",
     "main": "index.js",
     "scripts": {