refactor(auth): Updated authentication logic

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "cSpell.words": ["onboarded"]
+}

src/auth/auth.e2e.spec.ts

@@ -41,44 +41,24 @@ describe('Auth Controller Tests', () => {
   it('should be able to sign up using email', async () => {
     const response = await app.inject({
       method: 'POST',
-      url: '/auth/sign-up',
+      url: '/auth/email',
       payload: {
         email: '[email protected]',
       },
     });
 
     expect(response.statusCode).toEqual(201);
-    expect(response.json().email).toEqual('[email protected]');
-  });
-
-  it('should be able to sign in using email', async () => {
-    await prisma.user.create({
-      data: {
-        email: '[email protected]',
-        isEmailVerified: true,
-        authType: AuthType.EMAIL,
-      },
+    expect(response.json()).toEqual({
+      status: 'success',
     });
-
-    const response = await app.inject({
-      method: 'POST',
-      url: '/auth/sign-in',
-      payload: {
-        email: '[email protected]',
-      },
-    });
-
-    expect(response.statusCode).toEqual(201);
-    expect(response.json().email).toEqual('[email protected]');
   });
 
   it('should send verification code to email on sign up', async () => {
     await app.inject({
       method: 'POST',
-      url: '/auth/sign-up',
+      url: '/auth/email',
       payload: {
         email: '[email protected]',
-        password: 'Password123',
       },
     });
 
@@ -123,10 +103,9 @@ describe('Auth Controller Tests', () => {
     // Sign up
     await app.inject({
       method: 'POST',
-      url: '/auth/sign-up',
+      url: '/auth/email',
       payload: {
         email: '[email protected]',
-        password: 'Password123',
       },
     });
 

src/auth/controller/auth.controller.ts

@@ -20,12 +20,10 @@ import { Public } from '../../decorators/public.decorator';
 import { FacebookOAuthStrategyFactory } from '../../oauth/factory/facebook/facebook-strategy.factory';
 import { LinkedInOAuthStrategyFactory } from '../../oauth/factory/linkedin/linkedin-strategy.factory';
 import { AppleOAuthStrategyFactory } from '../../oauth/factory/apple/apple-strategy.factory';
-import { SignupDto } from '../dto/signup.dto';
-import { SigninDto } from '../dto/signin.dto';
+import { UserDetailsDto } from '../dto/user-details.dto';
 import { EmailVerificationDto } from '../dto/email-verification.dto';
 import {
   ApiBadRequestResponse,
-  ApiConflictResponse,
   ApiCreatedResponse,
   ApiNoContentResponse,
   ApiNotFoundResponse,
@@ -37,6 +35,7 @@ import { LowercasePipe } from '../../common/pipes/lowercase.pipe';
 import { GithubOAuthStrategyFactory } from '../../oauth/factory/github/github-strategy.factory';
 import { CurrentUser } from '../../decorators/current-user.decorator';
 import { SocialAccountType, User } from '@prisma/client';
+import { BypassOnboardingCheck } from '../../decorators/bypass-onboarding.decorator';
 
 @Controller('auth')
 @ApiTags('Auth Controller')
@@ -313,29 +312,10 @@ export class AuthController {
   }
 
   @Public()
-  @Post('sign-up')
+  @Post('email')
   @ApiOperation({
-    summary: 'Sign up',
-    description: 'Sign up with email',
-  })
-  @ApiCreatedResponse({
-    description: 'User signed up successfully',
-  })
-  @ApiConflictResponse({
-    description: 'User with this email already exists',
-  })
-  async signUp(@Body() dto: SignupDto) {
-    return await this.authService.signUp(dto);
-  }
-
-  @Public()
-  @Post('sign-in')
-  @ApiOperation({
-    summary: 'Sign in',
-    description: 'Sign in with email',
-  })
-  @ApiNotFoundResponse({
-    description: 'User not found',
+    summary: 'Sign in or sign up with email',
+    description: 'Sign in or sign up with email',
   })
   @ApiCreatedResponse({
     description: 'User signed in successfully',
@@ -347,8 +327,8 @@ export class AuthController {
       },
     },
   })
-  async signIn(@Body() dto: SigninDto) {
-    return await this.authService.signIn(dto);
+  async sendVerificationCode(@Body() dto: UserDetailsDto) {
+    return await this.authService.sendVerificationCode(dto);
   }
 
   @Public()
@@ -396,9 +376,10 @@ export class AuthController {
     },
   })
   async verifyEmail(@Body() dto: EmailVerificationDto) {
-    return await this.authService.verifyEmail(dto.email, dto.code);
+    return await this.authService.verifyEmail(dto);
   }
 
+  @BypassOnboardingCheck()
   @Get('/social-accounts')
   async getSocialAccounts(@CurrentUser() user: User) {
     return this.authService.getSocialAccounts(user.id);

src/auth/dto/signin.dto.ts → src/auth/dto/user-details.dto.ts

@@ -2,7 +2,7 @@ import { ApiProperty } from '@nestjs/swagger';
 import { Transform } from 'class-transformer';
 import { IsEmail } from 'class-validator';
 
-export class SigninDto {
+export class UserDetailsDto {
   @IsEmail()
   @Transform(({ value }) => value.toLowerCase())
   @ApiProperty({

src/auth/guard/auth/auth.guard.ts

@@ -3,13 +3,15 @@ import {
   ExecutionContext,
   ForbiddenException,
   Injectable,
+  UnauthorizedException,
 } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { Request } from 'express';
 import { Reflector } from '@nestjs/core';
 import { IS_PUBLIC_KEY } from '../../../decorators/public.decorator';
 import { PrismaService } from '../../../prisma/prisma.service';
 import { User } from '@prisma/client';
+import { ONBOARDING_BYPASSED } from '../../../decorators/bypass-onboarding.decorator';
 
 const X_E2E_USER_EMAIL = 'x-e2e-user-email';
 
@@ -74,6 +76,17 @@ export class AuthGuard implements CanActivate {
       }
     }
 
+    const onboardingBypassed =
+      this.reflector.getAllAndOverride<boolean>(ONBOARDING_BYPASSED, [
+        context.getHandler(),
+        context.getClass(),
+      ]) ?? false;
+
+    // If the onboarding is not finished, we throw an UnauthorizedException.
+    if (!onboardingBypassed && !user.onboarded) {
+      throw new UnauthorizedException('Onboarding not finished');
+    }
+
     // We attach the user to the request object.
     request['user'] = user;
     return true;