multiversx · ssd04 · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024 · Sep 3, 2024
diff --git a/Makefile b/Makefile
@@ -88,13 +88,13 @@ ifeq ($(db_setup),cluster)
 endif
 
 compose-new:
-	sudo docker-compose -f ${mongo_compose_file} up -d
+	docker compose -f ${mongo_compose_file} up -d
 
 compose-start:
-	sudo docker-compose -f ${mongo_compose_file} start
+	docker compose -f ${mongo_compose_file} start
 
 compose-stop:
-	sudo docker-compose -f ${mongo_compose_file} stop
+	docker compose -f ${mongo_compose_file} stop
 
 compose-rm:
-	sudo docker-compose -f ${mongo_compose_file} down
+	docker compose -f ${mongo_compose_file} down
diff --git a/cmd/multi-factor-auth/swagger/data.go b/cmd/multi-factor-auth/swagger/data.go
@@ -206,9 +206,9 @@ type _ struct {
 type _ struct {
 	// in:body
 	Body struct {
-		// SignMultipleTransactions
+		// SignMultipleTransactionsResponse
 		// x-nullable:true
-		Data requests.SignMultipleTransactions `json:"data"`
+		Data requests.SignMultipleTransactionsResponse `json:"data"`
 		// HTTP status code
 		Code string `json:"code"`
 		// Internal error

diff --git a/cmd/multi-factor-auth/swagger/ui/swagger.json b/cmd/multi-factor-auth/swagger/ui/swagger.json
@@ -77,54 +77,43 @@
         }
       }
     },
-    "/sign-multiple-transactions": {
+    "/sign-message": {
       "post": {
-        "description": "Signs the provided transactions with the provided guardian",
+        "description": "Signs the provided message with the provided guardian",
         "tags": [
           "Guardian"
         ],
-        "summary": "Sign multiple transactions.",
-        "operationId": "signMultipleTransactionsRequest",
-        "parameters": [
-          {
-            "description": "Sign multiple transactions payload",
-            "name": "Payload",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/SignMultipleTransactions"
-            }
-          }
-        ],
+        "summary": "Sign message.",
+        "operationId": "signMessageRequest",
         "responses": {
           "200": {
-            "$ref": "#/responses/signMultipleTransactionsResponse"
+            "$ref": "#/responses/signMessageResponse"
           }
         }
       }
     },
-    "/sign-message": {
+    "/sign-multiple-transactions": {
       "post": {
-        "description": "Signs the provided message with the provided guardian",
+        "description": "Signs the provided transactions with the provided guardian",
         "tags": [
           "Guardian"
         ],
-        "summary": "Sign message.",
-        "operationId": "signMessageRequest",
+        "summary": "Sign multiple transactions.",
+        "operationId": "signMultipleTransactionsRequest",
         "parameters": [
           {
-            "description": "Sign message payload",
+            "description": "Sign multiple transactions payload",
             "name": "Payload",
             "in": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/SignMessage"
+              "$ref": "#/definitions/SignMultipleTransactions"
             }
           }
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/signMessageResponse"
+            "$ref": "#/responses/signMultipleTransactionsResponse"
           }
         }
       }
@@ -422,6 +411,21 @@
       },
       "x-go-package": "github.com/multiversx/mx-multi-factor-auth-go-service/core/requests"
     },
+    "SignMessageResponse": {
+      "description": "SignMessageResponse is the service response to the sign message request",
+      "type": "object",
+      "properties": {
+        "message": {
+          "type": "string",
+          "x-go-name": "Message"
+        },
+        "signature": {
+          "type": "string",
+          "x-go-name": "Signature"
+        }
+      },
+      "x-go-package": "github.com/multiversx/mx-multi-factor-auth-go-service/core/requests"
+    },
     "SignMultipleTransactions": {
       "description": "SignMultipleTransactions is the JSON request the service is receiving\nwhen a user sends multiple transactions to be signed by the guardian",
       "type": "object",
@@ -444,29 +448,16 @@
       },
       "x-go-package": "github.com/multiversx/mx-multi-factor-auth-go-service/core/requests"
     },
-    "SignMessage": {
-      "description": "SignMessage is the JSON request the service is receiving\nwhen a user sends a new message to be signed by the guardian",
+    "SignMultipleTransactionsResponse": {
+      "description": "SignMultipleTransactionsResponse is the service response to the sign multiple transactions request",
       "type": "object",
       "properties": {
-        "code": {
-          "type": "string",
-          "x-go-name": "Code"
-        },
-        "second-code": {
-          "type": "string",
-          "x-go-name": "SecondCode"
-        },
-        "message": {
-          "type": "string",
-          "x-go-name": "Message"
-        },
-        "user": {
-          "type": "string",
-          "x-go-name": "UserAddr"
-        },
-        "guardian": {
-          "type": "string",
-          "x-go-name": "GuardianAddr"
+        "transactions": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/FrontendTransaction"
+          },
+          "x-go-name": "Txs"
         }
       },
       "x-go-package": "github.com/multiversx/mx-multi-factor-auth-go-service/core/requests"
@@ -489,21 +480,6 @@
       },
       "x-go-package": "github.com/multiversx/mx-multi-factor-auth-go-service/core/requests"
     },
-    "SignMessageResponse": {
-      "description": "SignTransactionResponse is the service response to the sign transaction request",
-      "type": "object",
-      "properties": {
-        "message": {
-          "type": "string",
-          "x-go-name": "Message"
-        },
-        "signature": {
-          "type": "string",
-          "x-go-name": "Signature"
-        }
-      },
-      "x-go-package": "github.com/multiversx/mx-multi-factor-auth-go-service/core/requests"
-    },
     "SignTransactionResponse": {
       "description": "SignTransactionResponse is the service response to the sign transaction request",
       "type": "object",
@@ -598,8 +574,8 @@
         }
       }
     },
-    "signMultipleTransactionsResponse": {
-      "description": "The transactions array with their guardian's signature on them",
+    "signMessageResponse": {
+      "description": "The full transaction with its guardian signature on it",
       "schema": {
         "type": "object",
         "properties": {
@@ -609,7 +585,7 @@
             "x-go-name": "Code"
           },
           "data": {
-            "$ref": "#/definitions/SignMultipleTransactions"
+            "$ref": "#/definitions/SignMessageResponse"
           },
           "error": {
             "description": "Internal error",
@@ -619,8 +595,8 @@
         }
       }
     },
-    "signMessageResponse": {
-      "description": "The full transaction with its guardian signature on it",
+    "signMultipleTransactionsResponse": {
+      "description": "The transactions array with their guardian's signature on them",
       "schema": {
         "type": "object",
         "properties": {
@@ -630,7 +606,7 @@
             "x-go-name": "Code"
           },
           "data": {
-            "$ref": "#/definitions/SignMessageResponse"
+            "$ref": "#/definitions/SignMultipleTransactionsResponse"
           },
           "error": {
             "description": "Internal error",
@@ -672,7 +648,7 @@
             "x-go-name": "Code"
           },
           "data": {
-            "description": "Empty data field",
+            "description": "Empty data field\nx-nullable:true",
             "type": "string",
             "x-go-name": "Data"
           },

diff --git a/core/errors.go b/core/errors.go
@@ -29,9 +29,6 @@ var ErrNilBucket = errors.New("nil bucket")
 // ErrNilMongoDBClient signals that a nil mongodb client has been provided
 var ErrNilMongoDBClient = errors.New("nil mongodb client")
 
-// ErrNilStorer signals that a nil storer has been provided
-var ErrNilStorer = errors.New("nil storer")
-
 // ErrNilHttpClient signals that a nil http client has been provided
 var ErrNilHttpClient = errors.New("nil http client")
 

diff --git a/handlers/interface.go b/handlers/interface.go
@@ -23,6 +23,7 @@ type SecureOtpHandler interface {
 	IsVerificationAllowedAndIncreaseTrials(account string, ip string) (*requests.OTPCodeVerifyData, error)
 	Reset(account string, ip string)
 	DecrementSecurityModeFailedTrials(account string) error
+	ExtendSecurityMode(account string) error
 	IsInterfaceNil() bool
 }
 

diff --git a/handlers/secureOtp/secureOtpHandler.go b/handlers/secureOtp/secureOtpHandler.go
@@ -119,6 +119,11 @@ func (totp *secureOtpHandler) DecrementSecurityModeFailedTrials(account string)
 	return totp.rateLimiter.DecrementSecurityFailedTrials(account)
 }
 
+// ExtendSecurityMode extends the security mode to the maximum limit
+func (totp *secureOtpHandler) ExtendSecurityMode(account string) error {
+	return totp.rateLimiter.ExtendSecurityMode(account)
+}
+
 // IsInterfaceNil returns true if there is no value under the interface
 func (totp *secureOtpHandler) IsInterfaceNil() bool {
 	return totp == nil

diff --git a/handlers/secureOtp/secureOtpHandler_test.go b/handlers/secureOtp/secureOtpHandler_test.go
@@ -21,6 +21,8 @@ const (
 	ip      = "127.0.0.1"
 )
 
+var expectedErr = errors.New("expected error")
+
 func createMockArgsSecureOtpHandler() secureOtp.ArgsSecureOtpHandler {
 	return secureOtp.ArgsSecureOtpHandler{
 		RateLimiter: &testscommon.RateLimiterStub{},
@@ -60,7 +62,6 @@ func TestSecureOtpHandler_IsVerificationAllowedAndIncreaseTrials(t *testing.T) {
 
 		args := createMockArgsSecureOtpHandler()
 
-		expectedErr := errors.New("expected error")
 		args.RateLimiter = &testscommon.RateLimiterStub{
 			CheckAllowedAndIncreaseTrialsCalled: func(key string, _ redis.Mode) (*redis.RateLimiterResult, error) {
 				return &redis.RateLimiterResult{}, expectedErr
@@ -74,7 +75,6 @@ func TestSecureOtpHandler_IsVerificationAllowedAndIncreaseTrials(t *testing.T) {
 	t.Run("on security mode limiter check error, should return error", func(t *testing.T) {
 		args := createMockArgsSecureOtpHandler()
 
-		expectedErr := errors.New("expected error")
 		args.RateLimiter = &testscommon.RateLimiterStub{
 			CheckAllowedAndIncreaseTrialsCalled: func(key string, mode redis.Mode) (*redis.RateLimiterResult, error) {
 				switch mode {
@@ -244,7 +244,6 @@ func TestSecureOtpHandler_DecrementSecurityModeFailedTrials(t *testing.T) {
 	args := createMockArgsSecureOtpHandler()
 
 	t.Run("on redis limiter error should return err", func(t *testing.T) {
-		expectedErr := errors.New("expected error")
 		wasCalled := false
 		args.RateLimiter = &testscommon.RateLimiterStub{
 			DecrementSecurityFailuresCalled: func(key string) error {
@@ -279,18 +278,95 @@ func TestSecureOtpHandler_DecrementSecurityModeFailedTrials(t *testing.T) {
 func TestSecureOtpHandler_Reset(t *testing.T) {
 	t.Parallel()
 
-	args := createMockArgsSecureOtpHandler()
+	t.Run("reset returns error", func(t *testing.T) {
+		t.Parallel()
+
+		args := createMockArgsSecureOtpHandler()
+
+		wasCalled := false
+		args.RateLimiter = &testscommon.RateLimiterStub{
+			ResetCalled: func(key string) error {
+				wasCalled = true
+				return expectedErr
+			},
+		}
+		totp, _ := secureOtp.NewSecureOtpHandler(args)
+		require.NotNil(t, totp)
+
+		totp.Reset(account, ip)
+
+		require.True(t, wasCalled)
+	})
+	t.Run("should work", func(t *testing.T) {
+		t.Parallel()
+
+		args := createMockArgsSecureOtpHandler()
+
+		wasCalled := false
+		args.RateLimiter = &testscommon.RateLimiterStub{
+			ResetCalled: func(key string) error {
+				wasCalled = true
+				return nil
+			},
+		}
+		totp, _ := secureOtp.NewSecureOtpHandler(args)
+		require.NotNil(t, totp)
+
+		totp.Reset(account, ip)
+
+		require.True(t, wasCalled)
+	})
+}
+
+func TestSecureOtpHandler_ExtendSecurityMode(t *testing.T) {
+	t.Parallel()
 
 	wasCalled := false
+	args := createMockArgsSecureOtpHandler()
 	args.RateLimiter = &testscommon.RateLimiterStub{
-		ResetCalled: func(key string) error {
+		ExtendSecurityModeCalled: func(key string) error {
 			wasCalled = true
 			return nil
 		},
 	}
-	totp, _ := secureOtp.NewSecureOtpHandler(args)
 
-	totp.Reset(account, ip)
+	totp, _ := secureOtp.NewSecureOtpHandler(args)
+	require.NotNil(t, totp)
 
+	err := totp.ExtendSecurityMode(account)
+	require.NoError(t, err)
 	require.True(t, wasCalled)
 }
+
+func TestSecureOtpHandler_Getters(t *testing.T) {
+	t.Parallel()
+
+	providedNormalModePeriod := time.Second
+	providedNormalModeRate := 1
+	providedSecurityModePeriod := time.Minute
+	providedSecurityModeRate := 100
+	args := createMockArgsSecureOtpHandler()
+	args.RateLimiter = &testscommon.RateLimiterStub{
+		PeriodCalled: func(mode redis.Mode) time.Duration {
+			if mode == redis.NormalMode {
+				return providedNormalModePeriod
+			}
+
+			return providedSecurityModePeriod
+		},
+		RateCalled: func(mode redis.Mode) int {
+			if mode == redis.NormalMode {
+				return providedNormalModeRate
+			}
+
+			return providedSecurityModeRate
+		},
+	}
+	totp, _ := secureOtp.NewSecureOtpHandler(args)
+	require.NotNil(t, totp)
+
+	require.Equal(t, uint64(providedNormalModePeriod.Seconds()), totp.FreezeBackOffTime())
+	require.Equal(t, uint64(providedNormalModeRate), totp.FreezeMaxFailures())
+	require.Equal(t, uint64(providedSecurityModePeriod.Seconds()), totp.SecurityModeBackOffTime())
+	require.Equal(t, uint64(providedSecurityModeRate), totp.SecurityModeMaxFailures())
+}