[ Refactor ] Add customizable TOTP_NOT_FOUND error message and remove hostUrl from MagicLinkGenerationOptions.

docs/customization.md

@@ -75,7 +75,7 @@ authenticator.use(
 The Magic Link is optional and enabled by default. You can decide to opt-out by setting the `enabled` option to `false`.
 
 Furthermore, the Magic Link can be customized via the `magicLinkGeneration` object in the TOTPStrategy Instance.
-The URL link generated will be in the format of `{hostURL}{callbackPath}?{codeField}=<magic-link-code>`.
+The URL link generated will be in the format of `{request url origin}{callbackPath}?{codeField}=<magic-link-code>`.
 
 ```ts
 export interface MagicLinkGenerationOptions {
@@ -84,12 +84,6 @@ export interface MagicLinkGenerationOptions {
    * @default true
    */
   enabled?: boolean
-  /**
-   * The host URL for the Magic Link.
-   * If omitted, it will be inferred from the request.
-   * @default undefined
-   */
-  hostUrl?: string
   /**
    * The callback path for the Magic Link.
    * @default '/magic-link'
@@ -122,6 +116,11 @@ export interface CustomErrorsOptions {
    * The inactive TOTP error message.
    */
   inactiveTotp?: string
+    /**
+   * The TOTP not found error message.
+   */
+  totpNotFound?: string
+
 }
 
 authenticator.use(

src/constants.ts

@@ -16,13 +16,13 @@ export const ERRORS = {
   INVALID_EMAIL: 'Email is not valid.',
   INVALID_TOTP: 'Code is not valid.',
   INACTIVE_TOTP: 'Code is no longer active.',
+  TOTP_NOT_FOUND: 'Database TOTP not found.',
 
   // Miscellaneous errors.
   REQUIRED_ENV_SECRET: 'Missing required .env secret.',
   REQUIRED_SUCCESS_REDIRECT_URL: 'Missing required successRedirect URL.',
 
   USER_NOT_FOUND: 'User not found.',
-  TOTP_NOT_FOUND: 'Database TOTP not found.',
 
   INVALID_MAGIC_LINK_PATH: 'Invalid magic-link expected path.',
   INVALID_JWT: 'Invalid JWT.',

src/index.ts

@@ -66,14 +66,6 @@
    */
   enabled?: boolean
 
-  /**
-   * The host URL for the Magic Link.
-   * If omitted, it will be inferred from the Request.
-   *
-   * @default undefined
-   */
-  hostUrl?: string
-
   /**
    * The callback URL path for the Magic Link.
    * @default '/magic-link'
@@ -209,6 +201,11 @@
    * The inactive TOTP error message.
    */
   inactiveTotp?: string
+
+  /**
+   * The TOTP not found error message.
+   */
+  totpNotFound?: string
 }
 
 /**
@@ -344,14 +341,14 @@
   } satisfies TOTPGenerationOptions
   private readonly _magicLinkGenerationDefaults = {
     enabled: true,
-    hostUrl: undefined,
     callbackPath: '/magic-link',
   } satisfies MagicLinkGenerationOptions
   private readonly _customErrorsDefaults = {
     requiredEmail: ERRORS.REQUIRED_EMAIL,
     invalidEmail: ERRORS.INVALID_EMAIL,
     invalidTotp: ERRORS.INVALID_TOTP,
     inactiveTotp: ERRORS.INACTIVE_TOTP,
+    totpNotFound: ERRORS.TOTP_NOT_FOUND,
   } satisfies CustomErrorsOptions
 
   constructor(
@@ -547,7 +544,7 @@
       if (error instanceof Error) {
         if (error.message === ERRORS.INVALID_JWT) {
           const dbTOTP = await this.handleTOTP(sessionTotp)
-          if (!dbTOTP || !dbTOTP.hash) throw new Error(ERRORS.TOTP_NOT_FOUND)
+          if (!dbTOTP || !dbTOTP.hash) throw new Error(this.customErrors.totpNotFound)
 
           await this.handleTOTP(sessionTotp, { active: false })
 
@@ -601,7 +598,7 @@
   private async _validateTOTP(sessionTotp: string, otp: string) {
     // Retrieve encrypted TOTP from database.
     const dbTOTP = await this.handleTOTP(sessionTotp)
-    if (!dbTOTP || !dbTOTP.hash) throw new Error(ERRORS.TOTP_NOT_FOUND)
+    if (!dbTOTP || !dbTOTP.hash) throw new Error(this.customErrors.totpNotFound)
 
     if (dbTOTP.active !== true) {
       throw new Error(this.customErrors.inactiveTotp)
@@ -616,7 +613,7 @@
     }
 
     // Decryption and Verification.
     const { iat, exp, ...totp } = (await verifyJWT({
       jwt: sessionTotp,
       secretKey: this.secret,
     })) as Required<TOTPGenerationOptions> & { iat: number; exp: number }

src/utils.ts

@@ -33,7 +33,7 @@
 
   const url = new URL(
     options.callbackPath ?? '/',
-    options.hostUrl ?? new URL(options.request.url).origin,
+    new URL(options.request.url).origin,
   )
   url.searchParams.set(options.param, options.code)
 
@@ -44,7 +44,7 @@
  * JSON Web Token (JWT).
  */
 type SignJWTOptions = {
   payload: { [key: string]: any }
   expiresIn: number
   secretKey: string
 }

test/index.spec.ts

@@ -350,6 +350,41 @@ describe('[ TOTP ]', () => {
       expect(result).toEqual(new AuthorizationError(ERRORS.TOTP_NOT_FOUND))
     })
 
+    test('Should throw a custom Error message on missing TOTP from database.', async () => {
+      const CUSTOM_ERROR = 'Custom error message.'
+
+      const totp = generateTOTP(TOTP_GENERATION_DEFAULTS)
+      const formData = new FormData()
+      formData.append(FORM_FIELDS.TOTP, totp.otp)
+
+      const request = new Request(`${HOST_URL}`, {
+        method: 'POST',
+        body: formData,
+      })
+
+      const strategy = new TOTPStrategy(
+        {
+          secret: SECRET_ENV,
+          storeTOTP,
+          sendTOTP,
+          handleTOTP,
+          customErrors: {
+            totpNotFound: CUSTOM_ERROR,
+          },
+        },
+        verify,
+      )
+      const result = (await strategy
+        .authenticate(request, sessionStorage, {
+          ...AUTH_OPTIONS,
+          throwOnError: true,
+          successRedirect: '/',
+        })
+        .catch((error) => error)) as Response
+
+      expect(result).toEqual(new AuthorizationError(CUSTOM_ERROR))
+    })
+
     test('Should throw an Error on inactive TOTP.', async () => {
       handleTOTP.mockImplementation(() =>
         Promise.resolve({ hash: signedTotp, attempts: 0, active: false }),
@@ -691,7 +726,7 @@ describe('[ TOTP ]', () => {
 })
 
 describe('[ Utils ]', () => {
-  test('Should use the origin from the request for the magic-link if hostUrl is not provided.', async () => {
+  test('Should use the origin from the request for the magic-link.', async () => {
     const samples: Array<[string, string]> = [
       ['http://localhost/login', 'http://localhost/magic-link?code=U2N2EY'],
       ['http://localhost:3000/login', 'http://localhost:3000/magic-link?code=U2N2EY'],

test/utils.ts

@@ -34,7 +34,6 @@ export const TOTP_GENERATION_DEFAULTS = {
 
 export const MAGIC_LINK_GENERATION_DEFAULTS = {
   enabled: true,
-  hostUrl: undefined,
   callbackPath: '/magic-link',
 } satisfies MagicLinkGenerationOptions