Merge pull request #18888 from mozilla/FXA-11668

feat(2fa): Add new recovery_phone/replace route

Author: nshirley

libs/accounts/recovery-phone/src/lib/recovery-phone.errors.ts

@@ -54,6 +54,16 @@ export class RecoveryNumberRemoveMissingBackupCodes extends RecoveryPhoneError {
   }
 }
 
+export class RecoveryNumberReplaceNotExistsError extends RecoveryPhoneError {
+  constructor(uid: string, cause?: Error) {
+    super(
+      'Existing recovery number does not exist for replacing.',
+      { uid },
+      cause
+    );
+  }
+}
+
 export class SmsSendRateLimitExceededError extends RecoveryPhoneError {
   constructor(
     uid: string,
@@ -99,4 +109,4 @@ export class MessageBodyTooLong extends RecoveryPhoneError {
       encoding,
     });
   }
-}
+}

libs/accounts/recovery-phone/src/lib/recovery-phone.manager.in.spec.ts

@@ -186,6 +186,18 @@ describe('RecoveryPhoneManager', () => {
     expect(deleteFromSpy).toBeCalledWith('recoveryPhones');
   });
 
+  it('should replace a recovery phone', async () => {
+    const mockPhone = RecoveryPhoneFactory();
+
+    const res = await recoveryPhoneManager.replacePhoneNumber(
+      mockPhone.uid.toString('hex'),
+      mockPhone.phoneNumber,
+      mockLookUpData
+    );
+
+    expect(res).toBe(true);
+  });
+
   it('should handle database errors gracefully', async () => {
     const insertIntoSpy = jest
       .spyOn(db, 'insertInto')
@@ -321,9 +333,8 @@ describe('RecoveryPhoneManager', () => {
       })
       .execute();
 
-    const result = await recoveryPhoneManager.getCountByPhoneNumber(
-      phoneNumber
-    );
+    const result =
+      await recoveryPhoneManager.getCountByPhoneNumber(phoneNumber);
 
     expect(result).toBe(2);
   });

libs/accounts/recovery-phone/src/lib/recovery-phone.manager.ts

@@ -13,11 +13,13 @@ import {
   hasRecoveryCodes,
   registerPhoneNumber,
   removePhoneNumber,
+  replacePhoneNumber,
 } from './recovery-phone.repository';
 import {
   RecoveryNumberAlreadyExistsError,
   RecoveryNumberInvalidFormatError,
   RecoveryNumberNotExistsError,
+  RecoveryNumberReplaceNotExistsError,
 } from './recovery-phone.errors';
 import { Redis } from 'ioredis';
 import { PhoneNumberInstance } from 'twilio/lib/rest/lookups/v2/phoneNumber';
@@ -115,6 +117,34 @@ export class RecoveryPhoneManager {
     return true;
   }
 
+  /**
+   * Replaces an existing phone number with a new one.
+   *
+   * @param uid The user's unique identifier
+   * @param phoneNumber The new phone number to replace the existing one
+   * @param lookupData Lookup data for twilio cross-check
+   */
+  async replacePhoneNumber(
+    uid: string,
+    phoneNumber: string,
+    lookupData: PhoneNumberLookupData
+  ): Promise<boolean> {
+    const uidBuffer = Buffer.from(uid, 'hex');
+    const now = Date.now();
+    const results = await replacePhoneNumber(this.db, {
+      uid: uidBuffer,
+      phoneNumber,
+      lastConfirmed: now,
+      createdAt: now,
+      lookupData: JSON.stringify(lookupData),
+    });
+
+    if (results < 1) {
+      throw new RecoveryNumberReplaceNotExistsError(uid);
+    }
+    return true;
+  }
+
   /**
    * Store phone number data and SMS code for a user.
    *

libs/accounts/recovery-phone/src/lib/recovery-phone.repository.ts

@@ -37,6 +37,24 @@ export async function registerPhoneNumber(
   await db.insertInto('recoveryPhones').values(recoveryPhone).execute();
 }
 
+/**
+ * Updates a recoveryPhones record with the new data. The original `createdAt` is not preserved.
+ *
+ * @returns The number of rows updated
+ */
+export async function replacePhoneNumber(
+  db: AccountDatabase,
+  recoveryPhone: RecoveryPhone
+): Promise<number> {
+  const result = await db
+    .updateTable('recoveryPhones')
+    .where('uid', '=', recoveryPhone.uid)
+    .set(recoveryPhone)
+    .execute();
+
+  return result.length;
+}
+
 export async function removePhoneNumber(
   db: AccountDatabase,
   uid: Buffer

libs/accounts/recovery-phone/src/lib/recovery-phone.service.spec.ts

@@ -60,6 +60,7 @@ describe('RecoveryPhoneService', () => {
     hasRecoveryCodes: jest.fn(),
     removeCode: jest.fn(),
     getCountByPhoneNumber: jest.fn(),
+    replacePhoneNumber: jest.fn(),
   };
 
   const mockOtpManager = {
@@ -886,4 +887,69 @@ describe('RecoveryPhoneService', () => {
       });
     });
   });
+
+  describe('validate setup code', () => {
+    it('returns true for a valid setup code', async () => {
+      mockRecoveryPhoneManager.getUnconfirmed.mockResolvedValueOnce({
+        isSetup: true,
+      });
+      const result = await service.validateSetupCode(uid, code);
+
+      expect(result).toBe(true);
+      expect(mockRecoveryPhoneManager.getUnconfirmed).toBeCalledTimes(1);
+      expect(mockRecoveryPhoneManager.getUnconfirmed).toBeCalledWith(uid, code);
+    });
+    it('returns false if data is null', async () => {
+      mockRecoveryPhoneManager.getUnconfirmed.mockResolvedValueOnce(null);
+      const result = await service.validateSetupCode(uid, code);
+
+      expect(result).toBe(false);
+      expect(mockRecoveryPhoneManager.getUnconfirmed).toBeCalledTimes(1);
+      expect(mockRecoveryPhoneManager.getUnconfirmed).toBeCalledWith(uid, code);
+    });
+
+    it('returns false if data is not a setup code', async () => {
+      mockRecoveryPhoneManager.getUnconfirmed.mockResolvedValueOnce({
+        isSetup: false,
+      });
+      const result = await service.validateSetupCode(uid, code);
+
+      expect(result).toBe(false);
+      expect(mockRecoveryPhoneManager.getUnconfirmed).toBeCalledTimes(1);
+      expect(mockRecoveryPhoneManager.getUnconfirmed).toBeCalledWith(uid, code);
+    });
+  });
+
+  describe('replace phone number', () => {
+    it('replaces code successfully', async () => {
+      mockRecoveryPhoneManager.replacePhoneNumber.mockResolvedValue(true);
+      mockRecoveryPhoneManager.getUnconfirmed.mockResolvedValueOnce({
+        isSetup: true,
+        phoneNumber,
+      });
+      const result = await service.replacePhoneNumber(uid, code);
+
+      expect(result).toBe(true);
+    });
+
+    it('returns false if there is no existing unconfirmed code', async () => {
+      mockRecoveryPhoneManager.replacePhoneNumber.mockResolvedValue(true);
+      mockRecoveryPhoneManager.getUnconfirmed.mockResolvedValueOnce({});
+
+      const result = await service.replacePhoneNumber(uid, code);
+
+      expect(result).toBe(false);
+    });
+
+    it('returns false if existing unconfirmed code is not for setup', async () => {
+      mockRecoveryPhoneManager.replacePhoneNumber.mockResolvedValue(true);
+      mockRecoveryPhoneManager.getUnconfirmed.mockResolvedValueOnce({
+        isSetup: false,
+        phoneNumber,
+      });
+      const result = await service.replacePhoneNumber(uid, code);
+
+      expect(result).toBe(false);
+    });
+  });
 });