Injected auth models

waspc/data/Generator/templates/react-app/src/entities/index.ts

@@ -9,6 +9,9 @@ export type {
   {=# entities =}
   {= name =},
   {=/ entities =}
+  {=# isAuthEnabled =}
+  type {= authEntityName =},
+  {=/ isAuthEnabled =}
 } from '@prisma/client'
 
 export type Entity = 

waspc/data/Generator/templates/server/src/_types/index.ts

@@ -4,7 +4,7 @@ import { type Request, type Response } from 'express'
 import { type ParamsDictionary as ExpressParams, type Query as ExpressQuery } from 'express-serve-static-core'
 import prisma from "../dbClient.js"
 {=# isAuthEnabled =}
-import { type {= userEntityName =} } from "../entities"
+import { type {= userEntityName =}, type {= authEntityName =} } from "../entities"
 {=/ isAuthEnabled =}
 import { type _Entity } from "./taggedEntities"
 import { type Payload } from "./serialization";
@@ -83,5 +83,7 @@ type ContextWithUser<Entities extends _Entity[]> = Expand<Context<Entities> & {
 // password field from the object there, we must do the same here). Ideally,
 // these two things would live in the same place:
 // https://github.com/wasp-lang/wasp/issues/965
-export type SanitizedUser = Omit<{= userEntityName =}, 'password'>
+export type SanitizedUser = {= userEntityName =} & {
+  {= authFieldOnUserEntityName =}: Omit<{= authEntityName =}, 'password'> | null
+}
 {=/ isAuthEnabled =}

waspc/data/Generator/templates/server/src/auth/index.ts

@@ -1,7 +1 @@
-{{={= =}=}}
-{=# isEmailAuthEnabled =}
-export { defineAdditionalSignupFields } from './providers/email/types.js';
-{=/ isEmailAuthEnabled =}
-{=# isLocalAuthEnabled =}
-export { defineAdditionalSignupFields } from './providers/local/types.js';
-{=/ isLocalAuthEnabled =}
+export { defineAdditionalSignupFields } from './providers/types.js';

waspc/data/Generator/templates/server/src/auth/providers/config/_oauth.ts

@@ -11,7 +11,7 @@ import type { OAuthConfig } from "../oauth/types.js";
 const _waspGetUserFieldsFn = {= userFieldsFn.importIdentifier =}
 {=/ userFieldsFn.isDefined =}
 {=^ userFieldsFn.isDefined =}
-import { getUserFieldsFn as _waspGetUserFieldsFn } from '../oauth/defaults.js'
+const _waspGetUserFieldsFn = undefined
 {=/ userFieldsFn.isDefined =}
 {=# configFn.isDefined =}
 {=& configFn.importStatement =}

waspc/data/Generator/templates/server/src/auth/providers/email/login.ts

@@ -1,6 +1,6 @@
 import { Request, Response } from 'express';
 import { verifyPassword, throwInvalidCredentialsError } from "../../../core/auth.js";
-import { findUserBy, createAuthToken } from "../../utils.js";
+import { findAuthWithUserBy, createAuthToken } from "../../utils.js";
 import { ensureValidEmail, ensurePasswordIsPresent } from "../../validation.js";
 
 export function getLoginRoute({
@@ -12,25 +12,25 @@ export function getLoginRoute({
         req: Request<{ email: string; password: string; }>,
         res: Response,
     ): Promise<Response<{ token: string } | undefined>> {
-        const userFields = req.body || {}
-        ensureValidArgs(userFields)
+        const fields = req.body || {}
+        ensureValidArgs(fields)
 
-        userFields.email = userFields.email.toLowerCase()
+        fields.email = fields.email.toLowerCase()
 
-        const user = await findUserBy({ email: userFields.email })
-        if (!user) {
+        const auth = await findAuthWithUserBy({ email: fields.email })
+        if (!auth) {
             throwInvalidCredentialsError()
         }
-        if (!user.isEmailVerified && !allowUnverifiedLogin) {
+        if (!auth.isEmailVerified && !allowUnverifiedLogin) {
             throwInvalidCredentialsError()
         }
         try {
-            await verifyPassword(user.password, userFields.password);
+            await verifyPassword(auth.password, fields.password);
         } catch(e) {
             throwInvalidCredentialsError()
         }
 
-        const token = await createAuthToken(user)
+        const token = await createAuthToken(auth)
 
         return res.json({ token })
     };

waspc/data/Generator/templates/server/src/auth/providers/email/requestPasswordReset.ts

@@ -1,6 +1,6 @@
 import { Request, Response } from 'express';
 import {
-    findUserBy,
+    findAuthWithUserBy,
     doFakeWork,
 } from "../../utils.js";
 import {
@@ -30,25 +30,25 @@ export function getRequestPasswordResetRoute({
 
         args.email = args.email.toLowerCase();
 
-        const user = await findUserBy({ email: args.email });
+        const auth = await findAuthWithUserBy({ email: args.email });
 
         // User not found or not verified - don't leak information
-        if (!user || !user.isEmailVerified) {
+        if (!auth || !auth.isEmailVerified) {
             await doFakeWork();
             return res.json({ success: true });
         }
 
-        if (!isEmailResendAllowed(user, 'passwordResetSentAt')) {
+        if (!isEmailResendAllowed(auth, 'passwordResetSentAt')) {
             return res.status(400).json({ success: false, message: "Please wait a minute before trying again." });
         }
 
-        const passwordResetLink = await createPasswordResetLink(user, clientRoute);
+        const passwordResetLink = await createPasswordResetLink(auth, clientRoute);
         try {
             await sendPasswordResetEmail(
-                user.email,
+                auth.email,
                 {
                     from: fromField,
-                    to: user.email,
+                    to: auth.email,
                     ...getPasswordResetEmailContent({ passwordResetLink }),
                 }
             );

waspc/data/Generator/templates/server/src/auth/providers/email/resetPassword.ts

@@ -1,6 +1,6 @@
 import { Request, Response } from 'express';
-import { findUserBy, verifyToken } from "../../utils.js";
-import { updateUserPassword } from "./utils.js";
+import { findAuthWithUserBy, verifyToken } from "../../utils.js";
+import { updateAuthPassword } from "./utils.js";
 import { ensureTokenIsPresent, ensurePasswordIsPresent, ensureValidPassword } from "../../validation.js";
 import { tokenVerificationErrors } from "./types.js";
 
@@ -13,12 +13,12 @@ export async function resetPassword(
 
     const { token, password } = args;
     try {
-        const { id: userId } = await verifyToken(token);
-        const user = await findUserBy({ id: userId });
-        if (!user) {
+        const { id: authId } = await verifyToken(token);
+        const auth = await findAuthWithUserBy({ id: authId });
+        if (!auth) {
             return res.status(400).json({ success: false, message: 'Invalid token' });
         }
-        await updateUserPassword(userId, password);
+        await updateAuthPassword(authId, password);
     } catch (e) {
         const reason = e.name === tokenVerificationErrors.TokenExpiredError
             ? 'expired'

waspc/data/Generator/templates/server/src/auth/providers/email/signup.ts

@@ -1,9 +1,9 @@
 import { Request, Response } from 'express';
 import { EmailFromField } from "../../../email/core/types.js";
 import {
-    createUser,
-    findUserBy,
-    deleteUser,
+    createAuthWithUser,
+    findAuthWithUserBy,
+    deleteAuth,
     doFakeWork,
 } from "../../utils.js";
 import {
@@ -28,38 +28,40 @@ export function getSignupRoute({
         req: Request<{ email: string; password: string; }>,
         res: Response,
     ): Promise<Response<{ success: true } | { success: false; message: string }>> {
-        const userFields = req.body;
-        ensureValidArgs(userFields);
+        const fields = req.body;
+        ensureValidArgs(fields);
 
-        userFields.email = userFields.email.toLowerCase();
+        fields.email = fields.email.toLowerCase();
 
-        const existingUser  = await findUserBy({ email: userFields.email });
+        const existingAuth  = await findAuthWithUserBy({ email: fields.email });
         // User already exists and is verified - don't leak information
-        if (existingUser && existingUser.isEmailVerified) {
+        if (existingAuth && existingAuth.isEmailVerified) {
             await doFakeWork();
             return res.json({ success: true });
-        } else if (existingUser && !existingUser.isEmailVerified) {
-            if (!isEmailResendAllowed(existingUser, 'emailVerificationSentAt')) {
+        } else if (existingAuth && !existingAuth.isEmailVerified) {
+            if (!isEmailResendAllowed(existingAuth, 'emailVerificationSentAt')) {
                 return res.status(400).json({ success: false, message: "Please wait a minute before trying again." });
             }
-            await deleteUser(existingUser);
+            await deleteAuth(existingAuth);
         }
 
-        const additionalFields = await validateAndGetAdditionalFields(userFields);
+        const additionalFields = await validateAndGetAdditionalFields(fields);
 
-        const user = await createUser({
-            ...additionalFields,
-            email: userFields.email,
-            password: userFields.password,
-        });
+        const auth = await createAuthWithUser(
+            {
+                email: fields.email,
+                password: fields.password,
+            },
+            additionalFields,
+        );
 
-        const verificationLink = await createEmailVerificationLink(user, clientRoute);
+        const verificationLink = await createEmailVerificationLink(auth, clientRoute);
         try {
             await sendEmailVerificationEmail(
-                userFields.email,
+                fields.email,
                 {
                     from: fromField,
-                    to: userFields.email,
+                    to: fields.email,
                     ...getVerificationEmailContent({ verificationLink }),
                 }
             );

waspc/data/Generator/templates/server/src/auth/providers/email/types.ts

@@ -1,5 +1,3 @@
-import { createDefineAdditionalSignupFieldsFn } from '../types.js'
-
 export type GetVerificationEmailContentFn = (params: { verificationLink: string }) => EmailContent;
 
 export type GetPasswordResetEmailContentFn = (params: { passwordResetLink: string }) => EmailContent;
@@ -13,5 +11,3 @@ type EmailContent = {
 export const tokenVerificationErrors = {
     TokenExpiredError: 'TokenExpiredError',
 };
-
-export const defineAdditionalSignupFields = createDefineAdditionalSignupFieldsFn<"email" | "password">()

waspc/data/Generator/templates/server/src/auth/providers/email/utils.ts

@@ -5,74 +5,79 @@ import { Email } from '../../../email/core/types.js';
 import { rethrowPossiblePrismaError } from '../../utils.js'
 import prisma from '../../../dbClient.js'
 import waspServerConfig from '../../../config.js';
-import { type {= userEntityUpper =} } from '../../../entities/index.js'
+import { type {= userEntityUpper =}, type {= authEntityUpper =} } from '../../../entities/index.js'
 
+type {= authEntityUpper =}Id = {= authEntityUpper =}['id']
 type {= userEntityUpper =}Id = {= userEntityUpper =}['id']
 
-export async function updateUserEmailVerification(userId: {= userEntityUpper =}Id): Promise<void> {
+type AuthWithId = {
+  id: {= authEntityUpper =}Id,
+}
+
+export async function updateAuthEmailVerification(authId: {= authEntityUpper =}Id) {
   try {
-    await prisma.{= userEntityLower =}.update({
-      where: { id: userId },
+    await prisma.{= authEntityLower =}.update({
+      where: { id: authId },
       data: { isEmailVerified: true },
     })
   } catch (e) {
     rethrowPossiblePrismaError(e);
   }
 }
 
-export async function updateUserPassword(userId: {= userEntityUpper =}Id, password: string): Promise<void> {
+export async function updateAuthPassword(authId: {= authEntityUpper =}Id, password: string) {
   try {
-    await prisma.{= userEntityLower =}.update({
-      where: { id: userId },
+    await prisma.{= authEntityLower =}.update({
+      where: { id: authId },
       data: { password },
     })
   } catch (e) {
     rethrowPossiblePrismaError(e);
   }
 }
 
-export async function createEmailVerificationLink(user: {= userEntityUpper =}, clientRoute: string): Promise<string> {
-  const token = await createEmailVerificationToken(user);
+export async function createEmailVerificationLink(auth: AuthWithId, clientRoute: string) {
+  const token = await createEmailVerificationToken(auth);
   return `${waspServerConfig.frontendUrl}${clientRoute}?token=${token}`;
 }
 
-export async function createPasswordResetLink(user: {= userEntityUpper =}, clientRoute: string): Promise<string> {
-  const token = await createPasswordResetToken(user);
+export async function createPasswordResetLink(auth: AuthWithId, clientRoute: string)  {
+  const token = await createPasswordResetToken(auth);
   return `${waspServerConfig.frontendUrl}${clientRoute}?token=${token}`;
 }
 
-async function createEmailVerificationToken(user: {= userEntityUpper =}): Promise<string> {
-  return sign(user.id, { expiresIn: '30m' });
+async function createEmailVerificationToken(auth: AuthWithId): Promise<string> {
+  return sign(auth.id, { expiresIn: '30m' });
 }
 
-async function createPasswordResetToken(user: {= userEntityUpper =}): Promise<string> {
-  return sign(user.id, { expiresIn: '30m' });
+async function createPasswordResetToken(auth: AuthWithId): Promise<string> {
+  return sign(auth.id, { expiresIn: '30m' });
 }
 
 export async function sendPasswordResetEmail(
   email: string,
   content: Email,
-): Promise<void> {
+) {
   return sendEmailAndLogTimestamp(email, content, 'passwordResetSentAt');
 }
 
 export async function sendEmailVerificationEmail(
   email: string,
   content: Email,
-): Promise<void> {
+) {
   return sendEmailAndLogTimestamp(email, content, 'emailVerificationSentAt');
 }
 
 async function sendEmailAndLogTimestamp(
   email: string,
   content: Email,
   field: 'emailVerificationSentAt' | 'passwordResetSentAt',
-): Promise<void> {
+) {
   // Set the timestamp first, and then send the email
   // so the user can't send multiple requests while
   // the email is being sent.
   try {
-    await prisma.{= userEntityLower =}.update({
+    await prisma.{= authEntityLower =}.update({
       where: { email },
       data: { [field]: new Date() },
     })
@@ -85,11 +90,11 @@ async function sendEmailAndLogTimestamp(
 }
 
 export function isEmailResendAllowed(
-  user: {= userEntityUpper =},
+  auth: {= authEntityUpper =},
   field: 'emailVerificationSentAt' | 'passwordResetSentAt',
   resendInterval: number = 1000 * 60,
 ): boolean {
-  const sentAt = user[field];
+  const sentAt = auth[field];
   if (!sentAt) {
     return true;
   }

waspc/data/Generator/templates/server/src/auth/providers/email/verifyEmail.ts

@@ -1,5 +1,5 @@
 import { Request, Response } from 'express';
-import { updateUserEmailVerification } from './utils.js';
+import { updateAuthEmailVerification } from './utils.js';
 import { verifyToken } from '../../utils.js';
 import { tokenVerificationErrors } from './types.js';
 
@@ -9,8 +9,8 @@ export async function verifyEmail(
 ): Promise<Response<{ success: true } | { success: false, message: string }>> {
     try {
         const { token } = req.body;
-        const { id: userId } = await verifyToken(token);
-        await updateUserEmailVerification(userId);
+        const { id: authId } = await verifyToken(token);
+        await updateAuthEmailVerification(authId);
     } catch (e) {
         const reason = e.name === tokenVerificationErrors.TokenExpiredError
             ? 'expired'