dynamic-consistency-boundary/opt-in_token.rb at main · RailsEventStore/dynamic-consistency-boundary · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
require "bundler/inline"

gemfile true do
  source "https://rubygems.org"
  gem "ruby_event_store", "~> 2.16"
  gem "ostruct"
end

require_relative "dcb_event_store"
require_relative "api"
require_relative "test"

def minutes_ago(minutes)
  Time.now - (minutes * 60)
end

# based on https://dcb.events/examples/opt-in-token/

# event type definitions:

class SignUpInitiated < RubyEventStore::Event
  def self.tags =
    ->(event) do
      ["email:#{event.data[:email_address]}", "opt:#{event.data[:otp]}"]
    end
end

class SignUpConfirmed < RubyEventStore::Event
  def self.tags =
    ->(event) do
      ["email:#{event.data[:email_address]}", "opt:#{event.data[:otp]}"]
    end
end

# commands
ConfirmSignUp = Data.define(:email_address, :otp)

# projections for decision models:

def pending_sign_up_projection(email_address, otp)
  RubyEventStore::Projection
    .from_stream(["email:#{email_address}", "otp:#{otp}"])
    .init(-> { { result: nil } })
    .when(
      SignUpInitiated,
      ->(state, event) do
        state[:result] = OpenStruct.new(
          event.data.merge(
            otp_used: false,
            otp_expired: event.timestamp <= minutes_ago(60)
          )
        )
      end
    )
    .when(SignUpConfirmed, ->(state, event) { state[:result].otp_used = true })
end

# command handlers:

class OptInToken
  include Api

  def confirm_sign_up(email_address:, otp:)
    state, query, append_condition =
      buildDecisionModel(
        pending_sign_up: pending_sign_up_projection(email_address, otp)
      )
    unless state.pending_sign_up
      raise Error, "No pending sign-up for this OTP / email address"
    end
    raise Error, "OTP was already used" if state.pending_sign_up.otp_used
    raise Error, "OTP expired" if state.pending_sign_up.otp_expired

    store.append(
      SignUpConfirmed.new(
        data: {
          email_address: email_address,
          otp: otp,
          name: state.pending_sign_up.name
        }
      ),
      query,
      append_condition
    )
  end
end

# test cases:

# Feature 1: Simple One-Time Password (OTP)

Test
  .new("Confirm SignUp for non-existing OTP")
  .when(ConfirmSignUp.new(email_address: "john.doe@example.com", otp: "000000"))
  .expect_error("No pending sign-up for this OTP / email address")
  .run(OptInToken.new)

Test
  .new("Confirm SignUp for OTP assigned to different email address")
  .given(
    SignUpInitiated.new(
      data: {
        email_address: "john.doe@example.com",
        otp: "111111",
        name: "John Doe"
      }
    )
  )
  .when(ConfirmSignUp.new(email_address: "jane.doe@example.com", otp: "111111"))
  .expect_error("No pending sign-up for this OTP / email address")
  .run(OptInToken.new)

Test
  .new("Confirm SignUp for already used OTP")
  .given(
    SignUpInitiated.new(
      data: {
        email_address: "john.doe@example.com",
        otp: "222222",
        name: "John Doe"
      }
    ),
    SignUpConfirmed.new(
      data: {
        email_address: "john.doe@example.com",
        otp: "222222",
        name: "John Doe"
      }
    )
  )
  .when(ConfirmSignUp.new(email_address: "john.doe@example.com", otp: "222222"))
  .expect_error("OTP was already used")
  .run(OptInToken.new)

Test
  .new("Confirm SignUp for valid OTP")
  .given(
    SignUpInitiated.new(
      data: {
        email_address: "john.doe@example.com",
        otp: "444444",
        name: "John Doe"
      }
    )
  )
  .when(ConfirmSignUp.new(email_address: "john.doe@example.com", otp: "444444"))
  .expect_event(
    SignUpConfirmed.new(
      data: {
        email_address: "john.doe@example.com",
        otp: "444444",
        name: "John Doe"
      }
    )
  )
  .run(OptInToken.new)

# Feature 2: Expiring OTP

Test
  .new("Confirm SignUp for expired OTP")
  .given(
    SignUpInitiated.new(
      data: {
        email_address: "john.doe@example.com",
        otp: "333333",
        name: "John Doe"
      },
      metadata: {
        timestamp: minutes_ago(61)
      }
    )
  )
  .when(ConfirmSignUp.new(email_address: "john.doe@example.com", otp: "333333"))
  .expect_error("OTP expired")
  .run(OptInToken.new)