refactor(user): use single purpose token and auth to accept invite (#4498)

Author: apoorvdixit88

crates/router/src/core/user_role.rs

@@ -170,7 +170,7 @@ pub async fn transfer_org_ownership(
 
 pub async fn accept_invitation(
     state: AppState,
-    user_token: auth::UserWithoutMerchantFromToken,
+    user_token: auth::UserFromSinglePurposeToken,
     req: user_role_api::AcceptInvitationRequest,
     _req_state: ReqState,
 ) -> UserResponse<user_api::DashboardEntryResponse> {

crates/router/src/routes/user_role.rs

@@ -214,7 +214,7 @@ pub async fn accept_invitation(
         &req,
         payload,
         user_role_core::accept_invitation,
-        &auth::UserWithoutMerchantJWTAuth,
+        &auth::SinglePurposeJWTAuth(auth::Purpose::AcceptInvite),
         api_locking::LockAction::NotApplicable,
     ))
     .await

crates/router/src/services/authentication.rs

@@ -149,28 +149,6 @@ impl SinglePurposeToken {
     }
 }
 
-// TODO: This has to be removed once single purpose token is used as a intermediate token
-#[derive(Clone, Debug)]
-pub struct UserWithoutMerchantFromToken {
-    pub user_id: String,
-}
-
-#[derive(serde::Serialize, serde::Deserialize)]
-pub struct UserAuthToken {
-    pub user_id: String,
-    pub exp: u64,
-}
-
-#[cfg(feature = "olap")]
-impl UserAuthToken {
-    pub async fn new_token(user_id: String, settings: &Settings) -> UserResult<String> {
-        let exp_duration = std::time::Duration::from_secs(consts::JWT_TOKEN_TIME_IN_SECS);
-        let exp = jwt::generate_exp(exp_duration)?.as_secs();
-        let token_payload = Self { user_id, exp };
-        jwt::generate_jwt(&token_payload, settings).await
-    }
-}
-
 #[derive(serde::Serialize, serde::Deserialize)]
 pub struct AuthToken {
     pub user_id: String,
@@ -330,37 +308,6 @@ where
     }
 }
 
-#[derive(Debug)]
-pub struct UserWithoutMerchantJWTAuth;
-
-#[cfg(feature = "olap")]
-#[async_trait]
-impl<A> AuthenticateAndFetch<UserWithoutMerchantFromToken, A> for UserWithoutMerchantJWTAuth
-where
-    A: AppStateInfo + Sync,
-{
-    async fn authenticate_and_fetch(
-        &self,
-        request_headers: &HeaderMap,
-        state: &A,
-    ) -> RouterResult<(UserWithoutMerchantFromToken, AuthenticationType)> {
-        let payload = parse_jwt_payload::<A, UserAuthToken>(request_headers, state).await?;
-        if payload.check_in_blacklist(state).await? {
-            return Err(errors::ApiErrorResponse::InvalidJwtToken.into());
-        }
-
-        Ok((
-            UserWithoutMerchantFromToken {
-                user_id: payload.user_id.clone(),
-            },
-            AuthenticationType::UserJwt {
-                user_id: payload.user_id,
-            },
-        ))
-    }
-}
-
-#[allow(dead_code)]
 #[derive(Debug)]
 pub(crate) struct SinglePurposeJWTAuth(pub Purpose);
 

crates/router/src/services/authentication/blacklist.rs

@@ -5,7 +5,7 @@ use common_utils::date_time;
 use error_stack::ResultExt;
 use redis_interface::RedisConnectionPool;
 
-use super::{AuthToken, SinglePurposeToken, UserAuthToken};
+use super::{AuthToken, SinglePurposeToken};
 #[cfg(feature = "email")]
 use crate::consts::{EMAIL_TOKEN_BLACKLIST_PREFIX, EMAIL_TOKEN_TIME_IN_SECS};
 use crate::{
@@ -154,16 +154,6 @@ impl BlackList for AuthToken {
     }
 }
 
-#[async_trait::async_trait]
-impl BlackList for UserAuthToken {
-    async fn check_in_blacklist<A>(&self, state: &A) -> RouterResult<bool>
-    where
-        A: AppStateInfo + Sync,
-    {
-        check_user_in_blacklist(state, &self.user_id, self.exp).await
-    }
-}
-
 #[async_trait::async_trait]
 impl BlackList for SinglePurposeToken {
     async fn check_in_blacklist<A>(&self, state: &A) -> RouterResult<bool>

crates/router/src/types/domain/user.rs

@@ -910,8 +910,9 @@ impl SignInWithMultipleRolesStrategy {
             user_api::MerchantSelectResponse {
                 name: self.user.get_name(),
                 email: self.user.get_email(),
-                token: auth::UserAuthToken::new_token(
+                token: auth::SinglePurposeToken::new_token(
                     self.user.get_user_id().to_string(),
+                    auth::Purpose::AcceptInvite,
                     &state.conf,
                 )
                 .await?