chore: Add serverPassword param to endpoints (standardnotes#2919) [skip e2e]

* chore: send server password param to delete account endpoint

* chore: send server password param to disable mfa endpoint

* chore: modify tests

* chore: force challenge prompt for mfa disable

* chore: fix eslint errors

* chore: add server passsword to get recovery codes

* chore: fix tests

* chore: pass server password as header

Author: antsgar

packages/api/src/Domain/Client/Auth/AuthApiService.ts

@@ -22,15 +22,19 @@ export class AuthApiService implements AuthApiServiceInterface {
     this.operationsInProgress = new Map()
   }
 
-  async generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
+  async generateRecoveryCodes(dto: {
+    serverPassword: string
+  }): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
     if (this.operationsInProgress.get(AuthApiOperations.GenerateRecoveryCodes)) {
       throw new ApiCallError(ErrorMessage.GenericInProgress)
     }
 
     this.operationsInProgress.set(AuthApiOperations.GenerateRecoveryCodes, true)
 
     try {
-      const response = await this.authServer.generateRecoveryCodes()
+      const response = await this.authServer.generateRecoveryCodes({
+        headers: [{ key: 'x-server-password', value: dto.serverPassword }],
+      })
 
       return response
     } catch (error) {

packages/api/src/Domain/Client/Auth/AuthApiServiceInterface.ts

@@ -6,7 +6,7 @@ import {
 } from '../../Response'
 
 export interface AuthApiServiceInterface {
-  generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
+  generateRecoveryCodes(dto: { serverPassword: string }): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
   recoveryKeyParams(dto: {
     username: string
     codeChallenge: string

packages/api/src/Domain/Client/User/UserApiService.ts

@@ -27,13 +27,19 @@ export class UserApiService implements UserApiServiceInterface {
     this.operationsInProgress = new Map()
   }
 
-  async deleteAccount(userUuid: string): Promise<HttpResponse<UserDeletionResponseBody>> {
+  async deleteAccount(dto: {
+    userUuid: string
+    serverPassword: string
+  }): Promise<HttpResponse<UserDeletionResponseBody>> {
     this.lockOperation(UserApiOperations.DeletingAccount)
 
     try {
-      const response = await this.userServer.deleteAccount({
-        userUuid: userUuid,
-      })
+      const response = await this.userServer.deleteAccount(
+        {
+          userUuid: dto.userUuid,
+        },
+        { headers: [{ key: 'x-server-password', value: dto.serverPassword }] },
+      )
 
       this.unlockOperation(UserApiOperations.DeletingAccount)
 

packages/api/src/Domain/Client/User/UserApiServiceInterface.ts

@@ -22,5 +22,8 @@ export interface UserApiServiceInterface {
     requestType: UserRequestType
   }): Promise<HttpResponse<UserRequestResponseBody>>
 
-  deleteAccount(userUuid: string): Promise<HttpResponse<UserDeletionResponseBody>>
+  deleteAccount(dto: {
+    userUuid: string
+    serverPassword: string | undefined
+  }): Promise<HttpResponse<UserDeletionResponseBody>>
 }

packages/api/src/Domain/Http/HttpService.ts

@@ -91,6 +91,7 @@ export class HttpService implements HttpServiceInterface {
       params,
       verb: HttpVerb.Get,
       authentication: options?.authentication ?? this.getSessionAccessToken(),
+      customHeaders: options?.headers,
     })
   }
 
@@ -123,6 +124,7 @@ export class HttpService implements HttpServiceInterface {
       params,
       verb: HttpVerb.Put,
       authentication: options?.authentication ?? this.getSessionAccessToken(),
+      customHeaders: options?.headers,
     })
   }
 
@@ -141,6 +143,7 @@ export class HttpService implements HttpServiceInterface {
       params,
       verb: HttpVerb.Delete,
       authentication: options?.authentication ?? this.getSessionAccessToken(),
+      customHeaders: options?.headers,
     })
   }
 

packages/api/src/Domain/Request/Recovery/GenerateRecoveryCodesRequestParams.ts

@@ -0,0 +1,3 @@
+export interface GenerateRecoveryCodesRequestParams {
+  serverPassword: string
+}

packages/api/src/Domain/Request/index.ts

@@ -2,6 +2,7 @@ export * from './Authenticator/DeleteAuthenticatorRequestParams'
 export * from './Authenticator/GenerateAuthenticatorAuthenticationOptionsRequestParams'
 export * from './Authenticator/ListAuthenticatorsRequestParams'
 export * from './Authenticator/VerifyAuthenticatorRegistrationResponseRequestParams'
+export * from './Recovery/GenerateRecoveryCodesRequestParams'
 export * from './Recovery/RecoveryKeyParamsRequestParams'
 export * from './Recovery/SignInWithRecoveryCodesRequestParams'
 export * from './Revision/DeleteRevisionRequestParams'

packages/api/src/Domain/Server/Auth/AuthServer.ts

@@ -8,12 +8,13 @@ import {
 } from '../../Response'
 import { AuthServerInterface } from './AuthServerInterface'
 import { Paths } from './Paths'
+import { HttpRequestOptions } from '../../Http/HttpRequestOptions'
 
 export class AuthServer implements AuthServerInterface {
   constructor(private httpService: HttpServiceInterface) {}
 
-  async generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
-    return this.httpService.post(Paths.v1.generateRecoveryCodes)
+  async generateRecoveryCodes(options?: HttpRequestOptions): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>> {
+    return this.httpService.post(Paths.v1.generateRecoveryCodes, undefined, options)
   }
 
   async recoveryKeyParams(

packages/api/src/Domain/Server/Auth/AuthServerInterface.ts

@@ -5,9 +5,10 @@ import {
   RecoveryKeyParamsResponseBody,
   SignInWithRecoveryCodesResponseBody,
 } from '../../Response'
+import { HttpRequestOptions } from '../../Http/HttpRequestOptions'
 
 export interface AuthServerInterface {
-  generateRecoveryCodes(): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
+  generateRecoveryCodes(options?: HttpRequestOptions): Promise<HttpResponse<GenerateRecoveryCodesResponseBody>>
   recoveryKeyParams(params: RecoveryKeyParamsRequestParams): Promise<HttpResponse<RecoveryKeyParamsResponseBody>>
   signInWithRecoveryCodes(
     params: SignInWithRecoveryCodesRequestParams,

packages/api/src/Domain/Server/User/UserServer.ts

@@ -8,12 +8,16 @@ import { UserRegistrationResponseBody } from '../../Response/User/UserRegistrati
 import { Paths } from './Paths'
 import { UserServerInterface } from './UserServerInterface'
 import { UserUpdateRequestParams } from '../../Request/User/UserUpdateRequestParams'
+import { HttpRequestOptions } from '../../Http/HttpRequestOptions'
 
 export class UserServer implements UserServerInterface {
   constructor(private httpService: HttpServiceInterface) {}
 
-  async deleteAccount(params: UserDeletionRequestParams): Promise<HttpResponse<UserDeletionResponseBody>> {
-    return this.httpService.delete(Paths.v1.deleteAccount(params.userUuid), params)
+  async deleteAccount(
+    params: UserDeletionRequestParams,
+    options?: HttpRequestOptions,
+  ): Promise<HttpResponse<UserDeletionResponseBody>> {
+    return this.httpService.delete(Paths.v1.deleteAccount(params.userUuid), params, options)
   }
 
   async register(params: UserRegistrationRequestParams): Promise<HttpResponse<UserRegistrationResponseBody>> {