fix: cherry picks lockUntil fix from #6052 (#7213)

2024-07-18 12:14:31 -04:00
parent 700baf1899
commit 478fb8d3fd
3 changed files with 42 additions and 6 deletions
--- a/packages/payload/src/auth/isLocked.ts
+++ b/packages/payload/src/auth/isLocked.ts
@@ -1,2 +1,5 @@
-const isLocked = (date: number): boolean => !!(date && date > Date.now())
+const isLocked = (date: number): boolean => {
+  if (!date) return false
+  return date > Date.now()
+}
 export default isLocked
--- a/packages/payload/src/auth/operations/login.ts
+++ b/packages/payload/src/auth/operations/login.ts
@@ -182,7 +182,7 @@ export const loginOperation = async <TSlug extends CollectionSlug>(
      throw new AuthenticationError(req.t, Boolean(canLoginWithUsername && sanitizedUsername))
    }

-    if (user && isLocked(user.lockUntil)) {
+    if (user && isLocked(new Date(user.lockUntil).getTime())) {
      throw new LockedAuth(req.t)
    }

--- a/test/auth/int.spec.ts
+++ b/test/auth/int.spec.ts
@@ -460,11 +460,25 @@ describe('Auth', () => {
          await tryLogin()
          await tryLogin()

-          await payload.update({
+          const loginAfterLimit = await restClient
+            .POST(`/${slug}/login`, {
+              body: JSON.stringify({
+                email: userEmail,
+                password,
+              }),
+              headers: {
+                Authorization: `JWT ${token}`,
+                'Content-Type': 'application/json',
+              },
+              method: 'post',
+            })
+            .then((res) => res.json())
+
+          expect(loginAfterLimit.errors.length).toBeGreaterThan(0)
+
+          const lockedUser = await payload.find({
            collection: slug,
-            data: {
-              lockUntil: Date.now() - 605 * 1000,
-            },
+            showHiddenFields: true,
            where: {
              email: {
                equals: userEmail,
@@ -472,6 +486,25 @@ describe('Auth', () => {
            },
          })

+          expect(lockedUser.docs[0].loginAttempts).toBe(2)
+          expect(lockedUser.docs[0].lockUntil).toBeDefined()
+
+          const manuallyReleaseLock = new Date(Date.now() - 605 * 1000)
+          const userLockElapsed = await payload.update({
+            collection: slug,
+            data: {
+              lockUntil: manuallyReleaseLock,
+            },
+            showHiddenFields: true,
+            where: {
+              email: {
+                equals: userEmail,
+              },
+            },
+          })
+
+          expect(userLockElapsed.docs[0].lockUntil).toEqual(manuallyReleaseLock.toISOString())
+
          // login
          await restClient.POST(`/${slug}/login`, {
            body: JSON.stringify({