Validate used verification id (#66)

enjin · Sep 28, 2023 · 45093db · 45093db
1 parent 6ec8e7e
commit 45093db
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 1 deletion.
diff --git a/lang/en/validation.php b/lang/en/validation.php
@@ -35,4 +35,5 @@
     'valid_verification_id' => 'The verification ID is not valid.',
     'numeric' => 'The :attribute must be numeric.',
     'collection_has_tokens' => "The collection doesn't have any tokens.",
+    'unused_verification_id' => 'The verification ID is already in use.',
 ];
diff --git a/src/GraphQL/Schemas/Primary/Mutations/VerifyAccountMutation.php b/src/GraphQL/Schemas/Primary/Mutations/VerifyAccountMutation.php
@@ -9,6 +9,7 @@
 use Enjin\Platform\GraphQL\Schemas\Primary\Traits\InPrimarySchema;
 use Enjin\Platform\Interfaces\PlatformGraphQlMutation;
 use Enjin\Platform\Interfaces\PlatformPublicGraphQlOperation;
+use Enjin\Platform\Rules\UnusedVerificationId;
 use Enjin\Platform\Rules\ValidHex;
 use Enjin\Platform\Rules\ValidSubstrateAccount;
 use Enjin\Platform\Services\Database\VerificationService;
@@ -49,7 +50,12 @@ public function args(): array
         return [
             'verificationId' => [
                 'type' => GraphQL::type('String!'),
-                'rules' => ['bail', 'filled', 'exists:verifications,verification_id'],
+                'rules' => [
+                    'bail',
+                    'filled',
+                    'exists:verifications,verification_id',
+                    new UnusedVerificationId(),
+                ],
             ],
             'signature' => [
                 'type' => GraphQL::type('String!'),

diff --git a/src/Rules/UnusedVerificationId.php b/src/Rules/UnusedVerificationId.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Enjin\Platform\Rules;
+
+use Closure;
+use Enjin\Platform\Models\Wallet;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class UnusedVerificationId implements ValidationRule
+{
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        if (Wallet::where('verification_id', $value)->exists()) {
+            $fail(__('enjin-platform::validation.unused_verification_id'));
+        }
+    }
+}
diff --git a/tests/Feature/GraphQL/Mutations/VerifyAccountTest.php b/tests/Feature/GraphQL/Mutations/VerifyAccountTest.php
@@ -6,6 +6,7 @@
 use Enjin\BlockchainTools\HexConverter;
 use Enjin\Platform\Facades\Qr;
 use Enjin\Platform\Models\Verification;
+use Enjin\Platform\Models\Wallet;
 use Enjin\Platform\Support\SS58Address;
 use Enjin\Platform\Tests\Feature\GraphQL\TestCaseGraphQL;
 use Enjin\Platform\Tests\Feature\GraphQL\Traits\HasHttp;
@@ -252,6 +253,23 @@ public function test_it_will_fail_with_wrong_ed25519_signature(): void
         );
     }
 
+    public function test_it_will_fail_with_used_verification_id(): void
+    {
+        Wallet::factory()->create(['verification_id' => $this->verification->verification_id]);
+        $data = app(Generator::class)->sr25519_signature($this->verification->code, isCode: true);
+
+        $response = $this->graphql($this->method, [
+            'verificationId' => $this->verification->verification_id,
+            'signature' => $data['signature'],
+            'account' => $data['address'],
+        ], true);
+
+        $this->assertArraySubset(
+            ['verificationId' => ['The verification ID is already in use.']],
+            $response['error']
+        );
+    }
+
     public function test_it_will_fail_with_empty_verification_id(): void
     {
         $data = app(Generator::class)->sr25519_signature($this->verification->code, isCode: true);