Use PasswordResetStore instead of CodeStore

- PasswordResetStore is a higher-level effect than CodeStore and it is
interpreted in terms of CodeStore

Author: mdimjasevic

services/brig/brig.cabal

@@ -60,7 +60,6 @@ library
       Brig.Data.Instances
       Brig.Data.LoginCode
       Brig.Data.MLS.KeyPackage
-      Brig.Data.PasswordReset
       Brig.Data.Properties
       Brig.Data.Types
       Brig.Data.User

services/brig/src/Brig/API.hs

@@ -23,14 +23,14 @@ where
 import Brig.API.Handler (Handler)
 import qualified Brig.API.Internal as Internal
 import qualified Brig.API.Public as Public
-import Brig.Sem.BrigTime (BrigTime)
 import Brig.Sem.CodeStore
+import Brig.Sem.PasswordResetStore (PasswordResetStore)
 import qualified Data.Swagger.Build.Api as Doc
 import Network.Wai.Routing (Routes)
 import Polysemy
 
 sitemap ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   Routes Doc.ApiBuilder (Handler r) ()
 sitemap = do
   Public.sitemap

services/brig/src/Brig/API/Internal.hs

@@ -42,8 +42,8 @@ import qualified Brig.Data.User as Data
 import qualified Brig.IO.Intra as Intra
 import Brig.Options hiding (internalEvents, sesQueue)
 import qualified Brig.Provider.API as Provider
-import Brig.Sem.BrigTime (BrigTime)
 import Brig.Sem.CodeStore (CodeStore)
+import Brig.Sem.PasswordResetStore (PasswordResetStore)
 import qualified Brig.Team.API as Team
 import Brig.Team.DB (lookupInvitationByEmail)
 import Brig.Types
@@ -160,7 +160,7 @@ swaggerDocsAPI = swaggerSchemaUIServer BrigIRoutes.swaggerDoc
 -- Sitemap (wai-route)
 
 sitemap ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   Routes a (Handler r) ()
 sitemap = do
   get "/i/status" (continue $ const $ return empty) true
@@ -462,14 +462,14 @@ instance ToJSON GetActivationCodeResp where
   toJSON (GetActivationCodeResp (k, c)) = object ["key" .= k, "code" .= c]
 
 getPasswordResetCodeH ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   JSON ::: Either Email Phone ->
   (Handler r) Response
 getPasswordResetCodeH (_ ::: emailOrPhone) = do
   maybe (throwStd invalidPwResetKey) (pure . json) =<< lift (getPasswordResetCode emailOrPhone)
 
 getPasswordResetCode ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   Either Email Phone ->
   (AppT r) (Maybe GetPasswordResetCodeResp)
 getPasswordResetCode emailOrPhone =

services/brig/src/Brig/API/Public.hs

@@ -46,8 +46,8 @@ import qualified Brig.Docs.Swagger
 import qualified Brig.IO.Intra as Intra
 import Brig.Options hiding (internalEvents, sesQueue)
 import qualified Brig.Provider.API as Provider
-import Brig.Sem.BrigTime (BrigTime)
 import Brig.Sem.CodeStore (CodeStore)
+import Brig.Sem.PasswordResetStore (PasswordResetStore)
 import qualified Brig.Team.API as Team
 import qualified Brig.Team.Email as Team
 import Brig.Types.Activation (ActivationPair)
@@ -261,7 +261,7 @@ servantSitemap = userAPI :<|> selfAPI :<|> accountAPI :<|> clientAPI :<|> prekey
 -- - MemberLeave event to members for all conversations the user was in (via galley)
 
 sitemap ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   Routes Doc.ApiBuilder (Handler r) ()
 sitemap = do
   -- User Handle API ----------------------------------------------------
@@ -425,7 +425,7 @@ sitemap = do
 
 apiDocs ::
   forall r.
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   Routes Doc.ApiBuilder (Handler r) ()
 apiDocs =
   get
@@ -803,14 +803,14 @@ changeHandle u conn (Public.HandleUpdate h) = lift . exceptTToMaybe $ do
   API.changeHandle u (Just conn) handle API.ForbidSCIMUpdates
 
 beginPasswordResetH ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[PasswordResetStore] r =>
   JSON ::: JsonRequest Public.NewPasswordReset ->
   (Handler r) Response
 beginPasswordResetH (_ ::: req) =
   setStatus status201 empty <$ (beginPasswordReset =<< parseJsonBody req)
 
 beginPasswordReset ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[PasswordResetStore] r =>
   Public.NewPasswordReset ->
   (Handler r) ()
 beginPasswordReset (Public.NewPasswordReset target) = do
@@ -822,7 +822,7 @@ beginPasswordReset (Public.NewPasswordReset target) = do
     Right phone -> wrapClient $ sendPasswordResetSms phone pair loc
 
 completePasswordResetH ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   JSON ::: JsonRequest Public.CompletePasswordReset ->
   (Handler r) Response
 completePasswordResetH (_ ::: req) = do
@@ -1065,7 +1065,7 @@ instance ToJSON DeprecatedMatchingResult where
       ]
 
 deprecatedCompletePasswordResetH ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   JSON ::: Public.PasswordResetKey ::: JsonRequest Public.PasswordReset ->
   (Handler r) Response
 deprecatedCompletePasswordResetH (_ ::: k ::: req) = do

services/brig/src/Brig/API/User.hs

@@ -101,7 +101,6 @@ import qualified Brig.Data.Activation as Data
 import qualified Brig.Data.Blacklist as Blacklist
 import qualified Brig.Data.Client as Data
 import qualified Brig.Data.Connection as Data
-import qualified Brig.Data.PasswordReset as Data
 import qualified Brig.Data.Properties as Data
 import Brig.Data.User
 import qualified Brig.Data.User as Data
@@ -115,9 +114,10 @@ import qualified Brig.InternalEvent.Types as Internal
 import Brig.Options hiding (Timeout, internalEvents)
 import Brig.Password
 import qualified Brig.Queue as Queue
-import Brig.Sem.BrigTime (BrigTime)
 import Brig.Sem.CodeStore (CodeStore)
 import qualified Brig.Sem.CodeStore as E
+import Brig.Sem.PasswordResetStore (PasswordResetStore)
+import qualified Brig.Sem.PasswordResetStore as E
 import qualified Brig.Team.DB as Team
 import Brig.Types
 import Brig.Types.Code (Timeout (..))
@@ -972,7 +972,7 @@ changePassword uid cp = do
       lift $ wrapClient (Data.updatePassword uid newpw) >> wrapClient (revokeAllCookies uid)
 
 beginPasswordReset ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[PasswordResetStore] r =>
   Either Email Phone ->
   ExceptT PasswordResetError (AppT r) (UserId, PasswordResetPair)
 beginPasswordReset target = do
@@ -982,20 +982,20 @@ beginPasswordReset target = do
   status <- lift . wrapClient $ Data.lookupStatus user
   unless (status == Just Active) $
     throwE InvalidPasswordResetKey
-  code <- lift . liftSem $ Data.lookupPasswordResetCode user
+  code <- lift . liftSem $ E.lookupPasswordResetCode user
   when (isJust code) $
     throwE (PasswordResetInProgress Nothing)
-  (user,) <$> lift (liftSem $ Data.createPasswordResetCode user target)
+  (user,) <$> lift (liftSem $ E.createPasswordResetCode user target)
 
 completePasswordReset ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   PasswordResetIdentity ->
   PasswordResetCode ->
   PlainTextPassword ->
   ExceptT PasswordResetError (AppT r) ()
 completePasswordReset ident code pw = do
   key <- mkPasswordResetKey ident
-  muid :: Maybe UserId <- lift . liftSem $ Data.verifyPasswordResetCode (key, code)
+  muid :: Maybe UserId <- lift . liftSem $ E.verifyPasswordResetCode (key, code)
   case muid of
     Nothing -> throwE InvalidPasswordResetCode
     Just uid -> do
@@ -1194,7 +1194,7 @@ lookupActivationCode emailOrPhone = do
   return $ (k,) <$> c
 
 lookupPasswordResetCode ::
-  Members '[CodeStore, BrigTime] r =>
+  Members '[CodeStore, PasswordResetStore] r =>
   Either Email Phone ->
   (AppT r) (Maybe PasswordResetPair)
 lookupPasswordResetCode emailOrPhone = do
@@ -1204,7 +1204,7 @@ lookupPasswordResetCode emailOrPhone = do
     Nothing -> return Nothing
     Just u -> do
       k <- E.mkPasswordResetKey u
-      c <- Data.lookupPasswordResetCode u
+      c <- E.lookupPasswordResetCode u
       return $ (k,) <$> c
 
 deleteUserNoVerify ::

services/brig/src/Brig/App.hs

@@ -100,6 +100,8 @@ import Brig.Sem.BrigTime (BrigTime)
 import Brig.Sem.BrigTime.IO
 import Brig.Sem.CodeStore (CodeStore)
 import Brig.Sem.CodeStore.Cassandra
+import Brig.Sem.PasswordResetStore (PasswordResetStore)
+import Brig.Sem.PasswordResetStore.CodeStore
 import Brig.Team.Template
 import Brig.Template (Localised, TemplateBranding, forLocale, genTemplateBranding)
 import Brig.Types (Locale (..), TurnURI)
@@ -582,7 +584,8 @@ newtype HttpClientIO a = HttpClientIO
     )
 
 type BrigCanonicalEffects =
-  '[ BrigTime,
+  '[ PasswordResetStore,
+     BrigTime,
      CodeStore,
      Embed Cas.Client, -- FUTUREWORK: remove this effect once MonadClient
      -- constraints are removed from application code
@@ -630,6 +633,7 @@ runAppT e (AppT ma) =
     . interpretClientToIO (_casClient e)
     . codeStoreToCassandra @Cas.Client
     . brigTimeToIO @IO (_currentTime e)
+    . passwordResetStoreToCodeStore
     $ runReaderT ma e
 
 runAppResourceT ::

services/brig/src/Brig/Data/Activation.hs

@@ -32,7 +32,6 @@ module Brig.Data.Activation
 where
 
 import Brig.App (Env)
-import Brig.Data.PasswordReset
 import Brig.Data.User
 import Brig.Data.UserKey
 import Brig.Options
@@ -127,7 +126,7 @@ activateKey k c u = verifyCode k c >>= pickUser >>= activate
         return . Just $ foldKey (EmailActivated uid) (PhoneActivated uid) key
       -- if the key is the same, we only want to update our profile
       | otherwise = do
-        lift (runM (codeStoreToCassandra @m @'[Embed m] (mkPasswordResetKey uid >>= E.codeDelete)))
+        lift (runM (codeStoreToCassandra @m @'[Embed m] (E.mkPasswordResetKey uid >>= E.codeDelete)))
         claim key uid
         lift $ foldKey (updateEmailAndDeleteEmailUnvalidated uid) (updatePhone uid) key
         for_ oldKey $ lift . deleteKey

services/brig/src/Brig/Data/PasswordReset.hs

@@ -22,8 +22,8 @@ module API.User.Util where
 import Bilge hiding (accept, timeout)
 import Bilge.Assert
 import qualified Brig.Code as Code
-import Brig.Data.PasswordReset
 import Brig.Options (Opts)
+import Brig.Sem.CodeStore
 import Brig.Sem.CodeStore.Cassandra
 import Brig.Types
 import Brig.Types.Team.LegalHold (LegalHoldClientRequest (..))