feat: user pin-code (#18138)

* feat: user pincode * pr feedback * chore: cleanup --------- Co-authored-by: Jason Rasmussen <jason@rasm.me>
2025-11-07 17:27:20 +00:00 · 2025-05-09 16:00:58 -05:00 · 2025-05-09 16:00:58 -05:00 · 3f719bd8d7
commit 3f719bd8d7
parent 55af925ab3
28 changed files with 1392 additions and 39 deletions
--- a/server/src/controllers/auth.controller.spec.ts
+++ b/server/src/controllers/auth.controller.spec.ts
@ -142,4 +142,50 @@ describe(AuthController.name, () => {
      expect(ctx.authenticate).toHaveBeenCalled();
    });
  });
+
+  describe('POST /auth/pin-code', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).post('/auth/pin-code').send({ pinCode: '123456' });
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+
+    it('should reject 5 digits', async () => {
+      const { status, body } = await request(ctx.getHttpServer()).post('/auth/pin-code').send({ pinCode: '12345' });
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorDto.badRequest(['pinCode must be a 6-digit numeric string']));
+    });
+
+    it('should reject 7 digits', async () => {
+      const { status, body } = await request(ctx.getHttpServer()).post('/auth/pin-code').send({ pinCode: '1234567' });
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorDto.badRequest(['pinCode must be a 6-digit numeric string']));
+    });
+
+    it('should reject non-numbers', async () => {
+      const { status, body } = await request(ctx.getHttpServer()).post('/auth/pin-code').send({ pinCode: 'A12345' });
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorDto.badRequest(['pinCode must be a 6-digit numeric string']));
+    });
+  });
+
+  describe('PUT /auth/pin-code', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).put('/auth/pin-code').send({ pinCode: '123456', newPinCode: '654321' });
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+  });
+
+  describe('DELETE /auth/pin-code', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).delete('/auth/pin-code').send({ pinCode: '123456' });
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+  });
+
+  describe('GET /auth/status', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).get('/auth/status');
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+  });
 });
--- a/server/src/controllers/auth.controller.ts
+++ b/server/src/controllers/auth.controller.ts
@ -1,12 +1,15 @@
-import { Body, Controller, HttpCode, HttpStatus, Post, Req, Res } from '@nestjs/common';
+import { Body, Controller, Delete, Get, HttpCode, HttpStatus, Post, Put, Req, Res } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Request, Response } from 'express';
 import {
  AuthDto,
+  AuthStatusResponseDto,
  ChangePasswordDto,
  LoginCredentialDto,
  LoginResponseDto,
  LogoutResponseDto,
+  PinCodeChangeDto,
+  PinCodeSetupDto,
  SignUpDto,
  ValidateAccessTokenResponseDto,
 } from 'src/dtos/auth.dto';
@ -74,4 +77,28 @@ export class AuthController {
      ImmichCookie.IS_AUTHENTICATED,
    ]);
  }
+
+  @Get('status')
+  @Authenticated()
+  getAuthStatus(@Auth() auth: AuthDto): Promise<AuthStatusResponseDto> {
+    return this.service.getAuthStatus(auth);
+  }
+
+  @Post('pin-code')
+  @Authenticated()
+  setupPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeSetupDto): Promise<void> {
+    return this.service.setupPinCode(auth, dto);
+  }
+
+  @Put('pin-code')
+  @Authenticated()
+  async changePinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeChangeDto): Promise<void> {
+    return this.service.changePinCode(auth, dto);
+  }
+
+  @Delete('pin-code')
+  @Authenticated()
+  async resetPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeChangeDto): Promise<void> {
+    return this.service.resetPinCode(auth, dto);
+  }
 }