Simple Auth Plugin for Vendure.io


A Vendure plugin allow users log in using email and verification code

Use Case

A lot of times we want visitors (aka customers) to complete their purchase order as quick as possilble. However, they usually hesitate to create a credential to a random online shop at checkout step. So we provide a way to quickly authenticate those visitors by their email and a verification code that is sent to their email.

What it does

1. Expose a GraphQL Query "requestOneTimeCode".
2. Add an authentication strategy to GraphQL mutation "authenticate".

---

How to use

$3

yarn add @denz93/vendure-plugin-simple-auth

or

npm i --save @denz93/vendure-plugin-simple-auth

$3

``typescript
import { SimpleAuthPlugin } from "@denz93/vendure-plugin-simple-auth";
...
export const config: VendureConfig = {
...
plugins: [
...
SimpleAuthPlugin.init(options) //see Options
]
}
`

$3

* attempts: number
> Plugin will invalidate the verification code after user's attempts.
default: 5
* ttl: number
> Time to live
How long the verification code is valid for.
default: 600 (seconds)
* length: number
> How many digits/alphabets the verification code should be.
default: 6
* includeAlphabet: boolean
> Should allow alphabet characters.
default: false (aka digits only)
* isDev: boolean
> If true, the verification will return along with the response of query. requestOneTimeCode.
It's for debug and testing.
default: false
* cacheModuleOption: CacheModuleOption
> By default, the plugin use "memory" for caching which is underlying using NestJs CacheModule.
> To change cache store to Redis, MongoDB, etc, please see NestJs CacheModule docs here.
> You also want to see here from cache-manager which is underlying used by NestJs.
> Note: should use cache-manager 4.x if using Vendure under 2.x
> default: {}
* checkCrossStrategies: boolean
> Strictly enforce unique email among all strategies

> For example:
- One day, user "John" sign in using Google authentication with "john@gmail.com".
- Another day, user "John" sign in using One-time passcode authenication (this plugin) with the same email.
- This plugin will throw an error if the flag is enabled.

> default: false.
> Note: This only works if Google authentication plugin using email as an identifier

$3

Note**: Since v1.3.0 you don't need to config this step anymore. The plugin will automatically append the handler to Email Plugin

`typescript
// vendure-config.ts

import { oneTimeCodeRequestedEventHandler } from '@denz93/vendure-plugin-simple-auth';

...

export const config: VendureConfig = {
...

plugins: [
...

EmailPlugin.init({
...
handlers: [...defaultEmailHandler, oneTimeCodeRequestedEventHandler]
})
]
}
``

Future Updates

- [x] Prevent cross authenticate (Ex: users use same email for GoogleAuth and SimpleAuth)