GoogleAuthFactor getMostRecentChallenge() bug

[mdeggies]

I think there is a bug in the GoogleAuthenticatorFactor's getMostRecentChallenge() method. Code to reproduce:

'use strict';

var stormpath = require('stormpath');

var client = new stormpath.Client({
  apiKey : {
    "id": $ID,
    "secret": $SECRET
  }
});

var applicationHref = "https://api.stormpath.com/v1/applications/$APP_ID";
var accountHref = "https://api.stormpath.com/v1/accounts/$ACCT_ID";

client.getApplication(applicationHref, function(err, application){
  client.getAccount(accountHref, function (err, account) {

    var collectionQueryOptions = {
      type: 'google-authenticator'
    };

    var factor = {
      type: 'google-authenticator',
      accountName: '$ACCT_EMAIL_ADDRESS',
      issuer: '$NAME_OF_APP'
    };

   // Create initial factor for account
    account.createFactor(factor, function(err, googleAuthenticatorFactor) {
      if (err) {
        return console.log(err);
      }

      console.log(googleAuthenticatorFactor);
    });

    // Get all google-auth factors for the account
    account.getFactors(collectionQueryOptions, function(err, CollectionResource) {
      if (err) {
        return console.log(err);
      }

      var googleAuthenticatorFactor = CollectionResource.items[0];

      // Create google-auth challenge
      googleAuthenticatorFactor.createChallenge(function(err, createdChallenge) {
        if (err) {
          return console.log(err);
        }
        console.log(createdChallenge);

         // Try to get the most recently created challenge. 
        // This is always returning null for me 
        googleAuthenticatorFactor.getMostRecentChallenge(function(err, challenge){
          if (err) {
            return console.log(err);
          }

          if (challenge === null) {
            return console.log('Challenge has not been created');
          }

          console.log('Most recent challenge:', challenge);
        });
      });
    });
  });
});

EDIT: In REST, mostRecentChallenge() is updated right after a challenge is created. In this SDK, the cached version is being used and never getting updated.

[the-overengineer]

@mdeggies Are you certain it's updated in REST on your side (or, rather, is it still so at the moment)? I've created a factor of type google-authenticator and attached several (4) challenges to it, but the REST API still shows the mostRecentChallenge as null.

There is still a potential issue in the Node SDK code that I believe I've solved, but none of it is of any use as long as the REST API value is null.

I used api.stormpath.com, not the devbox.

[mdeggies]

@Tweety-FER Ahh sorry I forgot to add this to the post. mostRecentChallenge is created right after a challenge is created. There are two options- you can create a factor and then create the challenge, or create a factor and add challenge=true as a query param to automatically create the challenge. In both cases via REST, mostRecentChallenge is created. In Node, if you create a factor and then create the challenge, mostRecentChallenge isn't populated (but adding challenge: true works).

Robert mentioned that the SDK caches the factor when it’s created, so that might be the problem: https://github.com/stormpath/stormpath-sdk-node/blob/master/lib/resource/Factor.js#L87-L97

[the-overengineer]

@mdeggies Yes, that certainly is a problem (the code you indicate). However, having only created the Challenge via the Node SDK, I'm not seeing anything for that field in the REST API. A response to a request using Postman (to .../factors?expand=challenges:

{
  "href": "https://api.stormpath.com/v1/accounts/2wOhFpHcbDBv4tjJmnTnuP/factors",
  "offset": 0,
  "limit": 25,
  "size": 1,
  "items": [
    {
      "href": "https://api.stormpath.com/v1/factors/1WqGU7K3HbUqauJfckrEo5",
      "type": "google-authenticator",
      ...,
      "mostRecentChallenge": null,
      "challenges": {
        "href": "https://api.stormpath.com/v1/factors/1WqGU7K3HbUqauJfckrEo5/challenges",
        "offset": 0,
        "limit": 25,
        "size": 4,
        "items": [
          {
            "href": "https://api.stormpath.com/v1/challenges/1XdQVZ59QjdNzcwE9op7Jt",
            ...
          },
          {
            "href": "https://api.stormpath.com/v1/challenges/76VxjCnxMOmzBi5ZP4G1WB",
            ...
          },
          {
            "href": "https://api.stormpath.com/v1/challenges/7hdm4YYXknuYOxsL4cshqX",
            ...
          },
          {
            "href": "https://api.stormpath.com/v1/challenges/2A9SxX2KgQACpna3nPBZD7",
            ...
          }
        ]
      }
    }
  ]
}

As an experiment, I've then created a factor with postman, with challenge=true. In this case, a challenge was set as the mostRecentChallenge. Then, I created a new factor through Postman, then separately created a challenge. Finally, I fetched the factor with expand=challenges, and again got no mostRecentChallenge.

{
  "href": "https://api.stormpath.com/v1/factors/71SSAYp9kiXcISODQyMZ4R",
  ...,
  "mostRecentChallenge": null,
  "challenges": {
    "href": "https://api.stormpath.com/v1/factors/71SSAYp9kiXcISODQyMZ4R/challenges",
    "offset": 0,
    "limit": 25,
    "size": 1,
    "items": [
      {
        "href": "https://api.stormpath.com/v1/challenges/1jphyH6iMlM3Rxtcao5OBj",
        ...
      }
    ]
  }
}

In short, what I was trying to say is that there certainly is an issue with Node SDK, but there also seems to be one with the REST API, and I cannot be certain I've squashed the Node SDK one until I've an assurance that the API is working well. All in all, parallel to the issue with the Node SDK, I'm running into issues with getting the mostRecentChallenge field when the challenge is added after factor creation, while it works just fine if added with challenge=true.

[mdeggies]

@Tweety-FER, the IAM fix should be out in this week's release

[the-overengineer]

@mdeggies Thanks for the update and your help communicating this issue to the API folks! After testing this anew using the code above, it seems to work even without any changes to the Node SDK, and was all on the API. The caching mechanism works as it should after all. Could you please verify? Thanks again!

[mdeggies]

@Tweety-FER- you're right, this is working just fine. :) Thanks for sticking with me on this one!