fix(email_verification): should refresh email verification is called once per second

CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+-   Added a debounced mechanism in should refresh email verification to limit verification call to once per second.
+
 ## [0.14.0] - 2024-10-07
 
 -   Added the OAuth2Provider recipe

lib/ts/recipe/emailverification/emailVerificationClaim.ts

@@ -28,6 +28,13 @@ export class EmailVerificationClaimClass extends BooleanClaim {
                 refresh: this.refresh,
                 shouldRefresh: (payload, userContext) => {
                     const DateProvider = DateProviderReference.getReferenceOrThrow().dateProvider;
+                    const currentTime = DateProvider.now();
+
+                    if (this.shouldRefreshLastCalled && this.shouldRefreshLastCalled > currentTime - 1000) {
+                        return false;
+                    }
+
+                    this.shouldRefreshLastCalled = currentTime;
 
                     refetchTimeOnFalseInSeconds = refetchTimeOnFalseInSeconds ?? getThresholdAwareDefaultValue(10);
 
@@ -49,7 +56,6 @@ export class EmailVerificationClaimClass extends BooleanClaim {
                         return true;
                     }
 
-                    const currentTime = DateProvider.now();
                     const lastRefetchTime = this.getLastFetchedTime(payload, userContext)!;
 
                     if (maxAgeInSeconds !== undefined) {
@@ -82,4 +88,6 @@ export class EmailVerificationClaimClass extends BooleanClaim {
     validators!: BooleanClaim["validators"] & {
         isVerified: (refetchTimeOnFalseInSeconds?: number, maxAgeInSeconds?: number) => SessionClaimValidator;
     };
+
+    shouldRefreshLastCalled?: number;
 }

test/unit/emailverificationclaim.test.js

@@ -17,6 +17,20 @@ import EmailVerification from "../../recipe/emailverification";
 import SuperTokens from "../../lib/build/supertokens";
 import assert from "assert";
 
+/*
+ * Delay function is used in case of email verification claim as we have added a debouncing
+ * mechanism that shouldRefresh will return false if multiple calls are done in 1000ms.
+ * Hence adding delay after each email verification or shouldRefresh calls will result in
+ * correct tests.
+ * Test for checking when the shouldRefresh returning false when called multiple times in 1000ms
+ * is added.
+ */
+const delay = async () => {
+    return new Promise((resolve) => {
+        setTimeout(resolve, 1000);
+    });
+};
+
 describe("EmailVerificationClaim test", function () {
     jsdom({ url: "http://localhost.org" });
 
@@ -35,6 +49,7 @@ describe("EmailVerificationClaim test", function () {
             });
 
             const validator = EmailVerification.EmailVerificationClaim.validators.isVerified();
+            await delay(); // Added for correct results, since shouldRefresh is debounced
             const shouldRefreshUndefined = await validator.shouldRefresh({});
             assert.strictEqual(shouldRefreshUndefined, true);
         });
@@ -49,9 +64,11 @@ describe("EmailVerificationClaim test", function () {
             });
 
             const validator = EmailVerification.EmailVerificationClaim.validators.isVerified(10, 200);
+            await delay(); // Added for correct results, since shouldRefresh is debounced
             const shouldRefreshValid = await validator.shouldRefresh({
                 "st-ev": { v: true, t: Date.now() - 199 * 1000 },
             });
+            await delay(); // Added for correct results, since shouldRefresh is debounced
             const shouldRefreshExpired = await validator.shouldRefresh({
                 "st-ev": { v: true, t: Date.now() - 201 * 1000 },
             });
@@ -69,9 +86,11 @@ describe("EmailVerificationClaim test", function () {
             });
 
             const validator = EmailVerification.EmailVerificationClaim.validators.isVerified(8);
+            await delay(); // Added for correct results, since shouldRefresh is debounced
             const shouldRefreshValid = await validator.shouldRefresh({
                 "st-ev": { v: false, t: Date.now() - 7 * 1000 },
             });
+            await delay(); // Added for correct results, since shouldRefresh is debounced
             const shouldRefreshExpired = await validator.shouldRefresh({
                 "st-ev": { v: false, t: Date.now() - 9 * 1000 },
             });
@@ -90,14 +109,38 @@ describe("EmailVerificationClaim test", function () {
 
             // NOTE: the default value of refetchTimeOnFalseInSeconds is 10 seconds
             const validator = EmailVerification.EmailVerificationClaim.validators.isVerified();
+            await delay(); // Added for correct results, since shouldRefresh is debounced
             const shouldRefreshValid = await validator.shouldRefresh({
                 "st-ev": { v: false, t: Date.now() - 9 * 1000 },
             });
+            await delay(); // Added for correct results, since shouldRefresh is debounced
             const shouldRefreshExpired = await validator.shouldRefresh({
                 "st-ev": { v: false, t: Date.now() - 11 * 1000 },
             });
             assert.strictEqual(shouldRefreshValid, false);
             assert.strictEqual(shouldRefreshExpired, true);
         });
+
+        it("shouldRefresh should return false if called before 1000ms", async function () {
+            SuperTokens.init({
+                appInfo: {
+                    appName: "SuperTokens",
+                    apiDomain: "api.supertokens.io",
+                },
+                recipeList: [EmailVerification.init()],
+            });
+
+            // NOTE: the default value of refetchTimeOnFalseInSeconds is 10 seconds
+            const validator = EmailVerification.EmailVerificationClaim.validators.isVerified();
+            await delay(); // Added for correct results, since shouldRefresh is debounced
+            const shouldRefresh = await validator.shouldRefresh({
+                "st-ev": { v: false, t: Date.now() - 11 * 1000 },
+            });
+            const shouldRefreshAgain = await validator.shouldRefresh({
+                "st-ev": { v: false, t: Date.now() - 11 * 1000 },
+            });
+            assert.strictEqual(shouldRefresh, true);
+            assert.strictEqual(shouldRefreshAgain, false);
+        });
     });
 });