completeAccountCreation method

Future<EmailIdpCompleteAccountCreationResult> completeAccountCreation(Session session, { required String completeAccountCreationToken, required String password, required Transaction transaction, })

The last step in the account creation process.

Given a token returned by verifyRegistrationCode, this method will complete the account creation process by creating a new authentication user and linking the account request to it.

Can throw the following EmailAccountRequestServerException subclasses:

• EmailPasswordPolicyViolationException if the password does not comply with the password policy.
• EmailAccountRequestInvalidVerificationCodeException if the provided completeAccountCreationToken is not valid.
• EmailAccountRequestNotFoundException if the request does not exist.
• EmailAccountRequestNotVerifiedException if the request has not been verified yet.
• EmailAccountRequestVerificationExpiredException if the request is completed with the correct verification code, but has already expired.
• EmailAccountRequestVerificationTooManyAttemptsException in case the user has made too many attempts to verify the account.

Returns the result of the operation with the ID of the new authentication user, the account request ID and the email address used during registration.

The account request will be deleted after successful completion.

In case of an invalid completeAccountCreationToken, the failed attempt will be logged to the database outside of the transaction and can not be rolled back.

Implementation

Future<EmailIdpCompleteAccountCreationResult> completeAccountCreation(
  final Session session, {
  required final String completeAccountCreationToken,
  required final String password,
  required final Transaction transaction,
}) async {
  if (!_config.passwordValidationFunction(password)) {
    throw EmailPasswordPolicyViolationException();
  }

  final request = await withReplacedSecretChallengeException(
    () => _challengeUtil.completeChallenge(
      session,
      completionToken: completeAccountCreationToken,
      transaction: transaction,
    ),
  );

  await EmailAccountRequest.db.deleteRow(
    session,
    request,
    transaction: transaction,
  );

  final newUser = await _authUsers.create(
    session,
    transaction: transaction,
  );

  final passwordHash = await _hashUtils.createHashFromString(
    secret: password,
  );

  final emailAccount = await EmailAccount.db.insertRow(
    session,
    EmailAccount(
      authUserId: newUser.id,
      email: request.email,
      passwordHash: passwordHash,
    ),
    transaction: transaction,
  );

  await _config.onAfterAccountCreated?.call(
    session,
    email: emailAccount.email,
    authUserId: emailAccount.authUserId,
    emailAccountId: emailAccount.id!,
    transaction: transaction,
  );

  return EmailIdpCompleteAccountCreationResult._(
    authUserId: newUser.id,
    accountRequestId: request.id!,
    email: request.email,
    scopes: newUser.scopes,
  );
}