fix(backend): Rename password compromised action and introduces unsetting a compromised password (#7477)

Author: octoper

.changeset/evil-points-fly.md

@@ -0,0 +1,5 @@
+---
+'@clerk/backend': patch
+---
+
+Renaming `__experimental_passwordCompromised` to `__experimental_setPasswordCompromised` and introducing `__experimental_unsetPasswordCompromised`

integration/testUtils/usersService.ts

@@ -76,7 +76,7 @@ export type UserService = {
   createFakeOrganization: (userId: string) => Promise<FakeOrganization>;
   getUser: (opts: { id?: string; email?: string }) => Promise<User | undefined>;
   createFakeAPIKey: (userId: string) => Promise<FakeAPIKey>;
-  passwordCompromised: (userId: string) => Promise<void>;
+  setPasswordCompromised: (userId: string) => Promise<void>;
 };
 
 /**
@@ -212,7 +212,7 @@ export const createUserService = (clerkClient: ClerkClient) => {
           clerkClient.apiKeys.revoke({ apiKeyId: apiKey.id, revocationReason: reason }),
       } satisfies FakeAPIKey;
     },
-    passwordCompromised: async (userId: string) => {
+    setPasswordCompromised: async (userId: string) => {
       await clerkClient.users.__experimental_passwordCompromised(userId);
     },
   };

integration/tests/session-tasks-sign-in-reset-password.test.ts

@@ -22,7 +22,7 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       const user = u.services.users.createFakeUser();
       const createdUser = await u.services.users.createBapiUser(user);
 
-      await u.services.users.passwordCompromised(createdUser.id);
+      await u.services.users.setPasswordCompromised(createdUser.id);
 
       // Performs sign-in
       await u.po.signIn.goTo();
@@ -69,7 +69,7 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       const user = u.services.users.createFakeUser();
       const createdUser = await u.services.users.createBapiUser(user);
 
-      await u.services.users.passwordCompromised(createdUser.id);
+      await u.services.users.setPasswordCompromised(createdUser.id);
       const fakeOrganization = u.services.organizations.createFakeOrganization();
       await u.services.organizations.createBapiOrganization({
         name: fakeOrganization.name,

packages/backend/src/api/endpoints/UserApi.ts

@@ -199,6 +199,10 @@ type DeleteUserExternalAccountParams = {
   externalAccountId: string;
 };
 
+type SetPasswordCompromisedParams = {
+  revokeAllSessions?: boolean;
+};
+
 type UserID = {
   userId: string;
 };
@@ -448,14 +452,25 @@ export class UserAPI extends AbstractAPI {
     });
   }
 
-  public async __experimental_passwordCompromised(userId: string) {
+  public async __experimental_setPasswordCompromised(
+    userId: string,
+    params: SetPasswordCompromisedParams = {
+      revokeAllSessions: false,
+    },
+  ) {
+    this.requireId(userId);
+    return this.request<User>({
+      method: 'POST',
+      path: joinPaths(basePath, userId, 'password', 'set_compromised'),
+      bodyParams: params,
+    });
+  }
+
+  public async __experimental_unsetPasswordCompromised(userId: string) {
     this.requireId(userId);
     return this.request<User>({
       method: 'POST',
-      path: joinPaths(basePath, userId, 'password_compromised'),
-      bodyParams: {
-        revokeAllSessions: false,
-      },
+      path: joinPaths(basePath, userId, 'password', 'unset_compromised'),
     });
   }
 }