From e4e49f880e2c5cbb56d3868b9ed95fcae0ec92a3 Mon Sep 17 00:00:00 2001
From: Joe Karow <58997957+JoeKarow@users.noreply.github.com>
Date: Fri, 24 May 2024 13:37:21 -0400
Subject: [PATCH] fix: handle expired/invalid cognito code (#1275)
# Pull Request type
Please check the type of change your PR introduces:
- [x] Bugfix
- [ ] Feature
- [ ] Code style update (formatting, renaming)
- [ ] Refactoring (no functional changes, no API changes)
- [ ] Build-related changes
- [ ] Documentation content changes
- [ ] Other (please describe):
## What is the current behavior?
Issue Number: N/A
## Coderabbit Summary
## Summary by CodeRabbit
- **New Features**
- Added messages for verification code requests, expiration, and
mismatches.
- Introduced functionality to resend verification codes.
- Enhanced error handling for account confirmation and verification code
processes.
- **Improvements**
- Updated UI to handle and display messages related to code resend
status.
- **Bug Fixes**
- Improved error handling for code mismatches and expired codes during
account confirmation.
- **Configuration**
- Added `build_in_source` parameter to Lambda function configurations.
## Does this introduce a breaking change?
- [ ] Yes
- [ ] No
## Other information
---
apps/app/public/locales/en/common.json | 5 ++
lambdas/cognito-messaging/samconfig.toml | 2 +
lambdas/cognito-user-migrate/samconfig.toml | 2 +
packages/api/router/user/index.ts | 7 +++
.../user/mutation.confirmAccount.handler.ts | 60 +++++++++++-------
.../user/mutation.resendCode.handler.ts | 15 +++++
.../router/user/mutation.resendCode.schema.ts | 14 +++++
packages/api/router/user/schemas.ts | 1 +
packages/auth/lib/cognitoClient.ts | 4 +-
packages/auth/lib/confirmAccount.ts | 2 +
packages/env/index.ts | 5 +-
packages/ui/modals/AccountVerified.tsx | 63 +++++++++++++++++--
12 files changed, 150 insertions(+), 30 deletions(-)
create mode 100644 packages/api/router/user/mutation.resendCode.handler.ts
create mode 100644 packages/api/router/user/mutation.resendCode.schema.ts
diff --git a/apps/app/public/locales/en/common.json b/apps/app/public/locales/en/common.json
index 44f81f944e..358796651c 100644
--- a/apps/app/public/locales/en/common.json
+++ b/apps/app/public/locales/en/common.json
@@ -53,6 +53,8 @@
"close": "Close",
"confirm-account": {
"click-verify": "Click here to verify your confirm your InReach account",
+ "code-requested": "Verification code requested!",
+ "code-resent": "A new code has been requested. Please check your email.",
"message": "Click the following link to confirm your account:",
"subject": "Confirm your account"
},
@@ -114,7 +116,10 @@
"404-title": "404: Page not found.",
"500-body": "We're sorry, something went wrong with our server. Please try again later, or start a search below to find safe, verified LGBTQ+ resources in your area.",
"500-title": "500: Something went wrong.",
+ "code-expired": "The code provided has expired.",
+ "code-mismatch": "The code provided is not valid.",
"oh-no": "Oh no!",
+ "resend-code": "Request a new code",
"try-again-text": "Something went wrong! Please try again."
},
"exclude": "Exclude",
diff --git a/lambdas/cognito-messaging/samconfig.toml b/lambdas/cognito-messaging/samconfig.toml
index c248d9ce6c..1eee0fde4c 100644
--- a/lambdas/cognito-messaging/samconfig.toml
+++ b/lambdas/cognito-messaging/samconfig.toml
@@ -7,3 +7,5 @@ region = "us-east-1"
confirm_changeset = true
capabilities = "CAPABILITY_IAM"
image_repositories = []
+[default.build.parameters]
+build_in_source = true
diff --git a/lambdas/cognito-user-migrate/samconfig.toml b/lambdas/cognito-user-migrate/samconfig.toml
index 90025a6f6a..09c01f2092 100644
--- a/lambdas/cognito-user-migrate/samconfig.toml
+++ b/lambdas/cognito-user-migrate/samconfig.toml
@@ -7,3 +7,5 @@ region = "us-east-1"
confirm_changeset = true
capabilities = "CAPABILITY_IAM"
image_repositories = []
+[default.build.parameters]
+build_in_source = true
diff --git a/packages/api/router/user/index.ts b/packages/api/router/user/index.ts
index 68580cc556..274f0cbf79 100644
--- a/packages/api/router/user/index.ts
+++ b/packages/api/router/user/index.ts
@@ -91,4 +91,11 @@ export const userRouter = defineRouter({
)
return handler({ input, ctx })
}),
+ resendCode: publicProcedure.input(schema.ZResendCodeSchema).mutation(async (opts) => {
+ const handler = await importHandler(
+ namespaced('resendCode'),
+ () => import('./mutation.resendCode.handler')
+ )
+ return handler(opts)
+ }),
})
diff --git a/packages/api/router/user/mutation.confirmAccount.handler.ts b/packages/api/router/user/mutation.confirmAccount.handler.ts
index c1f0e1a30f..e77a287549 100644
--- a/packages/api/router/user/mutation.confirmAccount.handler.ts
+++ b/packages/api/router/user/mutation.confirmAccount.handler.ts
@@ -1,33 +1,49 @@
-import { confirmAccount as cognitoConfirmAccount } from '@weareinreach/auth/confirmAccount'
+import { TRPCError } from '@trpc/server'
+
+import {
+ CodeMismatchException,
+ confirmAccount as cognitoConfirmAccount,
+ ExpiredCodeException,
+} from '@weareinreach/auth/confirmAccount'
import { prisma } from '@weareinreach/db'
import { type TRPCHandlerParams } from '~api/types/handler'
import { type TConfirmAccountSchema } from './mutation.confirmAccount.schema'
const confirmAccount = async ({ input }: TRPCHandlerParams) => {
- const { code, email } = input
- const response = await cognitoConfirmAccount(email, code)
+ try {
+ const { code, email } = input
+ const response = await cognitoConfirmAccount(email, code)
- const { id } = await prisma.user.findFirstOrThrow({
- where: {
- email: {
- equals: email.toLowerCase(),
- mode: 'insensitive',
+ const { id } = await prisma.user.findFirstOrThrow({
+ where: {
+ email: {
+ equals: email.toLowerCase(),
+ mode: 'insensitive',
+ },
+ },
+ select: {
+ id: true,
},
- },
- select: {
- id: true,
- },
- })
+ })
- await prisma.user.update({
- where: {
- id,
- },
- data: {
- emailVerified: new Date(),
- },
- })
- return response
+ await prisma.user.update({
+ where: {
+ id,
+ },
+ data: {
+ emailVerified: new Date(),
+ },
+ })
+ return response
+ } catch (error) {
+ if (error instanceof CodeMismatchException) {
+ throw new TRPCError({ code: 'BAD_REQUEST', message: 'Code mismatch', cause: error })
+ }
+ if (error instanceof ExpiredCodeException) {
+ throw new TRPCError({ code: 'BAD_REQUEST', message: 'Code expired', cause: error })
+ }
+ throw error
+ }
}
export default confirmAccount
diff --git a/packages/api/router/user/mutation.resendCode.handler.ts b/packages/api/router/user/mutation.resendCode.handler.ts
new file mode 100644
index 0000000000..ce6cf255e5
--- /dev/null
+++ b/packages/api/router/user/mutation.resendCode.handler.ts
@@ -0,0 +1,15 @@
+import { resendVerificationCode } from '@weareinreach/auth/lib/resendCode'
+import { handleError } from '~api/lib/errorHandler'
+import { type TRPCHandlerParams } from '~api/types/handler'
+
+import { type TResendCodeSchema } from './mutation.resendCode.schema'
+
+const resendCode = async ({ input }: TRPCHandlerParams) => {
+ try {
+ const result = await resendVerificationCode(input.email)
+ return result
+ } catch (error) {
+ return handleError(error)
+ }
+}
+export default resendCode
diff --git a/packages/api/router/user/mutation.resendCode.schema.ts b/packages/api/router/user/mutation.resendCode.schema.ts
new file mode 100644
index 0000000000..1f4b082a81
--- /dev/null
+++ b/packages/api/router/user/mutation.resendCode.schema.ts
@@ -0,0 +1,14 @@
+import { z } from 'zod'
+
+import { decodeUrl } from '~api/lib/encodeUrl'
+
+export const ZResendCodeSchema = z.union([
+ z.object({ email: z.string().email().toLowerCase(), data: z.never().optional() }),
+ z
+ .object({ data: z.string(), email: z.never().optional() })
+ .transform(({ data }) => ({ email: decodeUrl(data).email })),
+])
+
+// .object({ email: z.string().email().toLowerCase() })
+// .or(z.object({ data: z.string() }))
+export type TResendCodeSchema = z.infer
diff --git a/packages/api/router/user/schemas.ts b/packages/api/router/user/schemas.ts
index 9e9b23b60e..b8ea8beeb3 100644
--- a/packages/api/router/user/schemas.ts
+++ b/packages/api/router/user/schemas.ts
@@ -4,6 +4,7 @@ export * from './mutation.confirmAccount.schema'
export * from './mutation.create.schema'
export * from './mutation.deleteAccount.schema'
export * from './mutation.forgotPassword.schema'
+export * from './mutation.resendCode.schema'
export * from './mutation.resetPassword.schema'
export * from './mutation.submitSurvey.schema'
// codegen:end
diff --git a/packages/auth/lib/cognitoClient.ts b/packages/auth/lib/cognitoClient.ts
index e89e0e83d6..07b52c8310 100644
--- a/packages/auth/lib/cognitoClient.ts
+++ b/packages/auth/lib/cognitoClient.ts
@@ -12,7 +12,7 @@ import { z } from 'zod'
import { createHmac } from 'crypto'
import { prisma } from '@weareinreach/db'
-import { getEnv } from '@weareinreach/env'
+import { getEnv, isLocalDev } from '@weareinreach/env'
import { createLoggerInstance } from '@weareinreach/util/logger'
import { decodeCognitoIdJwt } from './cognitoJwt'
@@ -33,6 +33,8 @@ export const cognito = new CognitoIdentityProvider({
secretAccessKey: getEnv('COGNITO_SECRET'),
},
logger,
+ // eslint-disable-next-line node/no-process-env
+ ...(isLocalDev && { endpoint: process.env.COGNITO_LOCAL_ENDPOINT }),
})
export const ClientId = getEnv('COGNITO_CLIENT_ID')
diff --git a/packages/auth/lib/confirmAccount.ts b/packages/auth/lib/confirmAccount.ts
index bdd6e983d3..0f7f2516c5 100644
--- a/packages/auth/lib/confirmAccount.ts
+++ b/packages/auth/lib/confirmAccount.ts
@@ -9,3 +9,5 @@ export const confirmAccount = async (email: string, code: string) => {
})
return response
}
+
+export { ExpiredCodeException, CodeMismatchException } from '@aws-sdk/client-cognito-identity-provider'
diff --git a/packages/env/index.ts b/packages/env/index.ts
index d27a30ebf7..5885ad1040 100644
--- a/packages/env/index.ts
+++ b/packages/env/index.ts
@@ -90,5 +90,6 @@ export const env = createEnv({
export const getEnv = (envVar: T): (typeof env)[T] => env[envVar]
-export const isDev = process.env.NODE_ENV === 'development'
-export const isVercelProd = process.env.VERCEL_ENV === 'production'
+export * from './checks'
+// export const isDev = process.env.NODE_ENV === 'development'
+// export const isVercelProd = process.env.VERCEL_ENV === 'production'
diff --git a/packages/ui/modals/AccountVerified.tsx b/packages/ui/modals/AccountVerified.tsx
index 4f6cb47c00..50d943e549 100644
--- a/packages/ui/modals/AccountVerified.tsx
+++ b/packages/ui/modals/AccountVerified.tsx
@@ -12,7 +12,7 @@ import {
import { useDisclosure } from '@mantine/hooks'
import { useRouter } from 'next/router'
import { Trans, useTranslation } from 'next-i18next'
-import { forwardRef, useEffect, useMemo, useState } from 'react'
+import { forwardRef, useCallback, useEffect, useMemo, useState } from 'react'
import { z } from 'zod'
import { decodeUrl } from '@weareinreach/api/lib/encodeUrl'
@@ -44,10 +44,27 @@ const AccountVerifyModalBody = forwardRef setSuccess(true),
onError: () => setError(true),
})
+ const resendCode = api.user.resendCode.useMutation({
+ onSuccess: () => setCodeSent(true),
+ })
+
+ const handleResendCode = useCallback((data: string) => () => resendCode.mutate({ data }), [resendCode])
+
+ const hasError = useMemo(() => {
+ if (!verifyAccount.isError) {
+ return false
+ }
+ if (verifyAccount.error.data?.cause instanceof Error && verifyAccount.error.data?.cause?.name) {
+ return verifyAccount.error.data.cause.name
+ }
+ return 'UnknownError'
+ }, [verifyAccount.error?.data?.cause, verifyAccount.isError])
+
// const DataSchema = z.string().default('')
const [opened, handler] = useDisclosure(autoOpen)
const { isMobile } = useScreenSize()
@@ -137,19 +154,52 @@ const AccountVerifyModalBody = forwardRef (
+
+ const errorI18nKey = useMemo(() => {
+ switch (hasError) {
+ case 'NotAuthorizedException':
+ case 'CodeMismatchException': {
+ return 'errors.code-mismatch'
+ }
+ case 'ExpiredCodeException': {
+ return 'errors.code-expired'
+ }
+ default: {
+ return 'errors.try-again-text'
+ }
+ }
+ }, [hasError])
+
+ const bodyError = useMemo(() => {
+ return (
🫣
{t('errors.oh-no')}
.,
}}
/>
+ {errorI18nKey !== 'errors.try-again-text' && parsedData.data && (
+
+ )}
+
+ )
+ }, [errorI18nKey, t, variants, handleResendCode, parsedData.data])
+
+ const bodyCodeResent = useMemo(
+ () => (
+
+
+ 📬
+ {t('confirm-account.code-requested')}
+
+ {t('confirm-account.code-resent')}
),
[t, variants]
@@ -159,11 +209,14 @@ const AccountVerifyModalBody = forwardRef