handle expired link better

lilith · Aug 7, 2023 · b4eef1d · b4eef1d
1 parent 7155ef6
commit b4eef1d
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 42 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -31,26 +31,25 @@ jobs:
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3
-      with:
-        node-version: ${{ matrix.node-version }}
-        cache: 'yarn'
-
-    - name: Install dependencies
-      run: yarn install --frozen-lockfile
-
-    - name: Run postinstall (db stuff)
-      run: yarn postinstall
-
-    - name: Build in node mode
-      run: yarn nodebuild
-
-    - name: Install playwright & dependencies
-      run: yarn exec playwright install --with-deps
-
-    - name: Run tests
-      run: yarn test
-
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'yarn'
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Run postinstall (db stuff)
+        run: yarn postinstall
+
+      - name: Build in node mode
+        run: yarn nodebuild
+
+      - name: Install playwright & dependencies
+        run: yarn exec playwright install --with-deps
+
+      - name: Run tests
+        run: yarn test
diff --git a/prisma/seed.ts b/prisma/seed.ts
@@ -94,6 +94,19 @@ async function main() {
 		.deleteMany()
 		.catch(() => console.log('No friend request table to delete'));
 
+	const expiredLink = {
+		token: '3e99472f1003794c',
+		phone: '+12015550121',
+		expires: new Date('8/5/2020')
+	};
+	await prisma.magicLink.upsert({
+		where: {
+			id: 1
+		},
+		update: expiredLink,
+		create: expiredLink
+	});
+
 	// User 1
 	await prisma.user.upsert({
 		where: {

diff --git a/src/routes/login/[phone]/[token]/+page.server.ts b/src/routes/login/[phone]/[token]/+page.server.ts
@@ -14,38 +14,24 @@ export const load = (async ({ params, cookies }) => {
 			}
 		});
 	} catch {
-		return new Response(
-			JSON.stringify({
-				message: "Can't verify token"
-			}),
-			{
-				status: 403
-			}
-		);
+		console.error("Can't verify token");
+		throw redirect(308, `/?phone=${params.phone}`);
 	}
 
 	// check DB's expiration date
 	const { phone, expires } = magicLinkInfo as { phone: string; expires: Date };
 
 	if (expires < new Date()) {
-		return new Response(
-			JSON.stringify({
-				message: 'Token has expired'
-			}),
-			{
-				status: 403
-			}
-		);
+		console.error('Token has expired');
+		throw redirect(308, `/?phone=${params.phone}`);
 	}
 
 	let crypto;
 	try {
 		crypto = await import('node:crypto');
 	} catch (err) {
 		console.error('crypto support is disabled!');
-		return {
-			token: null
-		};
+		throw redirect(308, `/?phone=${params.phone}`);
 	}
 
 	const sessionCreatedAt = new Date();

diff --git a/tests/login.spec.ts b/tests/login.spec.ts
@@ -0,0 +1,17 @@
+import { test, expect } from '@playwright/test';
+import { run } from '../prisma/seed';
+
+const host = 'http://localhost:5173';
+
+test.beforeEach(async () => {
+	await run();
+});
+
+test.only('Redirect to login page w/ prefilled phone num on expired magic link', async ({
+	page
+}) => {
+	await page.goto('http://localhost:5173/login/12015550121/3e99472f1003794c');
+
+	await page.waitForURL(`${host}?phone=12015550121`, { waitUntil: 'networkidle' });
+	await expect(page).toHaveURL(`${host}?phone=12015550121`);
+});