From b4eef1dd18d486a6c6a014b3b4d89f4f3b6abe30 Mon Sep 17 00:00:00 2001
From: Jessica Ho <hojessica1230@gmail.com>
Date: Mon, 7 Aug 2023 07:38:36 +0000
Subject: [PATCH] handle expired link better

---
 .github/workflows/test.yml                    | 45 +++++++++----------
 prisma/seed.ts                                | 13 ++++++
 .../login/[phone]/[token]/+page.server.ts     | 24 +++-------
 tests/login.spec.ts                           | 17 +++++++
 4 files changed, 57 insertions(+), 42 deletions(-)
 create mode 100644 tests/login.spec.ts

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6158937..f1c4edc 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -31,26 +31,25 @@ jobs:
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3
-      with:
-        node-version: ${{ matrix.node-version }}
-        cache: 'yarn'
-        
-    - name: Install dependencies
-      run: yarn install --frozen-lockfile
-      
-    - name: Run postinstall (db stuff)
-      run: yarn postinstall
-      
-    - name: Build in node mode
-      run: yarn nodebuild
-
-    - name: Install playwright & dependencies
-      run: yarn exec playwright install --with-deps
-
-    - name: Run tests
-      run: yarn test
-      
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'yarn'
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Run postinstall (db stuff)
+        run: yarn postinstall
+
+      - name: Build in node mode
+        run: yarn nodebuild
+
+      - name: Install playwright & dependencies
+        run: yarn exec playwright install --with-deps
+
+      - name: Run tests
+        run: yarn test
diff --git a/prisma/seed.ts b/prisma/seed.ts
index cb5c436..440e866 100644
--- a/prisma/seed.ts
+++ b/prisma/seed.ts
@@ -94,6 +94,19 @@ async function main() {
 		.deleteMany()
 		.catch(() => console.log('No friend request table to delete'));
 
+	const expiredLink = {
+		token: '3e99472f1003794c',
+		phone: '+12015550121',
+		expires: new Date('8/5/2020')
+	};
+	await prisma.magicLink.upsert({
+		where: {
+			id: 1
+		},
+		update: expiredLink,
+		create: expiredLink
+	});
+
 	// User 1
 	await prisma.user.upsert({
 		where: {
diff --git a/src/routes/login/[phone]/[token]/+page.server.ts b/src/routes/login/[phone]/[token]/+page.server.ts
index 7268c3d..1db3bdf 100644
--- a/src/routes/login/[phone]/[token]/+page.server.ts
+++ b/src/routes/login/[phone]/[token]/+page.server.ts
@@ -14,28 +14,16 @@ export const load = (async ({ params, cookies }) => {
 			}
 		});
 	} catch {
-		return new Response(
-			JSON.stringify({
-				message: "Can't verify token"
-			}),
-			{
-				status: 403
-			}
-		);
+		console.error("Can't verify token");
+		throw redirect(308, `/?phone=${params.phone}`);
 	}
 
 	// check DB's expiration date
 	const { phone, expires } = magicLinkInfo as { phone: string; expires: Date };
 
 	if (expires < new Date()) {
-		return new Response(
-			JSON.stringify({
-				message: 'Token has expired'
-			}),
-			{
-				status: 403
-			}
-		);
+		console.error('Token has expired');
+		throw redirect(308, `/?phone=${params.phone}`);
 	}
 
 	let crypto;
@@ -43,9 +31,7 @@ export const load = (async ({ params, cookies }) => {
 		crypto = await import('node:crypto');
 	} catch (err) {
 		console.error('crypto support is disabled!');
-		return {
-			token: null
-		};
+		throw redirect(308, `/?phone=${params.phone}`);
 	}
 
 	const sessionCreatedAt = new Date();
diff --git a/tests/login.spec.ts b/tests/login.spec.ts
new file mode 100644
index 0000000..0146306
--- /dev/null
+++ b/tests/login.spec.ts
@@ -0,0 +1,17 @@
+import { test, expect } from '@playwright/test';
+import { run } from '../prisma/seed';
+
+const host = 'http://localhost:5173';
+
+test.beforeEach(async () => {
+	await run();
+});
+
+test.only('Redirect to login page w/ prefilled phone num on expired magic link', async ({
+	page
+}) => {
+	await page.goto('http://localhost:5173/login/12015550121/3e99472f1003794c');
+
+	await page.waitForURL(`${host}?phone=12015550121`, { waitUntil: 'networkidle' });
+	await expect(page).toHaveURL(`${host}?phone=12015550121`);
+});