fix: make validation failure redirection aware of the current url

supertokens · Apr 12, 2024 · 744d04e · 744d04e
1 parent e7f3eb5
commit 744d04e
Show file tree

Hide file tree

Showing 8 changed files with 85 additions and 32 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,7 +13,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 -   We now redirect to the factor chooser screen if the MFA claim validator fails even if there is no available next factor. This will always show an access denied screen, which should help debugging.
 -   `clearOnSubmit` now only clears the field value if the request returned an error. This is because the form navigates on success, making clearing the field unnecessary (which can lead to confusing UX if the navigation takes too long).
--   Fixed an issue where `SessionAuth` contents popped in before navigating away if a claim validator failed. Now `SessionAuth` does not set the context before navigation.
+-   Fixed an issue where `SessionAuth` contents popped in before navigating away if a claim validator failed:
+    -   Now we ony set the context if `onFailureRedirection` returned the current URL.
+    -   Now we ony call the navigation function if `onFailureRedirection` returned something different than the current URL.
 -   Made the `name` property optional in custom provider configs for usage with `usesDynamicLoginMethods`, where the tenant configuration is expected to set the name dynamically.
     -   Note, that not setting the name will make the UI crash if the `usesDynamicLoginMethods` is set to `false` or if the tenant configuration doesn't include a provider list.
 

diff --git a/examples/with-emailverification-then-password-thirdpartyemailpassword/src/App.js b/examples/with-emailverification-then-password-thirdpartyemailpassword/src/App.js
@@ -112,7 +112,7 @@ function App() {
                                 <Route
                                     path="/set-password"
                                     element={
-                                        <SessionAuth overrideGlobalClaimValidators={() => []}>
+                                        <SessionAuth>
                                             <SetPassword />
                                         </SessionAuth>
                                     }

diff --git a/examples/with-phone-password/src/App.tsx b/examples/with-phone-password/src/App.tsx
@@ -117,7 +117,7 @@ function App() {
                             <Route
                                 path="/auth/verify-phone"
                                 element={
-                                    <SessionAuth overrideGlobalClaimValidators={() => []}>
+                                    <SessionAuth>
                                         <PhoneVerification />
                                     </SessionAuth>
                                 }

diff --git a/lib/build/index2.js b/lib/build/index2.js
diff --git a/lib/build/multifactorauth-shared.js b/lib/build/multifactorauth-shared.js
diff --git a/lib/build/recipe/session/utils.d.ts b/lib/build/recipe/session/utils.d.ts
diff --git a/lib/ts/recipe/session/sessionAuth.tsx b/lib/ts/recipe/session/sessionAuth.tsx
@@ -26,7 +26,7 @@ import { useOnMountAPICall } from "../../utils";
 
 import Session from "./recipe";
 import SessionContext from "./sessionContext";
-import { getFailureRedirectionInfo } from "./utils";
+import { compareRedirectionURLToCurrentURL, getFailureRedirectionInfo } from "./utils";
 
 import type { LoadedSessionContext, RecipeEventWithSessionContext, SessionContextType } from "./types";
 import type { Navigate, ReactComponentClass, SessionClaimValidator, UserContext } from "../../types";
@@ -187,10 +187,14 @@ const SessionAuth: React.FC<PropsWithChildren<SessionAuthProps>> = ({ children,
                     });
 
                     if (failureRedirectInfo.redirectPath !== undefined) {
-                        return await SuperTokens.getInstanceOrThrow().redirectToUrl(
-                            failureRedirectInfo.redirectPath,
-                            navigate
-                        );
+                        if (compareRedirectionURLToCurrentURL(failureRedirectInfo.redirectPath)) {
+                            setContext(toSetContext);
+                        } else {
+                            return await SuperTokens.getInstanceOrThrow().redirectToUrl(
+                                failureRedirectInfo.redirectPath,
+                                navigate
+                            );
+                        }
                     }
                     if (props.accessDeniedScreen !== undefined && failureRedirectInfo.failedClaim !== undefined) {
                         console.warn({
@@ -245,11 +249,14 @@ const SessionAuth: React.FC<PropsWithChildren<SessionAuthProps>> = ({ children,
                             userContext,
                         });
                         if (failureRedirectInfo.redirectPath) {
-                            setContext({ ...event.sessionContext, loading: false, invalidClaims });
-                            return await SuperTokens.getInstanceOrThrow().redirectToUrl(
-                                failureRedirectInfo.redirectPath,
-                                navigate
-                            );
+                            if (compareRedirectionURLToCurrentURL(failureRedirectInfo.redirectPath)) {
+                                setContext({ ...event.sessionContext, loading: false, invalidClaims });
+                            } else {
+                                return await SuperTokens.getInstanceOrThrow().redirectToUrl(
+                                    failureRedirectInfo.redirectPath,
+                                    navigate
+                                );
+                            }
                         }
                         if (props.accessDeniedScreen !== undefined && failureRedirectInfo.failedClaim !== undefined) {
                             console.warn({

diff --git a/lib/ts/recipe/session/utils.ts b/lib/ts/recipe/session/utils.ts
@@ -14,7 +14,9 @@
  */
 
 import { getGlobalClaimValidators } from "supertokens-web-js/utils";
+import { WindowHandlerReference } from "supertokens-web-js/utils/windowHandler";
 
+import SuperTokens from "../../superTokens";
 import { normaliseRecipeModuleConfig } from "../recipeModule/utils";
 
 import type { InputType, NormalisedSessionConfig } from "./types";
@@ -90,3 +92,19 @@ export const getFailureRedirectionInfo = async ({
         failedClaim,
     };
 };
+
+export function compareRedirectionURLToCurrentURL(redirectURL: string): boolean {
+    const currentUrl = WindowHandlerReference.getReferenceOrThrow().windowHandler.location.getHref();
+    let fullRedirectURL;
+    try {
+        new URL(redirectURL);
+        // if the url is a full, valid url, we can use that
+        fullRedirectURL = redirectURL;
+    } catch {
+        const appInfo = SuperTokens.getInstanceOrThrow().appInfo;
+        // otherwise we prepend the websiteDomain
+        fullRedirectURL = `${appInfo.websiteDomain.getAsStringDangerous()}${redirectURL}`;
+    }
+
+    return currentUrl === fullRedirectURL;
+}