Skip to content

Commit

Permalink
Merge pull request #1922 from ever-co/fix/#1921-invitation
Browse files Browse the repository at this point in the history
fix: Multiple time invitation accept with same link
  • Loading branch information
evereq authored Dec 1, 2023
2 parents 9507fa1 + 0cb10b4 commit db3c745
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 35 deletions.
10 changes: 7 additions & 3 deletions apps/web/app/hooks/auth/useAuthenticationPasscode.ts
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,13 @@ export function useAuthenticationPasscode() {
const verifyPasscodeRequest = useCallback(
({ email, code }: { email: string; code: string }) => {
queryCall(email, code)
.then(() => {
.then((res) => {
const errors = (res.data as any).errors as any;
if (errors.email) {
setErrors(errors || {});
return;
}

window.location.reload();
setAuthenticated(true);
})
Expand Down Expand Up @@ -188,12 +194,10 @@ export function useAuthenticationPasscode() {
useEffect(() => {
if (query.email && query.code && !loginFromQuery.current) {
setScreen('passcode');

verifyPasscodeRequest({
email: query.email as string,
code: query.code as string
});

loginFromQuery.current = true;
}
}, [query, verifyPasscodeRequest]);
Expand Down
2 changes: 1 addition & 1 deletion apps/web/app/hooks/features/useAuthTeamTasks.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ export function useAuthTeamTasks(user: IUser | undefined) {
const tasks = useRecoilValue(tasksByTeamState);

const { activeTeam } = useOrganizationTeams();
const currentMember = activeTeam?.members.find((member) => member.employee?.userId === user?.id);
const currentMember = activeTeam?.members?.find((member) => member.employee?.userId === user?.id);

const assignedTasks = useMemo(() => {
if (!user) return [];
Expand Down
6 changes: 4 additions & 2 deletions apps/web/app/services/client/api/organization-team.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export function createOrganizationTeamAPI(name: string) {
return api.post<PaginationResponse<IOrganizationTeamList>>('/organization-team', { name });
}

export function getOrganizationTeamAPI(teamId: string, organizationId: string, tenantId: string) {
export async function getOrganizationTeamAPI(teamId: string, organizationId: string, tenantId: string) {
const params = {
organizationId: organizationId,
tenantId: tenantId,
Expand Down Expand Up @@ -46,7 +46,9 @@ export function getOrganizationTeamAPI(teamId: string, organizationId: string, t
const queries = new URLSearchParams(params || {});

const endpoint = `/organization-team/${teamId}?${queries.toString()}`;
return get(endpoint, true);
const data = await get(endpoint, true);

return process.env.NEXT_PUBLIC_GAUZY_API_SERVER_URL ? data.data : data;
}

export function editOrganizationTeamAPI(data: IOrganizationTeamUpdate) {
Expand Down
58 changes: 29 additions & 29 deletions apps/web/pages/api/auth/login.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,6 @@ import {
} from '@app/services/server/requests';
import { NextApiRequest, NextApiResponse } from 'next';

const notFound = (res: NextApiResponse) =>
res.status(400).json({
errors: {
code: 'Authentication code or email address invalid'
}
});

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const body = req.body as ILoginDataAPI;
let loginResponse: ILoginResponse | null = null;
Expand All @@ -29,32 +22,44 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
}

/**
* Verify first if match with invite code
* Verify first if matches with invite code
*/
const inviteReq = await verifyInviteCodeRequest({
email: body.email,
code: body.code
}).catch(() => void 0);
/**
* If the invite code verification failed then try again with auth code
* If the invite code verification failed then try again with the Auth code
*/
if (!inviteReq || !inviteReq.response.ok || (inviteReq.data as any).response?.statusCode) {
const authReq = await verifyAuthCodeRequest(body.email, body.code);
try {
const authReq = await verifyAuthCodeRequest(body.email, body.code);
if (
!authReq.response.ok ||
(authReq.data as any).status === 404 ||
(authReq.data as any).status === 400 ||
(authReq.data as any).status === 401
) {
return res.status(200).json({
errors: {
email: 'Authentication code or email address invalid'
}
});
}

if (
!authReq.response.ok ||
(authReq.data as any).status === 404 ||
(authReq.data as any).status === 400 ||
(authReq.data as any).status === 401
) {
return notFound(res);
loginResponse = authReq.data;
} catch (error) {
// return notFound(res);
return res.status(200).json({
errors: {
email: 'Authentication code or email address invalid'
}
});
}

loginResponse = authReq.data;

/**
* If provided code is an invite code and
* verified the accepte and register the related user
* If the provided code is an invite code and
* verified then accept and register the related user
*/
} else {
// General a random password with 8 chars
Expand Down Expand Up @@ -84,6 +89,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
}
});
}

loginResponse = acceptInviteRes.data;
}

Expand All @@ -96,7 +102,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
}

/**
* Get the first team from first organization
* Get the first team from the first organization
*/
const tenantId = loginResponse.user?.tenantId || '';
const access_token = loginResponse.token;
Expand All @@ -122,13 +128,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const team = teams.items[0];

if (!team) {
setNoTeamPopupShowCookie(true);
// No need to check now if user is in any Team or not, as we are allowing to login and then user can Join/Create new Team
// return res.status(400).json({
// errors: {
// email: "We couldn't find any teams associated to this account",
// },
// });
setNoTeamPopupShowCookie(true);
}

setAuthCookies(
Expand Down

0 comments on commit db3c745

Please sign in to comment.