fix: redirect to 404 page for invalid email verification token (#9499)

* fix:redirect to 404 page for invalid email token * update 404 page to include invalid token error * fix: use i18n Signed-off-by: Udit Takkar <udit.07814802719@cse.mait.ac.in> --------- Signed-off-by: Udit Takkar <udit.07814802719@cse.mait.ac.in> Co-authored-by: Udit Takkar <udit.07814802719@cse.mait.ac.in>
2023-06-19 17:54:10 +05:30 · 2023-06-19 17:54:10 +05:30 · f469a9c127
parent 212f7a374f
commit f469a9c127
3 changed files with 15 additions and 3 deletions
--- a/apps/web/pages/404.tsx
+++ b/apps/web/pages/404.tsx
@ -42,6 +42,10 @@ export default function Custom404() {
  const isSubpage = router.asPath.includes("/", 2) || isSuccessPage;
  const isSignup = router.asPath.startsWith("/signup");
  const isCalcom = process.env.NEXT_PUBLIC_WEBAPP_URL === "https://app.cal.com";
+
+  // In case of invalid email verification token, we intentionally redirect to 404 from the API
+  const isInvalidToken = router.asPath === "/404";
+
  /**
   * If we're on 404 and the route is insights it means it is disabled
   * TODO: Abstract this for all disabled features
@ -200,12 +204,18 @@ export default function Custom404() {
                  {t("error_404")}
                </p>
                <h1 className="font-cal text-emphasis mt-2 text-4xl font-extrabold sm:text-5xl">
-                  {isSuccessPage ? "Booking not found" : t("page_doesnt_exist")}
+                  {isSuccessPage
+                    ? t("booking_not_found")
+                    : isInvalidToken
+                    ? t("invalid_verification_link")
+                    : t("page_doesnt_exist")}
                </h1>
                {isSubpage ? (
                  <span className="mt-2 inline-block text-lg ">
                    {t("check_spelling_mistakes_or_go_back")}
                  </span>
+                ) : isInvalidToken ? (
+                  <span className="mt-2 inline-block text-lg">{t("token_invalid_expired")}</span>
                ) : isCalcom ? (
                  <a target="_blank" href={url} className="mt-2 inline-block text-lg" rel="noreferrer">
                    {t("the_username")}{" "}
--- a/apps/web/pages/api/auth/verify-email.ts
+++ b/apps/web/pages/api/auth/verify-email.ts
@ -19,11 +19,11 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
  });

  if (!foundToken) {
-    return res.status(401).json({ message: "No token found" });
+    return res.redirect(`${WEBAPP_URL}/404`);
  }

  if (dayjs(foundToken?.expires).isBefore(dayjs())) {
-    return res.status(401).json({ message: "Token expired" });
+    return res.redirect(`${WEBAPP_URL}/404`);
  }

  const user = await prisma.user.update({
--- a/apps/web/public/static/locales/en/common.json
+++ b/apps/web/public/static/locales/en/common.json
@ -349,6 +349,7 @@
  "no_status_bookings_yet_description": "You have no {{status}} bookings. {{description}}",
  "event_between_users": "{{eventName}} between {{host}} and {{attendeeName}}",
  "bookings": "Bookings",
+  "booking_not_found":"Booking not found",
  "bookings_description": "See upcoming and past events booked through your event type links.",
  "upcoming_bookings": "As soon as someone books a time with you it will show up here.",
  "recurring_bookings": "As soon as someone books a recurring meeting with you it will show up here.",
@ -1725,6 +1726,7 @@
  "app_is_connected": "{{dependencyName}} is connected",
  "requires_app": "Requires {{dependencyName}}",
  "verification_code": "Verification code",
+  "invalid_verification_link": "Invalid verification link",
  "can_you_try_again": "Can you try again with a different time?",
  "verify": "Verify",
  "timezone_info": "The timezone of the person receiving",