From f469a9c127145ecf9440c09eed0b993100d51170 Mon Sep 17 00:00:00 2001 From: Ritik Kumar <58480195+iamr-kumar@users.noreply.github.com> Date: Mon, 19 Jun 2023 17:54:10 +0530 Subject: [PATCH] fix: redirect to 404 page for invalid email verification token (#9499) * fix:redirect to 404 page for invalid email token * update 404 page to include invalid token error * fix: use i18n Signed-off-by: Udit Takkar --------- Signed-off-by: Udit Takkar Co-authored-by: Udit Takkar --- apps/web/pages/404.tsx | 12 +++++++++++- apps/web/pages/api/auth/verify-email.ts | 4 ++-- apps/web/public/static/locales/en/common.json | 2 ++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/apps/web/pages/404.tsx b/apps/web/pages/404.tsx index 5d461f1691..b61b43ba01 100644 --- a/apps/web/pages/404.tsx +++ b/apps/web/pages/404.tsx @@ -42,6 +42,10 @@ export default function Custom404() { const isSubpage = router.asPath.includes("/", 2) || isSuccessPage; const isSignup = router.asPath.startsWith("/signup"); const isCalcom = process.env.NEXT_PUBLIC_WEBAPP_URL === "https://app.cal.com"; + + // In case of invalid email verification token, we intentionally redirect to 404 from the API + const isInvalidToken = router.asPath === "/404"; + /** * If we're on 404 and the route is insights it means it is disabled * TODO: Abstract this for all disabled features @@ -200,12 +204,18 @@ export default function Custom404() { {t("error_404")}

- {isSuccessPage ? "Booking not found" : t("page_doesnt_exist")} + {isSuccessPage + ? t("booking_not_found") + : isInvalidToken + ? t("invalid_verification_link") + : t("page_doesnt_exist")}

{isSubpage ? ( {t("check_spelling_mistakes_or_go_back")} + ) : isInvalidToken ? ( + {t("token_invalid_expired")} ) : isCalcom ? ( {t("the_username")}{" "} diff --git a/apps/web/pages/api/auth/verify-email.ts b/apps/web/pages/api/auth/verify-email.ts index 3890cdd6a7..c43ce0aac2 100644 --- a/apps/web/pages/api/auth/verify-email.ts +++ b/apps/web/pages/api/auth/verify-email.ts @@ -19,11 +19,11 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) }); if (!foundToken) { - return res.status(401).json({ message: "No token found" }); + return res.redirect(`${WEBAPP_URL}/404`); } if (dayjs(foundToken?.expires).isBefore(dayjs())) { - return res.status(401).json({ message: "Token expired" }); + return res.redirect(`${WEBAPP_URL}/404`); } const user = await prisma.user.update({ diff --git a/apps/web/public/static/locales/en/common.json b/apps/web/public/static/locales/en/common.json index ac4177fa07..e97d0966c6 100644 --- a/apps/web/public/static/locales/en/common.json +++ b/apps/web/public/static/locales/en/common.json @@ -349,6 +349,7 @@ "no_status_bookings_yet_description": "You have no {{status}} bookings. {{description}}", "event_between_users": "{{eventName}} between {{host}} and {{attendeeName}}", "bookings": "Bookings", + "booking_not_found":"Booking not found", "bookings_description": "See upcoming and past events booked through your event type links.", "upcoming_bookings": "As soon as someone books a time with you it will show up here.", "recurring_bookings": "As soon as someone books a recurring meeting with you it will show up here.", @@ -1725,6 +1726,7 @@ "app_is_connected": "{{dependencyName}} is connected", "requires_app": "Requires {{dependencyName}}", "verification_code": "Verification code", + "invalid_verification_link": "Invalid verification link", "can_you_try_again": "Can you try again with a different time?", "verify": "Verify", "timezone_info": "The timezone of the person receiving",