From f469a9c127145ecf9440c09eed0b993100d51170 Mon Sep 17 00:00:00 2001
From: Ritik Kumar <58480195+iamr-kumar@users.noreply.github.com>
Date: Mon, 19 Jun 2023 17:54:10 +0530
Subject: [PATCH] fix: redirect to 404 page for invalid email verification
token (#9499)
* fix:redirect to 404 page for invalid email token
* update 404 page to include invalid token error
* fix: use i18n
Signed-off-by: Udit Takkar
---------
Signed-off-by: Udit Takkar
Co-authored-by: Udit Takkar
---
apps/web/pages/404.tsx | 12 +++++++++++-
apps/web/pages/api/auth/verify-email.ts | 4 ++--
apps/web/public/static/locales/en/common.json | 2 ++
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/apps/web/pages/404.tsx b/apps/web/pages/404.tsx
index 5d461f1691..b61b43ba01 100644
--- a/apps/web/pages/404.tsx
+++ b/apps/web/pages/404.tsx
@@ -42,6 +42,10 @@ export default function Custom404() {
const isSubpage = router.asPath.includes("/", 2) || isSuccessPage;
const isSignup = router.asPath.startsWith("/signup");
const isCalcom = process.env.NEXT_PUBLIC_WEBAPP_URL === "https://app.cal.com";
+
+ // In case of invalid email verification token, we intentionally redirect to 404 from the API
+ const isInvalidToken = router.asPath === "/404";
+
/**
* If we're on 404 and the route is insights it means it is disabled
* TODO: Abstract this for all disabled features
@@ -200,12 +204,18 @@ export default function Custom404() {
{t("error_404")}
- {isSuccessPage ? "Booking not found" : t("page_doesnt_exist")}
+ {isSuccessPage
+ ? t("booking_not_found")
+ : isInvalidToken
+ ? t("invalid_verification_link")
+ : t("page_doesnt_exist")}
{isSubpage ? (
{t("check_spelling_mistakes_or_go_back")}
+ ) : isInvalidToken ? (
+ {t("token_invalid_expired")}
) : isCalcom ? (
{t("the_username")}{" "}
diff --git a/apps/web/pages/api/auth/verify-email.ts b/apps/web/pages/api/auth/verify-email.ts
index 3890cdd6a7..c43ce0aac2 100644
--- a/apps/web/pages/api/auth/verify-email.ts
+++ b/apps/web/pages/api/auth/verify-email.ts
@@ -19,11 +19,11 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
});
if (!foundToken) {
- return res.status(401).json({ message: "No token found" });
+ return res.redirect(`${WEBAPP_URL}/404`);
}
if (dayjs(foundToken?.expires).isBefore(dayjs())) {
- return res.status(401).json({ message: "Token expired" });
+ return res.redirect(`${WEBAPP_URL}/404`);
}
const user = await prisma.user.update({
diff --git a/apps/web/public/static/locales/en/common.json b/apps/web/public/static/locales/en/common.json
index ac4177fa07..e97d0966c6 100644
--- a/apps/web/public/static/locales/en/common.json
+++ b/apps/web/public/static/locales/en/common.json
@@ -349,6 +349,7 @@
"no_status_bookings_yet_description": "You have no {{status}} bookings. {{description}}",
"event_between_users": "{{eventName}} between {{host}} and {{attendeeName}}",
"bookings": "Bookings",
+ "booking_not_found":"Booking not found",
"bookings_description": "See upcoming and past events booked through your event type links.",
"upcoming_bookings": "As soon as someone books a time with you it will show up here.",
"recurring_bookings": "As soon as someone books a recurring meeting with you it will show up here.",
@@ -1725,6 +1726,7 @@
"app_is_connected": "{{dependencyName}} is connected",
"requires_app": "Requires {{dependencyName}}",
"verification_code": "Verification code",
+ "invalid_verification_link": "Invalid verification link",
"can_you_try_again": "Can you try again with a different time?",
"verify": "Verify",
"timezone_info": "The timezone of the person receiving",