From 4a721279c0d9976ab24c55501f2de957a4e651e5 Mon Sep 17 00:00:00 2001
From: Komninos Chatzipapas <komninoschat@gmail.com>
Date: Fri, 11 Jun 2021 11:50:29 +0300
Subject: [PATCH] Correct redirect for magic link (#571)

* Correct redirect for magic link.

* fix: magic link

* use register instead of sign-up for Magic Link

Co-authored-by: Johan Eliasson <johan@nhost.io>
Co-authored-by: elitan <johan@eliasson.me>
---
 src/routes/auth/auth.test.ts  |  4 ++--
 src/routes/auth/magic-link.ts | 36 +++++------------------------------
 src/routes/auth/register.ts   |  4 ++--
 src/shared/validation.ts      |  2 +-
 4 files changed, 10 insertions(+), 36 deletions(-)

diff --git a/src/routes/auth/auth.test.ts b/src/routes/auth/auth.test.ts
index 73f816ae..50978087 100644
--- a/src/routes/auth/auth.test.ts
+++ b/src/routes/auth/auth.test.ts
@@ -83,7 +83,7 @@ it('should create an account without a password when magic link login is enabled
       await deleteMailHogEmail(message)
 
       {
-        const { status } = await request.get(`/auth/magic-link?action=sign-up&token=${token}`)
+        const { status } = await request.get(`/auth/magic-link?action=register&token=${token}`)
         expect(status).toBe(302)
       }
     }
@@ -284,7 +284,7 @@ it('should sign the user in without password when magic link is enabled', async
       const token = await getHeaderFromLatestEmailAndDelete(email, 'X-Token')
 
       {
-        const { status } = await request.get(`/auth/magic-link?action=sign-up&token=${token}`)
+        const { status } = await request.get(`/auth/magic-link?action=register&token=${token}`)
         expect(status).toBe(302)
       }
 
diff --git a/src/routes/auth/magic-link.ts b/src/routes/auth/magic-link.ts
index 6bf4845a..8cc9a699 100644
--- a/src/routes/auth/magic-link.ts
+++ b/src/routes/auth/magic-link.ts
@@ -6,19 +6,16 @@ import { asyncWrapper } from '@shared/helpers'
 import { request } from '@shared/request'
 import { v4 as uuidv4 } from 'uuid'
 import { magicLinkQuery } from '@shared/validation'
-import { AccountData, Session, UpdateAccountData, UserData } from '@shared/types'
-import { createHasuraJwt, newJwtExpiry } from '@shared/jwt'
+import { AccountData, UpdateAccountData } from '@shared/types'
 import { setRefreshToken } from '@shared/helpers'
 
 async function magicLink({ query }: Request, res: Response): Promise<unknown> {
   const { token, action } = await magicLinkQuery.validateAsync(query);
 
   let refresh_token = token;
-
-  if (action === 'sign-up') {
+  if (action === 'register') {
     const new_ticket = uuidv4()
     let hasuraData: UpdateAccountData
-
     try {
       hasuraData = await request<UpdateAccountData>(activateAccount, {
         ticket: token,
@@ -32,12 +29,9 @@ async function magicLink({ query }: Request, res: Response): Promise<unknown> {
       }
       throw err
     }
-
     const { affected_rows, returning } = hasuraData.update_auth_accounts
-
     if (!affected_rows) {
       console.error('Invalid or expired ticket')
-
       if (APPLICATION.REDIRECT_URL_ERROR) {
         return res.redirect(302, APPLICATION.REDIRECT_URL_ERROR)
       }
@@ -47,39 +41,19 @@ async function magicLink({ query }: Request, res: Response): Promise<unknown> {
 
     refresh_token = await setRefreshToken(returning[0].id)
   }
-
   const hasura_data = await request<{
     auth_refresh_tokens: { account: AccountData }[]
   }>(accountOfRefreshToken, {
     refresh_token,
   })
-
   const account = hasura_data.auth_refresh_tokens?.[0].account;
-
   if (!account) {
     throw Boom.unauthorized('Invalid or expired token.')
   }
 
-  const jwt_token = createHasuraJwt(account)
-  const jwt_expires_in = newJwtExpiry
-  const user: UserData = {
-    id: account.user.id,
-    display_name: account.user.display_name,
-    email: account.email,
-    avatar_url: account.user.avatar_url
-  }
-  const session: Session = { jwt_token, jwt_expires_in, user, refresh_token }
-
-  if (action === 'log-in') {
-    return res.redirect(`${APPLICATION.REDIRECT_URL_SUCCESS}?refresh_token=${refresh_token}`)
-  } else if (action === 'sign-up') {
-    if(APPLICATION.REDIRECT_URL_SUCCESS) {
-      return res.redirect(APPLICATION.REDIRECT_URL_SUCCESS.replace('JWT_TOKEN', token))
-    } else
-      return res.status(200).send('Your account has been activated. You can close this window and login')
-  }
-
-  res.send(session)
+  // Redirect user with refresh token.
+  // This is both for when users log in and register.
+  return res.redirect(`${APPLICATION.REDIRECT_URL_SUCCESS}?refresh_token=${refresh_token}`)
 }
 
 export default asyncWrapper(magicLink)
diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts
index 1a521c7b..aabb97bd 100644
--- a/src/routes/auth/register.ts
+++ b/src/routes/auth/register.ts
@@ -133,8 +133,8 @@ async function registerAccount(req: Request, res: Response): Promise<unknown> {
             url: APPLICATION.SERVER_URL,
             locale: account.locale,
             app_url: APPLICATION.APP_URL,
-            action: 'sign up',
-            action_url: 'sign-up'
+            action: 'register',
+            action_url: 'register'
           }
         })
       } catch (err) {
diff --git a/src/shared/validation.ts b/src/shared/validation.ts
index c6c0bace..473c40c9 100644
--- a/src/shared/validation.ts
+++ b/src/shared/validation.ts
@@ -178,7 +178,7 @@ export const fileMetadataUpdate = Joi.object({
 
 export const magicLinkQuery = Joi.object({
   token: Joi.string().required(),
-  action: Joi.string().valid('log-in', 'sign-up').required(),
+  action: Joi.string().valid('log-in', 'register').required(),
 });
 
 export const providerQuery = Joi.object({