matt/monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes
All checks were successful
Build And Push Image / docker (push) Successful in 3m45s
Details

Browse Source
This commit is contained in:
Matt
2025-08-13 17:16:22 +02:00
parent b833826a1e
commit e097fb746f
3 changed files with 113 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
server/api/auth/verify-email.get.ts
View File

@@ -3,10 +3,8 @@ export default defineEventHandler(async (event) => {
const { token } = getQuery(event);
if (!token || typeof token !== 'string') {
throw createError({
statusCode: 400,
statusMessage: 'Verification token is required'
});
console.log('[verify-email] Missing or invalid token, redirecting to expired page');
return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
}
console.log('[verify-email] Processing verification token...');
@@ -35,54 +33,54 @@ export default defineEventHandler(async (event) => {
// ONLY consume token after successful Keycloak update
await consumeEmailToken(token);
} catch (keycloakError: any) {
console.error('[verify-email] Keycloak update failed:', keycloakError.message);
} catch (keycloakUpdateError: any) {
console.error('[verify-email] Keycloak update failed:', keycloakUpdateError.message);
// Check if this is a retryable error or a permanent failure
if (keycloakError.message?.includes('error-user-attribute-required')) {
if (keycloakUpdateError.message?.includes('error-user-attribute-required')) {
// This is a configuration issue - don't consume token, allow retries
console.log('[verify-email] Keycloak configuration error - token preserved for retry');
partialSuccess = true;
keycloakError = keycloakError.message;
keycloakError = keycloakUpdateError.message;
} else {
// For other errors, still consume token to prevent infinite retries
console.log('[verify-email] Consuming token despite Keycloak error to prevent loops');
await consumeEmailToken(token);
partialSuccess = true;
keycloakError = keycloakError.message;
keycloakError = keycloakUpdateError.message;
}
}
// Return JSON response for client-side navigation
return {
success: true,
data: {
userId,
email,
partialSuccess,
keycloakError: keycloakError || undefined
}
};
// Build success redirect URL with query parameters
const successUrl = new URL('/auth/verify-success', 'https://portal.monacousa.org');
successUrl.searchParams.set('email', email);
if (partialSuccess && keycloakError) {
successUrl.searchParams.set('warning', 'partial');
console.log('[verify-email] Redirecting to success page with partial warning');
} else {
console.log('[verify-email] Redirecting to success page - verification complete');
}
// Redirect to success page instead of returning JSON
return sendRedirect(event, successUrl.pathname + successUrl.search, 302);
} catch (error: any) {
console.error('[verify-email] Verification failed:', error.message);
// Return error response
// Redirect to appropriate error page instead of throwing errors
if (error.message?.includes('expired')) {
throw createError({
statusCode: 410,
statusMessage: 'Verification link has expired. Please request a new one.'
});
} else if (error.message?.includes('already used') || error.message?.includes('not found')) {
throw createError({
statusCode: 409,
statusMessage: 'This verification link has already been used or is invalid.'
});
console.log('[verify-email] Token expired, redirecting to expired page');
return sendRedirect(event, '/auth/verify-expired?reason=expired', 302);
} else if (error.message?.includes('already used')) {
console.log('[verify-email] Token already used, redirecting to expired page');
return sendRedirect(event, '/auth/verify-expired?reason=used', 302);
} else if (error.message?.includes('not found')) {
console.log('[verify-email] Token not found, redirecting to expired page');
return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
} else {
throw createError({
statusCode: 400,
statusMessage: error.message || 'Invalid verification link'
});
console.log('[verify-email] Generic verification error, redirecting to expired page');
return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
}
}
});