Merge pull request #350 from authorizerdev/fix/redirect-uri-error

[server]fix: error redirection for email verification
revert change for forgot password
2023-05-12 16:43:38 +05:30 · 2023-05-12 16:39:02 +05:30 · 2023-05-02 18:39:10 +05:30 · 2023-04-24 09:32:38 +05:30 · 2023-04-23 17:31:24 +05:30 · 2023-04-22 15:21:47 +05:30
10 changed files with 76 additions and 38 deletions
--- a/dashboard/src/components/EnvComponents/Features.tsx
+++ b/dashboard/src/components/EnvComponents/Features.tsx
@@ -8,86 +8,90 @@ const Features = ({ variables, setVariables }: any) => {
 		<div>
 			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
-				Disable Features
+				Features
 			</Text>
 			<Stack spacing={6}>
 				<Flex>
 					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Disable Login Page:</Text>
+						<Text fontSize="sm">Login Page:</Text>
 					</Flex>
 					<Flex justifyContent="start">
 						<InputField
 							variables={variables}
 							setVariables={setVariables}
 							inputType={SwitchInputType.DISABLE_LOGIN_PAGE}
+							hasReversedValue
 						/>
 					</Flex>
 				</Flex>
 				<Flex>
 					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Disable Email Verification:</Text>
+						<Text fontSize="sm">Email Verification:</Text>
 					</Flex>
 					<Flex justifyContent="start">
 						<InputField
 							variables={variables}
 							setVariables={setVariables}
 							inputType={SwitchInputType.DISABLE_EMAIL_VERIFICATION}
+							hasReversedValue
 						/>
 					</Flex>
 				</Flex>
 				<Flex>
 					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Disable Magic Login Link:</Text>
+						<Text fontSize="sm">Magic Login Link:</Text>
 					</Flex>
 					<Flex justifyContent="start">
 						<InputField
 							variables={variables}
 							setVariables={setVariables}
 							inputType={SwitchInputType.DISABLE_MAGIC_LINK_LOGIN}
+							hasReversedValue
 						/>
 					</Flex>
 				</Flex>
 				<Flex>
 					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Disable Basic Authentication:</Text>
+						<Text fontSize="sm">Basic Authentication:</Text>
 					</Flex>
 					<Flex justifyContent="start">
 						<InputField
 							variables={variables}
 							setVariables={setVariables}
 							inputType={SwitchInputType.DISABLE_BASIC_AUTHENTICATION}
+							hasReversedValue
 						/>
 					</Flex>
 				</Flex>
 				<Flex>
 					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Disable Sign Up:</Text>
+						<Text fontSize="sm">Sign Up:</Text>
 					</Flex>
 					<Flex justifyContent="start" mb={3}>
 						<InputField
 							variables={variables}
 							setVariables={setVariables}
 							inputType={SwitchInputType.DISABLE_SIGN_UP}
+							hasReversedValue
 						/>
 					</Flex>
 				</Flex>
 				<Flex>
 					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Disable Strong Password:</Text>
+						<Text fontSize="sm">Strong Password:</Text>
 					</Flex>
 					<Flex justifyContent="start" mb={3}>
 						<InputField
 							variables={variables}
 							setVariables={setVariables}
 							inputType={SwitchInputType.DISABLE_STRONG_PASSWORD}
+							hasReversedValue
 						/>
 					</Flex>
 				</Flex>
 				<Flex alignItems="center">
 					<Flex w="100%" alignItems="baseline" flexDir="column">
-						<Text fontSize="sm">
-							Disable Multi Factor Authentication (MFA):
-						</Text>
+						<Text fontSize="sm">Multi Factor Authentication (MFA):</Text>
 						<Text fontSize="x-small">
 							Note: Enabling this will ignore Enforcing MFA shown below and will
 							also ignore the user MFA setting.
@@ -98,15 +102,10 @@ const Features = ({ variables, setVariables }: any) => {
 							variables={variables}
 							setVariables={setVariables}
 							inputType={SwitchInputType.DISABLE_MULTI_FACTOR_AUTHENTICATION}
+							hasReversedValue
 						/>
 					</Flex>
 				</Flex>
-			</Stack>
-			<Divider paddingY={5} />
-			<Text fontSize="md" paddingTop={5} fontWeight="bold" mb={5}>
-				Enable Features
-			</Text>
-			<Stack spacing={6}>
 				<Flex alignItems="center">
 					<Flex w="100%" alignItems="baseline" flexDir="column">
 						<Text fontSize="sm">
--- a/dashboard/src/components/InputField.tsx
+++ b/dashboard/src/components/InputField.tsx
@@ -48,6 +48,8 @@ const InputField = ({
 	fieldVisibility,
 	setFieldVisibility,
 	availableRoles,
+	// This prop is added to improve the user experience for the boolean ENV variable having `DISABLE_` prefix, as those values need to be considered in inverted form.
+	hasReversedValue,
 	...downshiftProps
 }: any) => {
 	const props = {
@@ -398,7 +400,9 @@ const InputField = ({
 				</Text>
 				<Switch
 					size="md"
-					isChecked={variables[inputType]}
+					isChecked={
+						hasReversedValue ? !variables[inputType] : variables[inputType]
+					}
 					onChange={() => {
 						setVariables({
 							...variables,
--- a/server/handlers/verify_email.go
+++ b/server/handlers/verify_email.go
@@ -24,21 +24,22 @@ import (
 // It verifies email based on JWT token in query string
 func VerifyEmailHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		redirectURL := strings.TrimSpace(c.Query("redirect_uri"))
 		errorRes := gin.H{
-			"error": "invalid_token",
+			"error": "token is required",
 		}
 		tokenInQuery := c.Query("token")
 		if tokenInQuery == "" {
 			log.Debug("Token is empty")
-			c.JSON(400, errorRes)
+			utils.HandleRedirectORJsonResponse(c, http.StatusBadRequest, errorRes, generateRedirectURL(redirectURL, errorRes))
 			return
 		}

 		verificationRequest, err := db.Provider.GetVerificationRequestByToken(c, tokenInQuery)
 		if err != nil {
 			log.Debug("Error getting verification request: ", err)
-			errorRes["error_description"] = err.Error()
-			c.JSON(400, errorRes)
+			errorRes["error"] = err.Error()
+			utils.HandleRedirectORJsonResponse(c, http.StatusBadRequest, errorRes, generateRedirectURL(redirectURL, errorRes))
 			return
 		}

@@ -47,23 +48,23 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		claim, err := token.ParseJWTToken(tokenInQuery)
 		if err != nil {
 			log.Debug("Error parsing token: ", err)
-			errorRes["error_description"] = err.Error()
-			c.JSON(400, errorRes)
+			errorRes["error"] = err.Error()
+			utils.HandleRedirectORJsonResponse(c, http.StatusBadRequest, errorRes, generateRedirectURL(redirectURL, errorRes))
 			return
 		}

 		if ok, err := token.ValidateJWTClaims(claim, hostname, verificationRequest.Nonce, verificationRequest.Email); !ok || err != nil {
 			log.Debug("Error validating jwt claims: ", err)
-			errorRes["error_description"] = err.Error()
-			c.JSON(400, errorRes)
+			errorRes["error"] = err.Error()
+			utils.HandleRedirectORJsonResponse(c, http.StatusBadRequest, errorRes, generateRedirectURL(redirectURL, errorRes))
 			return
 		}

 		user, err := db.Provider.GetUserByEmail(c, verificationRequest.Email)
 		if err != nil {
 			log.Debug("Error getting user: ", err)
-			errorRes["error_description"] = err.Error()
-			c.JSON(400, errorRes)
+			errorRes["error"] = err.Error()
+			utils.HandleRedirectORJsonResponse(c, http.StatusBadRequest, errorRes, generateRedirectURL(redirectURL, errorRes))
 			return
 		}

@@ -79,7 +80,6 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		db.Provider.DeleteVerificationRequest(c, verificationRequest)

 		state := strings.TrimSpace(c.Query("state"))
-		redirectURL := strings.TrimSpace(c.Query("redirect_uri"))
 		rolesString := strings.TrimSpace(c.Query("roles"))
 		var roles []string
 		if rolesString == "" {
@@ -125,8 +125,8 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod, nonce, code)
 		if err != nil {
 			log.Debug("Error creating auth token: ", err)
-			errorRes["error_description"] = err.Error()
-			c.JSON(500, errorRes)
+			errorRes["error"] = err.Error()
+			utils.HandleRedirectORJsonResponse(c, http.StatusInternalServerError, errorRes, generateRedirectURL(redirectURL, errorRes))
 			return
 		}

@@ -135,7 +135,7 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		// if code != "" {
 		// 	if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
 		// 		log.Debug("Error setting code state ", err)
-		// 		errorRes["error_description"] = err.Error()
+		// 		errorRes["error"] = err.Error()
 		// 		c.JSON(500, errorRes)
 		// 		return
 		// 	}
@@ -189,3 +189,21 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		c.Redirect(http.StatusTemporaryRedirect, redirectURL)
 	}
 }
+
+func generateRedirectURL(url string, res map[string]interface{}) string {
+	redirectURL := url
+	if redirectURL == "" {
+		return ""
+	}
+	var paramsArr []string
+	for key, value := range res {
+		paramsArr = append(paramsArr, key+"="+value.(string))
+	}
+	params := strings.Join(paramsArr, "&")
+	if strings.Contains(redirectURL, "?") {
+		redirectURL = redirectURL + "&" + params
+	} else {
+		redirectURL = redirectURL + "?" + strings.TrimPrefix(params, "&")
+	}
+	return redirectURL
+}
--- a/server/resolvers/magic_link_login.go
+++ b/server/resolvers/magic_link_login.go
@@ -224,7 +224,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		go email.SendEmail([]string{params.Email}, constants.VerificationTypeMagicLinkLogin, map[string]interface{}{
 			"user":             user.ToMap(),
 			"organization":     utils.GetOrganization(),
-			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname),
+			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
 		})
 	}

--- a/server/resolvers/resend_verify_email.go
+++ b/server/resolvers/resend_verify_email.go
@@ -83,7 +83,7 @@ func ResendVerifyEmailResolver(ctx context.Context, params model.ResendVerifyEma
 	go email.SendEmail([]string{params.Email}, params.Identifier, map[string]interface{}{
 		"user":             user.ToMap(),
 		"organization":     utils.GetOrganization(),
-		"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname),
+		"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, verificationRequest.RedirectURI),
 	})

 	res = &model.Response{
--- a/server/resolvers/signup.go
+++ b/server/resolvers/signup.go
@@ -227,7 +227,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 			email.SendEmail([]string{params.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
 				"user":             user.ToMap(),
 				"organization":     utils.GetOrganization(),
-				"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname),
+				"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
 			})
 			utils.RegisterEvent(ctx, constants.UserCreatedWebhookEvent, constants.AuthRecipeMethodBasicAuth, user)
 		}()
--- a/server/resolvers/update_profile.go
+++ b/server/resolvers/update_profile.go
@@ -259,7 +259,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 			go email.SendEmail([]string{user.Email}, verificationType, map[string]interface{}{
 				"user":             user.ToMap(),
 				"organization":     utils.GetOrganization(),
-				"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname),
+				"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
 			})

 		}
--- a/server/resolvers/update_user.go
+++ b/server/resolvers/update_user.go
@@ -164,7 +164,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		go email.SendEmail([]string{user.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
 			"user":             user.ToMap(),
 			"organization":     utils.GetOrganization(),
-			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname),
+			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
 		})

 	}
--- a/server/utils/common.go
+++ b/server/utils/common.go
@@ -92,6 +92,6 @@ func GetInviteVerificationURL(verificationURL, token, redirectURI string) string
 }

 // GetEmailVerificationURL to get url for invite email verification
-func GetEmailVerificationURL(token, hostname string) string {
-	return hostname + "/verify_email?token=" + token
+func GetEmailVerificationURL(token, hostname, redirectURI string) string {
+	return hostname + "/verify_email?token=" + token + "&redirect_uri=" + redirectURI
 }
--- a/server/utils/response.go
+++ b/server/utils/response.go
@@ -0,0 +1,17 @@
+package utils
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+// HandleRedirectORJsonResponse handles the response based on redirectURL
+func HandleRedirectORJsonResponse(c *gin.Context, httpResponse int, response map[string]interface{}, redirectURL string) {
+	if strings.TrimSpace(redirectURL) == "" {
+		c.JSON(httpResponse, response)
+	} else {
+		c.Redirect(http.StatusTemporaryRedirect, redirectURL)
+	}
+}
Author	SHA1	Message	Date
Lakhan Samani	f291417378	Merge pull request #350 from authorizerdev/fix/redirect-uri-error [server]fix: error redirection for email verification	2023-05-12 16:43:38 +05:30
Lakhan Samani	f831379d27	revert change for forgot password	2023-05-12 16:39:02 +05:30
Lakhan Samani	a50f6becbd	[server]fix: error redirection for email verification	2023-05-02 18:39:10 +05:30
Lakhan Samani	a6f6e0b18a	Merge pull request #349 from darshvaghela/main	2023-04-24 09:32:38 +05:30
darshvaghela	3868157e11	refactored code	2023-04-23 17:31:24 +05:30
darshvaghela	d693c05483	Features enhancement (Disable/Enable)	2023-04-22 15:21:47 +05:30