Inform the user about invalid email verification codes

2023-10-31 20:04:40 +02:00 · 2023-10-31 20:04:40 +02:00 · 8c100e167b
parent 1612bc6ff6
commit 8c100e167b
3 changed files with 8 additions and 4 deletions
--- a/backend/src/Datarekisteri/Backend/API.hs
+++ b/backend/src/Datarekisteri/Backend/API.hs
@ -162,7 +162,7 @@ resolveMutation :: (MonadRequest m, MonadEmail m, MonadRandom m, MonadTime m,
    MonadDB m, MonadError GQLError m, MonadPermissions m) => Mutation m
 resolveMutation = Mutation
    { apply = newUser
-    , verifyEmail = \(Arg secret) -> voidU $ dbVerifyEmail secret
+    , verifyEmail = \(Arg secret) -> either (const False) (const True) <$> dbVerifyEmail secret
    , resendVerificationEmail = \(Arg id) -> targetUser id >>= dbGetUserPendingEmail >>= liftDBEither >>=
        maybe (pure Unit) (dbGetUserByEmail >=> liftDBEither >=> voidU . sendVerificationSecret)
    , update = \updateArgs (Arg id) -> targetUser id >>= \user ->
@ -258,7 +258,7 @@ data Query m = Query

 data Mutation m = Mutation
    { apply :: ApplicationArgs -> m (User m)
-    , verifyEmail :: Arg "secret" Text -> m Unit
+    , verifyEmail :: Arg "secret" Text -> m Bool
    , resendVerificationEmail :: Arg "user" (Maybe UserID) -> m Unit
    , update :: UpdateArgs -> Arg "user" (Maybe UserID) -> m (User m)
    , newToken :: NewTokenArgs -> m (Token m)
--- a/frontend/schema.gql
+++ b/frontend/schema.gql
@ -65,7 +65,7 @@ type Query {

 type Mutation {
  apply(email: Email!, phoneNumber: PhoneNumber!, password: String!, name: String!, nickname: String, birthdate: Date!, homeplace: String!, application: String!): User!
-  verifyEmail(secret: String!): Unit!
+  verifyEmail(secret: String!): Boolean!
  resendVerificationEmail(user: UserID): Unit!
  update(email: Email, phoneNumber: PhoneNumber, password: String, name: String, nickname: String, homeplace: String, application: String, user: UserID): User!
  newToken(comment: String, name: String, permissions: String): Token!
--- a/frontend/src/Datarekisteri/Frontend/Handlers/VerifyEmail.hs
+++ b/frontend/src/Datarekisteri/Frontend/Handlers/VerifyEmail.hs
@ -36,7 +36,11 @@ postVerifyEmailR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Hand
 postVerifyEmailR = do
    ((result, widget), enctype) <- runFormPost verifyForm
    case result of
-      FormSuccess verify -> apiRequest @VerifyEmail False verify >> setMessage "Sähköpostiosoite vahvistettu" >> redirect OwnProfileR
+      FormSuccess verify -> do
+          success <- apiRequest @VerifyEmail False verify
+          case success of
+            VerifyEmail True -> setMessage "Sähköpostiosoite vahvistettu" >> redirect OwnProfileR
+            VerifyEmail False -> setMessage "Virheellinen vahvistuskoodi" >> redirect VerifyEmailR
      _ -> defaultLayout $ verifyEmailW (widget, enctype)

 verifyEmailW (codeWidget, codeEnctype) = do