fix: make invite and confirmations long lived (#1309)

Previously we would delete all invites and confirmation tokens upon completing the action that they represent. This change instead adds a flag on each token indicating whether it has been completed so we can action a completed token differently in the UI to reduce confusion for users. This had been brought up a number of times where confirmation emails, team member invites and other items may have been actioned and forgotten about causing an error toast/page upon subsequent revisit.
2024-08-28 14:08:35 +10:00
parent 7943ed5353
commit dfa89ffe44
18 changed files with 352 additions and 97 deletions
--- a/packages/lib/server-only/user/verify-email.ts
+++ b/packages/lib/server-only/user/verify-email.ts
@@ -4,6 +4,13 @@ import { prisma } from '@documenso/prisma';

 import { jobsClient } from '../../jobs/client';

+export const EMAIL_VERIFICATION_STATE = {
+  NOT_FOUND: 'NOT_FOUND',
+  VERIFIED: 'VERIFIED',
+  EXPIRED: 'EXPIRED',
+  ALREADY_VERIFIED: 'ALREADY_VERIFIED',
+} as const;
+
 export type VerifyEmailProps = {
  token: string;
 };
@@ -19,7 +26,7 @@ export const verifyEmail = async ({ token }: VerifyEmailProps) => {
  });

  if (!verificationToken) {
-    return null;
+    return EMAIL_VERIFICATION_STATE.NOT_FOUND;
  }

  // check if the token is valid or expired
@@ -48,10 +55,14 @@ export const verifyEmail = async ({ token }: VerifyEmailProps) => {
      });
    }

-    return valid;
+    return EMAIL_VERIFICATION_STATE.EXPIRED;
  }

-  const [updatedUser, deletedToken] = await prisma.$transaction([
+  if (verificationToken.completed) {
+    return EMAIL_VERIFICATION_STATE.ALREADY_VERIFIED;
+  }
+
+  const [updatedUser] = await prisma.$transaction([
    prisma.user.update({
      where: {
        id: verificationToken.userId,
@@ -60,16 +71,28 @@ export const verifyEmail = async ({ token }: VerifyEmailProps) => {
        emailVerified: new Date(),
      },
    }),
+    prisma.verificationToken.updateMany({
+      where: {
+        userId: verificationToken.userId,
+      },
+      data: {
+        completed: true,
+      },
+    }),
+    // Tidy up old expired tokens
    prisma.verificationToken.deleteMany({
      where: {
        userId: verificationToken.userId,
+        expires: {
+          lt: new Date(),
+        },
      },
    }),
  ]);

-  if (!updatedUser || !deletedToken) {
+  if (!updatedUser) {
    throw new Error('Something went wrong while verifying your email. Please try again.');
  }

-  return !!updatedUser && !!deletedToken;
+  return EMAIL_VERIFICATION_STATE.VERIFIED;
 };