fix: polish

apps/web/src/app/(signing)/sign/[token]/document-auth-provider.tsx

@@ -1,6 +1,6 @@
 'use client';
 
-import { createContext, useCallback, useContext, useMemo, useState } from 'react';
+import { createContext, useContext, useEffect, useMemo, useState } from 'react';
 
 import { match } from 'ts-pattern';
 
@@ -113,15 +113,6 @@ export const DocumentAuthProvider = ({
     isError: passkeyQuery.isError,
   };
 
-  const refetchPasskeys = useCallback(async () => {
-    const { data } = await passkeyQuery.refetch();
-
-    if (!preferredPasskeyId && data && data.data.length > 0) {
-      setPreferredPasskeyId(data.data[0].id);
-    }
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [preferredPasskeyId]);
-
   const [documentAuthDialogPayload, setDocumentAuthDialogPayload] =
     useState<ExecuteActionAuthProcedureOptions | null>(null);
 
@@ -168,11 +159,25 @@ export const DocumentAuthProvider = ({
     });
   };
 
+  useEffect(() => {
+    const { passkeys } = passkeyData;
+
+    if (!preferredPasskeyId && passkeys.length > 0) {
+      setPreferredPasskeyId(passkeys[0].id);
+    }
+
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [passkeyData.passkeys]);
+
   const isAuthRedirectRequired = Boolean(
     DOCUMENT_AUTH_TYPES[derivedRecipientActionAuth || '']?.isAuthRedirectRequired &&
       !preCalculatedActionAuthOptions,
   );
 
+  const refetchPasskeys = async () => {
+    await passkeyQuery.refetch();
+  };
+
   return (
     <DocumentAuthContext.Provider
       value={{

apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx

@@ -31,7 +31,8 @@ export const SignDialog = ({
   onSignatureComplete,
   role,
 }: SignDialogProps) => {
-  const { executeActionAuthProcedure, isAuthRedirectRequired } = useRequiredDocumentAuthContext();
+  const { executeActionAuthProcedure, isAuthRedirectRequired, isCurrentlyAuthenticating } =
+    useRequiredDocumentAuthContext();
 
   const [showDialog, setShowDialog] = useState(false);
   const truncatedTitle = truncateTitle(document.title);
@@ -103,7 +104,7 @@ export const SignDialog = ({
               type="button"
               className="flex-1"
               disabled={!isComplete}
-              loading={isSubmitting}
+              loading={isSubmitting || isCurrentlyAuthenticating}
               onClick={onSignatureComplete}
             >
               {role === RecipientRole.VIEWER && 'Mark as Viewed'}

packages/app-tests/e2e/document-auth/action-auth.spec.ts

@@ -151,7 +151,7 @@ test('[DOCUMENT_AUTH]: should deny signing document when required for global aut
 
   await page.getByRole('button', { name: 'Complete' }).click();
   await expect(page.getByRole('paragraph')).toContainText(
-    'Reauthentication is required to sign the document',
+    'Reauthentication is required to sign this document',
   );
 
   await unseedUser(user.id);
@@ -186,7 +186,7 @@ test('[DOCUMENT_AUTH]: should deny signing fields when required for global auth'
     for (const field of Field) {
       await page.locator(`#field-${field.id}`).getByRole('button').click();
       await expect(page.getByRole('paragraph')).toContainText(
-        'Reauthentication is required to sign the field',
+        'Reauthentication is required to sign this field',
       );
       await page.getByRole('button', { name: 'Cancel' }).click();
     }
@@ -251,7 +251,7 @@ test('[DOCUMENT_AUTH]: should allow field signing when required for recipient au
       for (const field of Field) {
         await page.locator(`#field-${field.id}`).getByRole('button').click();
         await expect(page.getByRole('paragraph')).toContainText(
-          'Reauthentication is required to sign the field',
+          'Reauthentication is required to sign this field',
         );
         await page.getByRole('button', { name: 'Cancel' }).click();
       }
@@ -358,7 +358,7 @@ test('[DOCUMENT_AUTH]: should allow field signing when required for recipient an
       for (const field of Field) {
         await page.locator(`#field-${field.id}`).getByRole('button').click();
         await expect(page.getByRole('paragraph')).toContainText(
-          'Reauthentication is required to sign the field',
+          'Reauthentication is required to sign this field',
         );
         await page.getByRole('button', { name: 'Cancel' }).click();
       }

packages/lib/server-only/document/is-recipient-authorized.ts

@@ -67,6 +67,13 @@ export const isRecipientAuthorized = async ({
     return true;
   }
 
+  // Create auth options when none are passed for account.
+  if (!authOptions && authMethod === DocumentAuth.ACCOUNT) {
+    authOptions = {
+      type: DocumentAuth.ACCOUNT,
+    };
+  }
+
   // Authentication required does not match provided method.
   if (!authOptions || authOptions.type !== authMethod) {
     return false;