Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Handling non success status codes on "/verify" call #1100

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Handling non success status codes on "/verify" call #1100

wants to merge 1 commit into from

Conversation

Dastaan2k
Copy link
Contributor

Handling non success status codes from the "/verify" call caused when the magic link is invalid or expired.
Current commit will return AuthResponse with null user and session returning to the "not logged in" state.

@Dastaan2k Dastaan2k changed the title Handling non success status codes on "/verify" call fix : Handling non success status codes on "/verify" call Dec 13, 2024
@Dastaan2k Dastaan2k changed the title fix : Handling non success status codes on "/verify" call fix: Handling non success status codes on "/verify" call Dec 13, 2024
@Vinzent03
Copy link
Collaborator

Vinzent03 commented Dec 13, 2024
edited
Loading

I think the current implementation is better. By just catching every exception, the dev doesn't know what's wrong. If we actually would want to handle that case, we should not just return an empty session, but log the user out as well.
By catching the exception yourself, you can still log out.

Just as a note, it's a bit strange that your commit is done by a different user than your account creating the pr.

@Dastaan2k
Copy link
Contributor Author

I understood your point. Now that I think about it, my way of handling the error is not a good approach.

But wouldn't it be better to catch the exception on package side and publish a new auth event on expired/invalid magic login link (Or a unique event to listen to as expired links would be a common scenario in invites/recover passwords etc.) considering most apps will be managing their primary state based on the live auth event received and whether the link is expired or not will be determined within the package itself.

      if(ref.watch(authStateChangeProvider).value!.event == AuthChangeEvent.tokenRefreshed) {
        return CustomResponse(body: null, error: true, statusCode: 404);       /// Handle force Logout
      }
     else if(ref.watch(authStateChangeProvider).value!.event == AuthChangeEvent.linkExpired) {
        return CustomResponse(body: null, error: true, statusCode: -4);        //// Handle Expired/Invalid Link  State
      }
      else if (ref.watch(authStateChangeProvider).value!.event == AuthChangeEvent.passwordRecovery) {
        return CustomResponse(body: null, error: true, statusCode: -3);        /// Handle Password Recovery
      }
      else if(ref.watch(authStateChangeProvider).value!.event == AuthChangeEvent.signedOut) {
        return CustomResponse(body: null, error: true, statusCode: 404);     /// Handle Logout
      }

Also thanks for the note, both of them are my accounts, forgot to swap my Github account on Android Studio pre-commit. Created PR from a different device with my personal account 😅.

Will keep in mind next time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Dastaan2k @Vinzent03 @sarvesh-dalvi-1