fix: make invite and confirmations long lived (#1309)

Previously we would delete all invites and confirmation tokens upon completing the action that they represent. This change instead adds a flag on each token indicating whether it has been completed so we can action a completed token differently in the UI to reduce confusion for users. This had been brought up a number of times where confirmation emails, team member invites and other items may have been actioned and forgotten about causing an error toast/page upon subsequent revisit.
2025-11-13 08:13:56 +10:00 · 2024-08-28 14:08:35 +10:00
parent 7943ed5353
commit dfa89ffe44
18 changed files with 352 additions and 97 deletions
--- a/packages/lib/next-auth/auth-options.ts
+++ b/packages/lib/next-auth/auth-options.ts
@ -17,6 +17,7 @@ import { AppError, AppErrorCode } from '../errors/app-error';
 import { jobsClient } from '../jobs/client';
 import { isTwoFactorAuthenticationEnabled } from '../server-only/2fa/is-2fa-availble';
 import { validateTwoFactorAuthentication } from '../server-only/2fa/validate-2fa';
+import { decryptSecondaryData } from '../server-only/crypto/decrypt';
 import { getMostRecentVerificationTokenByUserId } from '../server-only/user/get-most-recent-verification-token-by-user-id';
 import { getUserByEmail } from '../server-only/user/get-user-by-email';
 import type { TAuthenticationResponseJSONSchema } from '../types/webauthn';
@ -267,6 +268,55 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
          },
        });

+        return {
+          id: Number(user.id),
+          email: user.email,
+          name: user.name,
+          emailVerified: user.emailVerified?.toISOString() ?? null,
+        } satisfies User;
+      },
+    }),
+    CredentialsProvider({
+      id: 'manual',
+      name: 'Manual',
+      credentials: {
+        credential: { label: 'Credential', type: 'credential' },
+      },
+      async authorize(credentials, req) {
+        const credential = credentials?.credential;
+
+        if (typeof credential !== 'string' || credential.length === 0) {
+          throw new AppError(AppErrorCode.INVALID_REQUEST);
+        }
+
+        const decryptedCredential = decryptSecondaryData(credential);
+
+        if (!decryptedCredential) {
+          throw new AppError(AppErrorCode.INVALID_REQUEST);
+        }
+
+        const parsedCredential = JSON.parse(decryptedCredential);
+
+        if (typeof parsedCredential !== 'object' || parsedCredential === null) {
+          throw new AppError(AppErrorCode.INVALID_REQUEST);
+        }
+
+        const { userId, email } = parsedCredential;
+
+        if (typeof userId !== 'number' || typeof email !== 'string') {
+          throw new AppError(AppErrorCode.INVALID_REQUEST);
+        }
+
+        const user = await prisma.user.findFirst({
+          where: {
+            id: userId,
+          },
+        });
+
+        if (!user) {
+          throw new AppError(AppErrorCode.INVALID_REQUEST);
+        }
+
        return {
          id: Number(user.id),
          email: user.email,