Skip to content

feat(core): guard one-time token on consent request #7160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
charIeszhao merged 1 commit into from
Mar 27, 2025
Merged

feat(core): guard one-time token on consent request #7160

charIeszhao merged 1 commit into from
Mar 27, 2025

Conversation

@charIeszhao
Copy link
Member

@charIeszhao charIeszhao commented Mar 19, 2025
edited
Loading

Summary

  • Guard one-time token on consent request. This makes sure even if the user has an active session, when they use magic sign-in link, the token is still checked before auto-consent.
  • Change the client side navigation mechanism when one_time_token param is presented in the URL. The logic is now handled separately in both /sign-in and /register routes.

Testing

Local dev test

Checklist

  • .changeset
  • unit tests
  • integration tests
  • necessary TSDoc comments

@charIeszhao charIeszhao self-assigned this Mar 19, 2025
@github-actions github-actions bot added the feature Cool stuff label Mar 19, 2025
@github-actions
Copy link

github-actions bot commented Mar 19, 2025
edited
Loading

COMPARE TO master

Total Size Diff 📈 +5.22 KB

Diff by File
Name Diff
packages/core/src/middleware/koa-consent-guard.test.ts 📈 +2.78 KB
packages/core/src/middleware/koa-consent-guard.ts 📈 +1.48 KB
packages/core/src/tenants/Tenant.ts 📈 +143 Bytes
packages/experience/src/App.tsx 📈 +198 Bytes
packages/experience/src/pages/OneTimeToken/index.tsx 📈 +55 Bytes
packages/experience/src/pages/Register/index.tsx 📈 +242 Bytes
packages/experience/src/pages/SignIn/index.tsx 📈 +280 Bytes
packages/experience/src/pages/SwitchAccount/index.module.scss 0 Bytes
packages/experience/src/pages/SwitchAccount/index.tsx 📈 +496 Bytes
packages/experience/src/utils/search-parameters.ts 📈 +428 Bytes

@charIeszhao charIeszhao force-pushed the charles-log-10974-guard-one-time-token-on-auto-consent branch from 90ba6bf to 7a6309d Compare March 19, 2025 10:05
@github-actions github-actions bot added size/m and removed size/s labels Mar 19, 2025
@charIeszhao charIeszhao changed the base branch from charles-log-10876-experience-build-landing-page-to-handle-token-parameter to master March 19, 2025 10:06
@github-actions github-actions bot added size/xl and removed size/m labels Mar 19, 2025
@charIeszhao charIeszhao changed the base branch from master to charles-log-10876-experience-build-landing-page-to-handle-token-parameter March 19, 2025 10:09
@github-actions github-actions bot added size/m and removed size/xl labels Mar 19, 2025
simeng-li
simeng-li reviewed Mar 20, 2025
View reviewed changes
simeng-li
simeng-li previously approved these changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@simeng-li simeng-li left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updates are needed

@simeng-li simeng-li dismissed their stale review March 20, 2025 04:53

should fix the error handling logic

simeng-li
simeng-li requested changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@simeng-li simeng-li left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to fix the email miss match error handling logic.

@charIeszhao charIeszhao force-pushed the charles-log-10876-experience-build-landing-page-to-handle-token-parameter branch 7 times, most recently from c5a27fc to 402e351 Compare March 25, 2025 09:32
@charIeszhao charIeszhao force-pushed the charles-log-10974-guard-one-time-token-on-auto-consent branch from 7a6309d to 4ae5524 Compare March 25, 2025 12:42
Base automatically changed from charles-log-10876-experience-build-landing-page-to-handle-token-parameter to master March 25, 2025 12:58
@charIeszhao charIeszhao force-pushed the charles-log-10974-guard-one-time-token-on-auto-consent branch 2 times, most recently from 1ccae5f to f5bbc6e Compare March 26, 2025 06:21
@github-actions github-actions bot added size/l and removed size/m labels Mar 26, 2025
@charIeszhao charIeszhao force-pushed the charles-log-10974-guard-one-time-token-on-auto-consent branch 5 times, most recently from 00c105e to b7eac1a Compare March 27, 2025 02:51
simeng-li
simeng-li approved these changes Mar 27, 2025
View reviewed changes
Copy link
Contributor

@simeng-li simeng-li left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@charIeszhao charIeszhao force-pushed the charles-log-10974-guard-one-time-token-on-auto-consent branch from b7eac1a to 04066a4 Compare March 27, 2025 04:23
@charIeszhao charIeszhao enabled auto-merge (squash) March 27, 2025 04:23
@charIeszhao charIeszhao merged commit bf74d32 into master Mar 27, 2025
37 checks passed
@charIeszhao charIeszhao deleted the charles-log-10974-guard-one-time-token-on-auto-consent branch March 27, 2025 06:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wangsijie wangsijie wangsijie approved these changes

@simeng-li simeng-li simeng-li approved these changes

@gao-sun gao-sun Awaiting requested review from gao-sun gao-sun is a code owner

Assignees

@charIeszhao charIeszhao

Labels

feature Cool stuff size/l

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@charIeszhao @wangsijie @simeng-li