Skip to content

Commit c33c658

Browse files
ljosberinnljosberinn
committed
fix(token): verify type and cleanup token
1 parent c1d1246 commit c33c658

File tree

1 file changed

+17
-8
lines changed

1 file changed

+17
-8
lines changed

src/index.tsx

+17-8
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ const defaultSettings = {
4040
const errors = {
4141
noUserFound: 'No current user found - are you logged in?',
4242
noUserTokenFound: 'no user token found',
43-
noRecoveryTokenFound: 'no recovery token found',
43+
tokenMissingOrInvalid: 'either no token found or invalid for this purpose',
4444
};
4545

4646
type MaybeUserPromise = Promise<User | undefined>;
@@ -63,7 +63,7 @@ export type ReactNetlifyIdentityAPI = {
6363
) => MaybeUserPromise;
6464
logoutUser: () => MaybeUserPromise;
6565
requestPasswordRecovery: (email: string) => Promise<void>;
66-
recoverAccount: (remember?: boolean | undefined) => MaybeUserPromise;
66+
recoverAccount: (remember?: boolean) => MaybeUserPromise;
6767
updateUser: (fields: { data: object }) => MaybeUserPromise;
6868
getFreshJWT: () => Promise<string>;
6969
authedFetch: {
@@ -75,7 +75,7 @@ export type ReactNetlifyIdentityAPI = {
7575
_goTrueInstance: GoTrue;
7676
_url: string;
7777
loginProvider: (provider: Provider) => void;
78-
acceptInviteExternalUrl: (provider: Provider, token: string) => string;
78+
acceptInviteExternalUrl: (provider: Provider) => string;
7979
settings: Settings;
8080
param: TokenParam;
8181
};
@@ -174,9 +174,18 @@ export function useNetlifyIdentity(
174174
);
175175

176176
const acceptInviteExternalUrl = useCallback(
177-
(provider: Provider, token: string) =>
178-
goTrueInstance.acceptInviteExternalUrl(provider, token),
179-
[goTrueInstance]
177+
(provider: Provider) => {
178+
if (!param.token || param.type !== 'invite') {
179+
throw new Error(errors.tokenMissingOrInvalid);
180+
}
181+
182+
const url = goTrueInstance.acceptInviteExternalUrl(provider, param.token);
183+
// clean up consumed token
184+
setParam(defaultParam);
185+
186+
return url;
187+
},
188+
[goTrueInstance, param]
180189
);
181190

182191
/******* email auth */
@@ -210,8 +219,8 @@ export function useNetlifyIdentity(
210219

211220
const recoverAccount = useCallback(
212221
(remember?: boolean | undefined) => {
213-
if (!param.token) {
214-
throw new Error(errors.noRecoveryTokenFound);
222+
if (!param.token || param.type !== 'recovery') {
223+
throw new Error(errors.tokenMissingOrInvalid);
215224
}
216225

217226
return goTrueInstance.recover(param.token, remember).then(user => {

0 commit comments

Comments
 (0)