From 38c9e3e7cc320410367af460a08101f57b3eb5d8 Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Fri, 9 Aug 2024 14:16:16 +0200
Subject: [PATCH 1/3] :bug: Fix error handling issue on login with oidc

happens when no oidc backend is configured on backend
---
 frontend/src/app/main/ui/auth/login.cljs | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/frontend/src/app/main/ui/auth/login.cljs b/frontend/src/app/main/ui/auth/login.cljs
index 389a901f5..26004f0a6 100644
--- a/frontend/src/app/main/ui/auth/login.cljs
+++ b/frontend/src/app/main/ui/auth/login.cljs
@@ -55,14 +55,15 @@
                      (.replace js/location redirect-uri)
                      (log/error :hint "unexpected response from OIDC method"
                                 :resp (pr-str rsp))))
-                 (fn [{:keys [type code] :as error}]
-                   (cond
-                     (and (= type :restriction)
-                          (= code :provider-not-configured))
-                     (st/emit! (msg/error (tr "errors.auth-provider-not-configured")))
+                 (fn [cause]
+                   (let [{:keys [type code] :as error} (ex-data cause)]
+                     (cond
+                       (and (= type :restriction)
+                            (= code :provider-not-configured))
+                       (st/emit! (msg/error (tr "errors.auth-provider-not-configured")))
 
-                     :else
-                     (st/emit! (msg/error (tr "errors.generic"))))))))
+                       :else
+                       (st/emit! (msg/error (tr "errors.generic")))))))))
 
 (s/def ::email ::us/email)
 (s/def ::password ::us/not-empty-string)

From 314742a563e3891f5876621de927ed0fcb78513f Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Mon, 12 Aug 2024 11:05:32 +0200
Subject: [PATCH 2/3] :sparkles: Add `:params` prop to `:not-found` exception

---
 backend/src/app/db.clj | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/src/app/db.clj b/backend/src/app/db.clj
index 097ada50a..a4e7adb45 100644
--- a/backend/src/app/db.clj
+++ b/backend/src/app/db.clj
@@ -407,6 +407,7 @@
       (ex/raise :type :not-found
                 :code :object-not-found
                 :table table
+                :params params
                 :hint "database object not found"))
     row))
 

From ec56a4149b2b8ca81bbe79c52c1c1f09e23b200d Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Mon, 12 Aug 2024 11:45:01 +0200
Subject: [PATCH 3/3] :bug: Fix unhandled exception on try to reuse
 registration token

---
 backend/src/app/rpc/commands/auth.clj | 38 ++++++++++++++++-----------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/backend/src/app/rpc/commands/auth.clj b/backend/src/app/rpc/commands/auth.clj
index ff8bfdb8f..268588a0f 100644
--- a/backend/src/app/rpc/commands/auth.clj
+++ b/backend/src/app/rpc/commands/auth.clj
@@ -355,16 +355,22 @@
 
         profile    (if-let [profile-id (:profile-id claims)]
                      (profile/get-profile conn profile-id)
-                     (let [is-active (or (boolean (:is-active claims))
-                                         (not (contains? cf/flags :email-verification)))
-                           params    (-> params
-                                         (assoc :is-active is-active)
-                                         (update :password #(profile/derive-password cfg %)))]
-                       (->> (create-profile! conn params)
-                            (create-profile-rels! conn))))
+                     ;; NOTE: we first try to match existing profile
+                     ;; by email, that in normal circumstances will
+                     ;; not return anything, but when a user tries to
+                     ;; reuse the same token multiple times, we need
+                     ;; to detect if the profile is already registered
+                     (or (profile/get-profile-by-email conn (:email claims))
+                         (let [is-active (or (boolean (:is-active claims))
+                                             (not (contains? cf/flags :email-verification)))
+                               params    (-> params
+                                             (assoc :is-active is-active)
+                                             (update :password #(profile/derive-password cfg %)))
+                               profile   (->> (create-profile! conn params)
+                                              (create-profile-rels! conn))]
+                           (vary-meta profile assoc :created true))))
 
-        ;; When no profile-id comes on claims means a new register
-        created?   (not (:profile-id claims))
+        created?   (-> profile meta :created true?)
 
         invitation (when-let [token (:invitation-token params)]
                      (tokens/verify (::setup/props cfg) {:token token :iss :team-invitation}))
@@ -422,13 +428,13 @@
              ::audit/profile-id (:id profile)})))
 
       :else
-      (let [elapsed?    (elapsed-verify-threshold? profile)
-            complaints? (eml/has-reports? conn (:email profile))
-            action      (if complaints?
-                          "ignore-because-complaints"
-                          (if elapsed?
-                            "resend-email-verification"
-                            "ignore"))]
+      (let [elapsed? (elapsed-verify-threshold? profile)
+            reports? (eml/has-reports? conn (:email profile))
+            action   (if reports?
+                       "ignore-because-complaints"
+                       (if elapsed?
+                         "resend-email-verification"
+                         "ignore"))]
 
         (l/wrn :hint "repeated registry detected"
                :profile-id (str (:id profile))