Merge branch 'feat/initial-components' of https://github.com/RADAR-ba…

…se/radar-self-enrolment-ui into feat/consent-module
RADAR-base · Aug 13, 2024 · d73b027 · d73b027
2 parents 234c7ba + 0bb1417
commit d73b027
Showing 1 changed file with 74 additions and 62 deletions.
diff --git a/pkg/errors.tsx b/pkg/errors.tsx
@@ -1,6 +1,7 @@
 import {
   ErrorAuthenticatorAssuranceLevelNotSatisfied,
-  FlowError,
+  ErrorBrowserLocationChangeRequired,
+  NeedsPrivilegedSessionError,
 } from "@ory/client"
 import { AxiosError } from "axios"
 import { NextRouter } from "next/router"
@@ -14,70 +15,81 @@ export function handleGetFlowError<S>(
   resetFlow: Dispatch<SetStateAction<S | undefined>>,
 ) {
   return async (err: AxiosError) => {
-    const data = err.response?.data as FlowError
-    switch (data.id) {
-      case "session_inactive":
-        await router.push("/login?return_to=" + window.location.href)
-        return
-      case "session_aal2_required":
-        const e = err.response
-          ?.data as ErrorAuthenticatorAssuranceLevelNotSatisfied
-        if (e.redirect_browser_to) {
-          const redirectTo = new URL(e.redirect_browser_to)
-          if (flowType === "settings") {
-            redirectTo.searchParams.set("return_to", window.location.href)
+    let error:
+      | ErrorBrowserLocationChangeRequired
+      | ErrorAuthenticatorAssuranceLevelNotSatisfied
+      | NeedsPrivilegedSessionError
+    const errorId = (err.response?.data as { error?: { id?: string } })?.error
+      ?.id
+    if (err.response && err.response.data) {
+      switch (errorId) {
+        case "session_inactive":
+          await router.push("/login?return_to=" + window.location.href)
+          return
+        case "session_aal2_required":
+          error = err.response
+            .data as ErrorAuthenticatorAssuranceLevelNotSatisfied
+          if (error.redirect_browser_to) {
+            const redirectTo = new URL(error.redirect_browser_to)
+            if (flowType === "settings") {
+              redirectTo.searchParams.set("return_to", window.location.href)
+            }
+            // 2FA is enabled and enforced, but user did not perform 2fa yet!
+            window.location.href = redirectTo.toString()
+            return
           }
-          // 2FA is enabled and enforced, but user did not perform 2fa yet!
-          window.location.href = redirectTo.toString()
+          await router.push("/login?aal=aal2&return_to=" + window.location.href)
           return
-        }
-        await router.push("/login?aal=aal2&return_to=" + window.location.href)
-        return
-      case "session_already_available":
-        // User is already signed in, let's redirect them home!
-        await router.push("/")
-        return
-      case "session_refresh_required":
-        // We need to re-authenticate to perform this action
-        await router.push("/")
-        return
-      case "self_service_flow_return_to_forbidden":
-        // The flow expired, let's request a new one.
-        toast.error("The return_to address is not allowed.")
-        resetFlow(undefined)
-        await router.push("/" + flowType)
-        return
-      case "self_service_flow_expired":
-        // The flow expired, let's request a new one.
-        toast.error("Your interaction expired, please fill out the form again.")
-        resetFlow(undefined)
-        await router.push("/" + flowType)
-        return
-      case "security_csrf_violation":
-        // A CSRF violation occurred. Best to just refresh the flow!
-        toast.error(
-          "A security violation was detected, please fill out the form again.",
-        )
-        resetFlow(undefined)
-        await router.push("/" + flowType)
-        return
-      case "security_identity_mismatch":
-        // The requested item was intended for someone else. Let's request a new flow...
-        resetFlow(undefined)
-        await router.push("/" + flowType)
-        return
-      case "browser_location_change_required":
-        // Ory Kratos asked us to point the user to this URL.
-        await router.push("/")
-        return
-    }
+        case "session_already_available":
+          // User is already signed in, let's redirect them home!
+          await router.push("/")
+          return
+        case "session_refresh_required":
+          error = err.response.data as NeedsPrivilegedSessionError
+          // We need to re-authenticate to perform this action
+          window.location.href = error.redirect_browser_to || "/"
+          return
+        case "self_service_flow_return_to_forbidden":
+          // The flow expired, let's request a new one.
+          toast.error("The return_to address is not allowed.")
+          resetFlow(undefined)
+          await router.push("/" + flowType)
+          return
+        case "self_service_flow_expired":
+          // The flow expired, let's request a new one.
+          toast.error(
+            "Your interaction expired, please fill out the form again.",
+          )
+          resetFlow(undefined)
+          await router.push("/" + flowType)
+          return
+        case "security_csrf_violation":
+          // A CSRF violation occurred. Best to just refresh the flow!
+          toast.error(
+            "A security violation was detected, please fill out the form again.",
+          )
+          resetFlow(undefined)
+          await router.push("/" + flowType)
+          return
+        case "security_identity_mismatch":
+          // The requested item was intended for someone else. Let's request a new flow...
+          resetFlow(undefined)
+          await router.push("/" + flowType)
+          return
+        case "browser_location_change_required":
+          error = err.response.data as ErrorBrowserLocationChangeRequired
+          // Ory Kratos asked us to point the user to this URL.
+          window.location.href = error.redirect_browser_to || "/"
+          return
+      }
 
-    switch (err.response?.status) {
-      case 410:
-        // The flow expired, let's request a new one.
-        resetFlow(undefined)
-        await router.push("/" + flowType)
-        return
+      switch (err.response?.status) {
+        case 410:
+          // The flow expired, let's request a new one.
+          resetFlow(undefined)
+          await router.push("/" + flowType)
+          return
+      }
     }
 
     // We are not able to handle the error? Return it.