fix: handle expired/invalid cognito code

[JoeKarow]

Pull Request type

Please check the type of change your PR introduces:

• Bugfix
• Feature
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no API changes)
• Build-related changes
• Documentation content changes
• Other (please describe):

What is the current behavior?

Issue Number: N/A

Coderabbit Summary

Summary by CodeRabbit

• New Features

  • Added messages for verification code requests, expiration, and mismatches.
  • Introduced functionality to resend verification codes.
  • Enhanced error handling for account confirmation and verification code processes.

• Improvements

  • Updated UI to handle and display messages related to code resend status.

• Bug Fixes

  • Improved error handling for code mismatches and expired codes during account confirmation.

• Configuration

  • Added build_in_source parameter to Lambda function configurations.

Does this introduce a breaking change?

• Yes
• No

Other information

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
inreach-app	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 24, 2024 5:31pm

[coderabbitai]

Walkthrough

The updates introduce new functionalities and error handling for verification codes in both the front-end and back-end. Key changes include adding new messages in the localization file, enabling build in source for Lambda configurations, enhancing the user API with a resend code procedure, and updating the Cognito client to handle local development environments. Additionally, new error handling for code expiration and mismatch has been integrated, along with UI improvements for account verification.

Changes

File Path	Change Summary
apps/app/public/locales/en/common.json	Added new messages related to verification code requests, expiration, and errors.
lambdas/cognito-messaging/samconfig.toml, lambdas/cognito-user-migrate/samconfig.toml	Added build_in_source configuration parameter.
packages/api/router/user/index.ts	Added resendCode public procedure for handling verification code resends.
packages/api/router/user/mutation.confirmAccount.handler.ts	Enhanced error handling for CodeMismatchException and ExpiredCodeException.
packages/api/router/user/mutation.resendCode.handler.ts, packages/api/router/user/mutation.resendCode.schema.ts	Introduced resendCode handler and schema for resending verification codes.
packages/api/router/user/schemas.ts	Added export of mutation.resendCode.schema.
packages/auth/lib/cognitoClient.ts	Added conditional endpoint setting for local development.
packages/auth/lib/confirmAccount.ts	Exported ExpiredCodeException and CodeMismatchException.
packages/env/index.ts	Commented out direct assignments of isDev and isVercelProd, exporting them from checks.
packages/ui/modals/AccountVerified.tsx	Added functionality for handling code resend, including state tracking and UI updates.

Tip

New Features and Improvements

Review Settings

Introduced new personality profiles for code reviews. Users can now select between "Chill" and "Assertive" review tones to tailor feedback styles according to their preferences. The "Assertive" profile posts more comments and nitpicks the code more aggressively, while the "Chill" profile is more relaxed and posts fewer comments.

AST-based Instructions

CodeRabbit offers customizing reviews based on the Abstract Syntax Tree (AST) pattern matching. Read more about AST-based instructions in the documentation.

Community-driven AST-based Rules

We are kicking off a community-driven initiative to create and share AST-based rules. Users can now contribute their AST-based rules to detect security vulnerabilities, code smells, and anti-patterns. Please see the ast-grep-essentials repository for more information.

New Static Analysis Tools

We are continually expanding our support for static analysis tools. We have added support for biome, hadolint, and ast-grep. Update the settings in your .coderabbit.yaml file or head over to the settings page to enable or disable the tools you want to use.

Tone Settings

Users can now customize CodeRabbit to review code in the style of their favorite characters or personalities. Here are some of our favorite examples:

• Mr. T: "You must talk like Mr. T in all your code reviews. I pity the fool who doesn't!"
• Pirate: "Arr, matey! Ye must talk like a pirate in all yer code reviews. Yarrr!"
• Snarky: "You must be snarky in all your code reviews. Snark, snark, snark!"

Revamped Settings Page

We have redesigned the settings page for a more intuitive layout, enabling users to find and adjust settings quickly. This change was long overdue; it not only improves the user experience but also allows our development team to add more settings in the future with ease. Going forward, the changes to .coderabbit.yaml will be reflected in the settings page, and vice versa.

Miscellaneous

• Turn off free summarization: You can switch off free summarization of PRs opened by users not on a paid plan using the enable_free_tier setting.
• Knowledge-base scope: You can now set the scope of the knowledge base to either the repository (local) or the organization (global) level using the knowledge_base setting. In addition, you can specify Jira project keys and Linear team keys to limit the knowledge base scope for those integrations.
• High-level summary placement: You can now customize the location of the high-level summary in the PR description using the high_level_summary_placeholder setting (default @coderabbitai summary).
• Revamped request changes workflow: You can now configure CodeRabbit to auto-approve or request changes on PRs based on the review feedback using the request_changes_workflow setting.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[relativeci]

#453 Bundle Size — 3.4MiB (+0.04%).

7662ff0(current) vs 3eac061 dev#440(baseline)

Warning

Bundle contains 5 duplicate packages – View duplicate packages

Bundle metrics   2 changes 1 regression

	Current #453	Baseline #440
Initial JS	3MiB(+0.04%)	3MiB
Initial CSS	9.54KiB	9.54KiB
Cache Invalidation	42.4%	52.73%
Chunks	67	67
Assets	80	80
Modules	2000	2000
Duplicate Modules	270	270
Duplicate Code	7.85%	7.85%
Packages	210	210
Duplicate Packages	5	5

Bundle size by type   1 change 1 regression

	Current #453	Baseline #440
JS	3.28MiB (+0.04%)	3.28MiB
Fonts	94.54KiB	94.54KiB
Other	9.62KiB	9.62KiB
CSS	9.54KiB	9.54KiB
IMG	8.57KiB	8.57KiB

---

Bundle analysis report Branch JoeKarow/signup-error-handling Project dashboard

[github-actions]

📦 Next.js Bundle Analysis for @weareinreach/app

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

[alwaysmeticulous]

🤖 No test run has been triggered as your Meticulous project has been deactivated (since you haven't viewed any test results in a while). Click here to reactivate.

_{Last updated for commit 7662ff0. This comment will update as new commits are pushed.}

[coderabbitai]

Actionable comments posted: 2

Outside diff range and nitpick comments (2)

packages/auth/lib/cognitoClient.ts (1)

Line range hint 15-37: Consider using the node: protocol when importing Node.js built-in modules to follow best practices and ensure compatibility with newer Node.js versions.

- import { createHmac } from 'crypto'
+ import { createHmac } from 'node:crypto'

packages/ui/modals/AccountVerified.tsx (1)

Line range hint 47-219: The implementation of the account verification modal with handling for different states and code resend functionality is well done. However, ensure that all dependencies are correctly listed in hooks to avoid potential bugs.

- useEffect(() => {
-   if (router.query.c !== undefined) {
-     handler.open()
-   }
- }, [router.query.c])
+ useEffect(() => {
+   if (router.query.c !== undefined) {
+     handler.open()
+   }
+ }, [router.query.c, handler.open])

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 3eac061 and 7662ff0.

Files selected for processing (12)

• apps/app/public/locales/en/common.json (2 hunks)
• lambdas/cognito-messaging/samconfig.toml (1 hunks)
• lambdas/cognito-user-migrate/samconfig.toml (1 hunks)
• packages/api/router/user/index.ts (1 hunks)
• packages/api/router/user/mutation.confirmAccount.handler.ts (1 hunks)
• packages/api/router/user/mutation.resendCode.handler.ts (1 hunks)
• packages/api/router/user/mutation.resendCode.schema.ts (1 hunks)
• packages/api/router/user/schemas.ts (1 hunks)
• packages/auth/lib/cognitoClient.ts (2 hunks)
• packages/auth/lib/confirmAccount.ts (1 hunks)
• packages/env/index.ts (1 hunks)
• packages/ui/modals/AccountVerified.tsx (4 hunks)

Files skipped from review due to trivial changes (5)

• lambdas/cognito-messaging/samconfig.toml
• lambdas/cognito-user-migrate/samconfig.toml
• packages/api/router/user/schemas.ts
• packages/auth/lib/confirmAccount.ts
• packages/env/index.ts

Additional Context Used

Biome (8)

packages/api/router/user/mutation.confirmAccount.handler.ts (2)

8-9: All these imports are only used as types.

---

10-11: All these imports are only used as types.

packages/api/router/user/mutation.resendCode.handler.ts (2)

2-3: All these imports are only used as types.

---

4-5: All these imports are only used as types.

packages/auth/lib/cognitoClient.ts (2)

12-12: A Node.js builtin module should be imported with the node: protocol.

---

7-8: All these imports are only used as types.

packages/ui/modals/AccountVerified.tsx (2)

43-43: The computed expression can be simplified without the use of a string literal.

---

72-72: This hook does not specify all of its dependencies: handler.open

Additional comments not posted (8)

packages/api/router/user/mutation.resendCode.schema.ts (1)

5-14: The ZResendCodeSchema and TResendCodeSchema are well-defined to handle different input forms. Consider removing the commented-out code if it's no longer relevant.

packages/api/router/user/mutation.resendCode.handler.ts (1)

7-15: The resendCode function is well-implemented with proper error handling. Good job!

packages/api/router/user/mutation.confirmAccount.handler.ts (1)

14-47: The confirmAccount function is robust, handling different specific exceptions and updating user verification status in the database. Well done!

packages/api/router/user/index.ts (1)

94-100: The integration of the resendCode procedure into the user router is correctly implemented. Good job!

packages/auth/lib/cognitoClient.ts (1)

36-37: The conditional assignment of the endpoint property based on isLocalDev is correctly implemented. Well done!

apps/app/public/locales/en/common.json (3)

56-57: Localization strings for verification code requests and resends are correctly added.

---

119-120: Localization strings for expired and mismatched codes are correctly added.

---

122-122: Localization string for requesting a new code is correctly added.