Handle invalid contractId on /login/ request

near / near-wallet

Web wallet for NEAR Protocol which stores keys in browser's localStorage

https://wallet.near.org

MIT License

213 stars 176 forks source link

Handle invalid contractId on /login/ request #219

Closed kcole16 closed 4 years ago

kcole16 commented 4 years ago

Problem If the contractId is wrong in a /login/ (e.g. login/?contractId=THISDOESNTEXIST) request from an app, a useless access key is created (or is it?) and the app is forced to identify the error with little to no information.

Expected Behavior If a contractId is invalid, we should prevent the user from going through the /login/ step, and return an error to the app.

Steps to reproduce

Go to corgis.nearprotocol.com
Select "Login w/ Near"
Edit the contractId argument in the url to contractId=notrealid and resubmit
Complete login
Try to generate a Corgi

kcole16 commented 4 years ago

Acceptance Criteria

[ ] If contractId does not exist, the user is displayed a warning message (see below) in a modal
[ ] Clicking "Return to App" in the modal redirects the user to the referring application

Warning Message

"The contract <contractId> does not exist. This may be an issue with the application you are trying to use, or this contract may have been deleted. You will be redirected back to the application"

vgrichina commented 4 years ago

question from @marcinbodnar

how can we check if contract_id from param is valid?

It has same constraints as account Id + it also needs to be an existing account (i.e. we'd want to query near node for that account). Can be done similarly to user profile component I think (after Chad changed it to work with any account vs current account).