search

solid-adventure / trivial-ui

Example UI for trivial-core
Other
2 stars 0 forks source link

Trivial-UI not displaying API errors on accept invitation sign in/sign up page #18

Closed elmerv closed 7 months ago

elmerv commented 10 months ago

API errors are not displayed on trivial-ui accept invitation page. I ran the following tests:

Test: See if I can try changing the email in invitation url, but have the same token.

Doesn’t work. Api shows a 401. Not sure if we should change message, since it seems that you created an account even though it failed. Steps to reproduce:

  1. Take an old invitation link that a user has already sign up or created an account with.
  2. Replace the email here with a test email: /invitation/invitation_token=token&email={test email}
  3. Place link into browser
  4. {Email input on invitation page will change to the test email}
  5. Fill out invitation sign up and click submit.
  6. {Redirection to "You have successfully accepted the invitation, sign in" page}
  7. Log into test email account
  8. {Log in fails with user does not exist error}

On step 5, I expected some message similar to the 401 pop up on the invitation page and no redirection, but received a redirection to "You have successfully accepted the invitation, sign in" page.

Test: See if I can reuse an invitation token token after being kicked out.

Steps to reproduce:

  1. Create a group on trivial via settings page.
  2. Send an email invitation to a test email.
  3. Copy and paste invitation link to browser.
  4. Accept the invitation using test email
  5. {You then get redirected to the "You've successfully accepted the invitation, sign in to trivial"}
  6. Test email signs into Trivial and verifies they are in the organizations and logs out.
  7. Admin then kicks out test email using 'trashcan' button on organizations page.
  8. Copy and paste past invitation link sent to test email into browser.
  9. Sign in using test email with past invitation link
  10. {You then get redirected to the "You have successfully accepted the invitation, now sign in" page.}
  11. Test email signs in to trivial and clicks on settings page.
  12. Test email is still no longer a part of organization.

On step 5, I expected a "Invalid token or expired token" or "unauthorized" message, but I was redirected to the "You have successfully accepted invitation, sign in to Trivial" instead.

vgkids commented 10 months ago

Thanks for the details reproduction steps @elmerv! I agree these are same issue, I don't think we're leveraging the Notifications class or the Notice component to catch these non-ok responses and publish.

@tommcgee Could be a good one for you if you need a quick win.