fix: request new 2FA code does not work if there is no active 2FA ses…

…sion (#3193)
cds-snc · Jan 31, 2024 · a57b64e · a57b64e
1 parent 3dac9b9
commit a57b64e
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/components/auth/ReVerify.tsx b/components/auth/ReVerify.tsx
@@ -64,9 +64,10 @@ export const ReVerify = ({
     } catch (err) {
       logMessage.error(err);
 
-      if (hasError(["CredentialsSignin", "CSRF token not found"], err)) {
-        // Missing CsrfToken or username so have the user try signing in
+      if (hasError(["CredentialsSignin", "CSRF token not found", "Missing 2FA session"], err)) {
+        // Missing CsrfToken, username or 2FA session so have the user try signing in again
         await router.push("/auth/login");
+        router.reload();
       } else {
         handleErrorById("InternalServiceException");
       }

diff --git a/lib/auth/cognito.ts b/lib/auth/cognito.ts
@@ -40,6 +40,8 @@ export type Validate2FAVerificationCodeResult = {
   decodedCognitoToken?: DecodedCognitoToken;
 };
 
+export class Missing2FASession extends Error {}
+
 export const initiateSignIn = async ({
   username,
   password,
@@ -195,15 +197,15 @@ export const requestNew2FAVerificationCode = async (
       })
       .catch((e) => prismaErrors(e, null));
 
-    if (result === null) {
-      throw new Error("Update failed because of missing 2FA authentication session");
-    }
+    if (result === null) throw new Missing2FASession();
 
     await sendVerificationCode(sanitizedEmail, verificationCode);
   } catch (error) {
-    throw new Error(
-      `Failed to generate and send new verification code. Reason: ${(error as Error).message}.`
-    );
+    if (error instanceof Missing2FASession) {
+      throw error;
+    } else {
+      throw new Error(`Failed to send new verification code. Reason: ${(error as Error).message}.`);
+    }
   }
 };
 

diff --git a/pages/api/auth/2fa/request-new-verification-code.ts b/pages/api/auth/2fa/request-new-verification-code.ts
@@ -1,6 +1,7 @@
 import { NextApiRequest, NextApiResponse } from "next";
 import { middleware, cors, csrfProtected } from "@lib/middleware";
 import { requestNew2FAVerificationCode } from "@lib/auth";
+import { Missing2FASession } from "@lib/auth/cognito";
 
 const requestNewVerificationCode = async (req: NextApiRequest, res: NextApiResponse) => {
   const { authenticationFlowToken, email } = req.body;
@@ -12,7 +13,11 @@ const requestNewVerificationCode = async (req: NextApiRequest, res: NextApiRespo
     await requestNew2FAVerificationCode(authenticationFlowToken, email);
     return res.status(200).json({});
   } catch (error) {
-    return res.status(500).json({ error: "Server failed to send a new verification code." });
+    if (error instanceof Missing2FASession) {
+      return res.status(401).json({ message: "Missing 2FA session" });
+    } else {
+      return res.status(500).json({ message: "Failed to send a new verification code" });
+    }
   }
 };