diff --git a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts index 94b24a5bb..5100fa919 100644 --- a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts +++ b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts @@ -83,9 +83,7 @@ export async function GET( stateResult.data.intent === "unlink" || stateResult.data.intent === "transfer" ) { - const [data, error] = await safeTry( - serverClient().partner.sas.requestOtp({}) - ) + const [data, error] = await safeTry(serverClient().partner.sas.requestOtp()) if (!data || error) { console.error("[SAS] Failed to request OTP", error) redirect(`/${lang}/sas-x-scandic/error`) @@ -93,12 +91,13 @@ export async function GET( switch (data.status) { case "ABUSED": - redirect(`/${params.lang}/sas-x-scandic/error?errorCode=tooManyCodes`) case "NOTSENT": - redirect(`/${params.lang}/sas-x-scandic/error`) + redirect(`/${params.lang}/sas-x-scandic/error?errorCode=tooManyCodes`) case "NULL": case "RETRY": case "EXPIRED": + case "PENDING": + case "VERIFIED": // These errors should never happen for request, but according to the API spec they can throw new Error(`Unhandled request OTP status ${data.status}`) } diff --git a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/otp/OneTimePasswordForm.tsx b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/otp/OneTimePasswordForm.tsx index 73c14cfe4..00c5b0164 100644 --- a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/otp/OneTimePasswordForm.tsx +++ b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/otp/OneTimePasswordForm.tsx @@ -91,7 +91,7 @@ export default function OneTimePasswordForm({ setOtp("") requestOtp.reset() - requestOtp.mutate({}) + requestOtp.mutate() setDisableResend(true) setTimeout(() => { diff --git a/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts b/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts index 700989a5f..a840fc3c9 100644 --- a/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts +++ b/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts @@ -15,29 +15,31 @@ import { import type { OtpState } from "../getOTPState" -const inputSchema = z.object({}) - -const outputSchema = z.object({ - status: z.enum([ - "VERIFIED", - "ABUSED", - "EXPIRED", - "PENDING", - "RETRY", - "SENT", - "NULL", - "NOTSENT", - ]), +const successSchema = z.object({ + status: z.literal("SENT"), referenceId: z.string().uuid(), databaseUUID: z.string().uuid(), otpExpiration: z.number(), otpReceiver: z.string(), }) +const failureSchema = z.object({ + status: z.enum([ + "VERIFIED", + "ABUSED", + "EXPIRED", + "PENDING", + "RETRY", + "NULL", + "NOTSENT", + ]), +}) + +const outputSchema = z.union([successSchema, failureSchema]) + export const requestOtp = protectedProcedure - .input(inputSchema) .output(outputSchema) - .mutation(async function ({ ctx, input }) { + .mutation(async function () { const sasAuthToken = getSasToken() if (!sasAuthToken) { @@ -63,7 +65,9 @@ export const requestOtp = protectedProcedure throw createError(parseResult.error) } - setSASOtpCookie(parseResult.data) + if (parseResult.data.status === "SENT") { + setSASOtpCookie(parseResult.data) + } return parseResult.data })