Merged in fix/access-booking-fixes (pull request #1550)

fix: add some more informative messages when booking cant be accessed Approved-by: Chuma Mcphoy (We Ahead)
2025-03-17 14:54:37 +00:00
parent f183125bc6 b65bdce277
commit 38f3b0e6a4
4 changed files with 23 additions and 5 deletions
--- a/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx
+++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx
@@ -40,7 +40,7 @@ export default function AdditionalInfoForm({
      confirmationNumber,
      lastName,
    }).toString()
-    document.cookie = `bv=${value}; Path=/; Max-Age=30; Secure; SameSite=Strict`
+    document.cookie = `bv=${value}; Path=/; Max-Age=600; Secure; SameSite=Strict`
    router.refresh()
  }

--- a/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx
+++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx
@@ -26,6 +26,12 @@ export default function FindMyBooking() {
  const intl = useIntl()
  const lang = useLang()
  const form = useForm<FindMyBookingFormSchema>({
+    defaultValues: {
+      confirmationNumber: "",
+      firstName: "",
+      lastName: "",
+      email: "",
+    },
    resolver: zodResolver(findMyBookingFormSchema),
    mode: "all",
    criteriaMode: "all",
@@ -36,7 +42,7 @@ export default function FindMyBooking() {
    onSuccess: (result) => {
      const values = form.getValues()
      const value = new URLSearchParams(values).toString()
-      document.cookie = `bv=${encodeURIComponent(value)}; Path=/; Max-Age=30; Secure; SameSite=Strict`
+      document.cookie = `bv=${encodeURIComponent(value)}; Path=/; Max-Age=600; Secure; SameSite=Strict`
      router.push(
        `/${lang}/hotelreservation/my-stay/${encodeURIComponent(result.refId)}`
      )
--- a/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts
+++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts
@@ -35,11 +35,11 @@ const findMyBookingFormSchema = additionalInfoFormSchema.extend({
  confirmationNumber: z
    .string()
    .trim()
-    .regex(/^[0-9]+(-[0-9])?$/, {
-      message: "Invalid booking number",
-    })
    .min(1, {
      message: "Booking number is required",
+    })
+    .regex(/^[0-9]+(-[0-9])?$/, {
+      message: "Invalid booking number",
    }),
  lastName: z.string().trim().max(250).min(1, {
    message: "Last name is required",
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
@@ -25,12 +25,18 @@ function accessBooking(
        return ACCESS_GRANTED
      }
    } else {
+      console.warn(
+        "Access to booking not granted due to anonymous user attempting accessing to logged in booking"
+      )
      return ERROR_UNAUTHORIZED
    }
  }

  if (guest.lastName === lastName) {
    if (user) {
+      console.warn(
+        "Access to booking not granted due to logged in user attempting access to anonymous booking"
+      )
      return ERROR_FORBIDDEN
    } else {
      const params = new URLSearchParams(cookie)
@@ -40,11 +46,17 @@ function accessBooking(
      ) {
        return ACCESS_GRANTED
      } else {
+        console.warn(
+          "Access to booking not granted due to incorrect cookie values"
+        )
        return ERROR_BAD_REQUEST
      }
    }
  }

+  console.warn(
+    "Access to booking not granted due to anonymous user attempting access with incorrect lastname"
+  )
  return ERROR_NOT_FOUND
 }