From b65bdce27756204d2a9986d19b54b3c75adb07e6 Mon Sep 17 00:00:00 2001
From: Christian Andolf <christian.andolf@scandichotels.com>
Date: Mon, 17 Mar 2025 14:09:08 +0100
Subject: [PATCH] fix: add some more informative messages when booking cant be
 accessed

upped cookie length from 30 seconds to 10 minutes

added default values to prevent the default required error message to appear in form
---
 .../FindMyBooking/AdditionalInfoForm.tsx             |  2 +-
 .../HotelReservation/FindMyBooking/index.tsx         |  8 +++++++-
 .../HotelReservation/FindMyBooking/schema.ts         |  6 +++---
 .../HotelReservation/MyStay/accessBooking.ts         | 12 ++++++++++++
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx b/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx
index 28239bc5e..83ccb3c30 100644
--- a/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx
+++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx
@@ -40,7 +40,7 @@ export default function AdditionalInfoForm({
       confirmationNumber,
       lastName,
     }).toString()
-    document.cookie = `bv=${value}; Path=/; Max-Age=30; Secure; SameSite=Strict`
+    document.cookie = `bv=${value}; Path=/; Max-Age=600; Secure; SameSite=Strict`
     router.refresh()
   }
 
diff --git a/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx b/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx
index d209229b1..b22b61c7e 100644
--- a/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx
+++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx
@@ -26,6 +26,12 @@ export default function FindMyBooking() {
   const intl = useIntl()
   const lang = useLang()
   const form = useForm<FindMyBookingFormSchema>({
+    defaultValues: {
+      confirmationNumber: "",
+      firstName: "",
+      lastName: "",
+      email: "",
+    },
     resolver: zodResolver(findMyBookingFormSchema),
     mode: "all",
     criteriaMode: "all",
@@ -36,7 +42,7 @@ export default function FindMyBooking() {
     onSuccess: (result) => {
       const values = form.getValues()
       const value = new URLSearchParams(values).toString()
-      document.cookie = `bv=${encodeURIComponent(value)}; Path=/; Max-Age=30; Secure; SameSite=Strict`
+      document.cookie = `bv=${encodeURIComponent(value)}; Path=/; Max-Age=600; Secure; SameSite=Strict`
       router.push(
         `/${lang}/hotelreservation/my-stay/${encodeURIComponent(result.refId)}`
       )
diff --git a/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts b/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts
index 99dd65537..2877a8c3d 100644
--- a/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts
+++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts
@@ -35,11 +35,11 @@ const findMyBookingFormSchema = additionalInfoFormSchema.extend({
   confirmationNumber: z
     .string()
     .trim()
-    .regex(/^[0-9]+(-[0-9])?$/, {
-      message: "Invalid booking number",
-    })
     .min(1, {
       message: "Booking number is required",
+    })
+    .regex(/^[0-9]+(-[0-9])?$/, {
+      message: "Invalid booking number",
     }),
   lastName: z.string().trim().max(250).min(1, {
     message: "Last name is required",
diff --git a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
index 17d32b9a9..199a4ab72 100644
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
@@ -25,12 +25,18 @@ function accessBooking(
         return ACCESS_GRANTED
       }
     } else {
+      console.warn(
+        "Access to booking not granted due to anonymous user attempting accessing to logged in booking"
+      )
       return ERROR_UNAUTHORIZED
     }
   }
 
   if (guest.lastName === lastName) {
     if (user) {
+      console.warn(
+        "Access to booking not granted due to logged in user attempting access to anonymous booking"
+      )
       return ERROR_FORBIDDEN
     } else {
       const params = new URLSearchParams(cookie)
@@ -40,11 +46,17 @@ function accessBooking(
       ) {
         return ACCESS_GRANTED
       } else {
+        console.warn(
+          "Access to booking not granted due to incorrect cookie values"
+        )
         return ERROR_BAD_REQUEST
       }
     }
   }
 
+  console.warn(
+    "Access to booking not granted due to anonymous user attempting access with incorrect lastname"
+  )
   return ERROR_NOT_FOUND
 }