diff --git a/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx b/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx index 28239bc5e..83ccb3c30 100644 --- a/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx +++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/AdditionalInfoForm.tsx @@ -40,7 +40,7 @@ export default function AdditionalInfoForm({ confirmationNumber, lastName, }).toString() - document.cookie = `bv=${value}; Path=/; Max-Age=30; Secure; SameSite=Strict` + document.cookie = `bv=${value}; Path=/; Max-Age=600; Secure; SameSite=Strict` router.refresh() } diff --git a/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx b/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx index d209229b1..b22b61c7e 100644 --- a/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx +++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/index.tsx @@ -26,6 +26,12 @@ export default function FindMyBooking() { const intl = useIntl() const lang = useLang() const form = useForm({ + defaultValues: { + confirmationNumber: "", + firstName: "", + lastName: "", + email: "", + }, resolver: zodResolver(findMyBookingFormSchema), mode: "all", criteriaMode: "all", @@ -36,7 +42,7 @@ export default function FindMyBooking() { onSuccess: (result) => { const values = form.getValues() const value = new URLSearchParams(values).toString() - document.cookie = `bv=${encodeURIComponent(value)}; Path=/; Max-Age=30; Secure; SameSite=Strict` + document.cookie = `bv=${encodeURIComponent(value)}; Path=/; Max-Age=600; Secure; SameSite=Strict` router.push( `/${lang}/hotelreservation/my-stay/${encodeURIComponent(result.refId)}` ) diff --git a/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts b/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts index 99dd65537..2877a8c3d 100644 --- a/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts +++ b/apps/scandic-web/components/HotelReservation/FindMyBooking/schema.ts @@ -35,11 +35,11 @@ const findMyBookingFormSchema = additionalInfoFormSchema.extend({ confirmationNumber: z .string() .trim() - .regex(/^[0-9]+(-[0-9])?$/, { - message: "Invalid booking number", - }) .min(1, { message: "Booking number is required", + }) + .regex(/^[0-9]+(-[0-9])?$/, { + message: "Invalid booking number", }), lastName: z.string().trim().max(250).min(1, { message: "Last name is required", diff --git a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts index 17d32b9a9..199a4ab72 100644 --- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts +++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts @@ -25,12 +25,18 @@ function accessBooking( return ACCESS_GRANTED } } else { + console.warn( + "Access to booking not granted due to anonymous user attempting accessing to logged in booking" + ) return ERROR_UNAUTHORIZED } } if (guest.lastName === lastName) { if (user) { + console.warn( + "Access to booking not granted due to logged in user attempting access to anonymous booking" + ) return ERROR_FORBIDDEN } else { const params = new URLSearchParams(cookie) @@ -40,11 +46,17 @@ function accessBooking( ) { return ACCESS_GRANTED } else { + console.warn( + "Access to booking not granted due to incorrect cookie values" + ) return ERROR_BAD_REQUEST } } } + console.warn( + "Access to booking not granted due to anonymous user attempting access with incorrect lastname" + ) return ERROR_NOT_FOUND }