feat: add support for picking up not allowed to signup error in FE

Author: deepjyoti30-st

packages/tenant-enrollment-nodejs/src/plugin.ts

@@ -93,8 +93,10 @@ export const init = createPluginInitFunction<
                 logDebugMessage("Reason: " + reason);
                 if (!canJoin) {
                   return {
-                    status: "LINKING_TO_SESSION_USER_FAILED",
-                    reason: "EMAIL_VERIFICATION_REQUIRED",
+                    // Use the `EMAIL_ALREADY_EXISTS_ERROR` since that is returned
+                    // directly without modification from the `signUpPOST` method.
+                    status: "EMAIL_ALREADY_EXISTS_ERROR",
+                    reason,
                   };
                 }
 
@@ -107,17 +109,19 @@ export const init = createPluginInitFunction<
               ...originalImplementation,
               signUpPOST: async (input) => {
                 const response = await originalImplementation.signUpPOST!(input);
-                if (response.status === "SIGN_UP_NOT_ALLOWED" && response.reason.includes("ERR_CODE_013")) {
-                  // There is a possibility that the user is not allowed
-                  // to signup to the tenant so we will have to update the message
-                  // accordingly.
+
+                logDebugMessage(`Got response status for signup: ${response.status}`);
+
+                // If the status is `EMAIL_ALREADY_EXISTS_ERROR`, we will have to pick that
+                // up and return a GENERAL_ERROR instead to make the error passed along to
+                // the FE
+                if (response.status === "EMAIL_ALREADY_EXISTS_ERROR") {
                   return {
-                    ...response,
-                    reason: "Cannot sign in / sign up due to security reasons or tenant doesn't allow signup",
+                    status: "GENERAL_ERROR",
+                    message: (response as any).reason,
                   };
                 }
 
-                logDebugMessage(`Got response status for signup: ${response.status}`);
                 if (response.status !== "OK") {
                   return response;
                 }
@@ -135,12 +139,10 @@ export const init = createPluginInitFunction<
                 logDebugMessage(`wasAdded: ${wasAddedToTenant}`);
                 logDebugMessage(`reason: ${tenantJoiningReason}`);
                 return {
-                  status: "PENDING_APPROVAL",
+                  status: "PENDING_APPROVAL" as any,
                   wasAddedToTenant,
                   reason: tenantJoiningReason,
                 };
-
-                // return response;
               },
             };
           },

packages/tenant-enrollment-nodejs/src/recipeImplementation.ts

@@ -5,7 +5,7 @@ import {
   AssociateAllLoginMethodsOfUserWithTenant,
   SendPluginEmail,
 } from "@supertokens-plugins/tenants-nodejs";
-import { ROLES } from "@shared/tenants";
+import { NOT_ALLOWED_TO_SIGNUP_REASONS, ROLES } from "@shared/tenants";
 import SuperTokens from "supertokens-node";
 import { UserContext } from "supertokens-node/lib/build/types";
 
@@ -35,7 +35,7 @@ export const getOverrideableTenantFunctionImplementation = (
       if (implementation.isTenantInviteOnly(tenantId)) {
         return {
           canJoin: false,
-          reason: "INVITE_ONLY",
+          reason: NOT_ALLOWED_TO_SIGNUP_REASONS.INVITE_ONLY,
         };
       }
 
@@ -44,12 +44,12 @@ export const getOverrideableTenantFunctionImplementation = (
       if (emailOrThirdPartyId.type === "email") {
         canJoin = implementation.isMatchingEmailDomain(tenantId, emailOrThirdPartyId.email);
         if (!canJoin) {
-          reason = "EMAIL_DOMAIN_NOT_ALLOWED";
+          reason = NOT_ALLOWED_TO_SIGNUP_REASONS.EMAIL_DOMAIN_NOT_ALLOWED;
         }
       } else if (emailOrThirdPartyId.type === "thirdParty") {
         canJoin = implementation.isApprovedIdPProvider(tenantId, emailOrThirdPartyId.thirdPartyId);
         if (!canJoin) {
-          reason = "IDP_NOT_ALLOWED";
+          reason = NOT_ALLOWED_TO_SIGNUP_REASONS.IDP_NOT_ALLOWED;
         }
       }
 

packages/tenant-enrollment-react/src/plugin.tsx

@@ -8,6 +8,8 @@ import {
   getTranslationFunction,
 } from "supertokens-auth-react";
 
+import { NOT_ALLOWED_TO_SIGNUP_REASONS } from "../../../shared/tenants/src";
+
 import { getApi } from "./api";
 import { PLUGIN_ID, API_PATH } from "./constants";
 import { enableDebugLogs, logDebugMessage } from "./logger";
@@ -76,8 +78,32 @@ export const init = createPluginInitFunction<
           functions: (originalImplementation) => ({
             ...originalImplementation,
             signUp: async (input) => {
-              const signUpResponse = await originalImplementation.signUp(input);
+              let signUpResponse;
+
+              try {
+                signUpResponse = await originalImplementation.signUp(input);
+              } catch (error: any) {
+                // Check if the error is a STGeneralError
+                logDebugMessage(`Caught error: ${error}`);
+                if (error.isSuperTokensGeneralError === true) {
+                  logDebugMessage(`Got general error with reason: ${error.message}`);
+
+                  // Check if the message is one of the not allowed defined errors.
+                  if (Object.values(NOT_ALLOWED_TO_SIGNUP_REASONS).includes(error.message)) {
+                    logDebugMessage("Found not-allowed to signup flow, redirecting");
+
+                    // Update the message before re-throwing the error
+                    error.message = "Not allowed to signup to tenant";
+
+                    // TODO: Redirect the user to not allowed to signup view
+                  }
+                }
+
+                throw error;
+              }
+
               logDebugMessage(`response: ${signUpResponse}`);
+
               if ((signUpResponse.status as any) !== "PENDING_APPROVAL") {
                 return signUpResponse;
               }

shared/tenants/src/errors.ts

@@ -0,0 +1,5 @@
+export const NOT_ALLOWED_TO_SIGNUP_REASONS = {
+  INVITE_ONLY: "INVITE_ONLY",
+  EMAIL_DOMAIN_NOT_ALLOWED: "EMAIL_DOMAIN_NOT_ALLOWED",
+  IDP_NOT_ALLOWED: "IDP_NOT_ALLOWED",
+};

shared/tenants/src/index.ts

@@ -1,2 +1,3 @@
-export * from './types';
-export * from './roles';
+export * from "./types";
+export * from "./roles";
+export * from "./errors";