Reload refresh token if required

[elie222]

Summary by CodeRabbit

• New Features

  • Enhanced permission validation with additional refresh token checks.
  • Added a new consent page for handling missing user permissions.

• Bug Fixes

  • Improved error handling for authentication and permission scenarios.
  • Updated login flow to handle re-consent requirements.

• Documentation

  • Refined error messaging for user-facing permission and authentication flows.

• Chores

  • Updated authentication and token management logic across multiple components.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
inbox-zero	✅ Ready (Inspect)	Visit Preview	Jan 2, 2025 5:38pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This pull request introduces enhancements to the authentication and permissions flow in the web application. Key changes include the addition of a refresh token check in the PermissionsCheck component, the creation of a new consent page for users lacking consent, and modifications to error handling across several components. The updates ensure that users are redirected appropriately based on their permission status and consent, refining the overall control flow of user authentication and permission management.

Changes

File	Change Summary
apps/web/app/(app)/PermissionsCheck.tsx	Added check for refresh token presence, redirecting to consent page if token is missing
apps/web/app/(app)/permissions/consent/page.tsx	New component for displaying consent error page with sign-in option
apps/web/app/(app)/permissions/error/page.tsx	Updated error message text and logout URL with new error parameter
apps/web/app/(landing)/login/LoginForm.tsx	Modified signIn function to handle consent parameter conditionally
apps/web/app/(landing)/login/page.tsx	Refined error message rendering logic
apps/web/app/api/auth/[...nextauth]/auth.ts	Added dynamic authentication options processing based on consent parameter
apps/web/components/TokenCheck.tsx	Enhanced error handling with redirection for "RequiresReconsent" error
apps/web/utils/actions/permissions.ts	Updated checkPermissionsAction to include refresh token checks
apps/web/utils/auth.ts	Improved authentication options, refresh token handling, and type definitions

Possibly Related PRs

• Reload refresh token if required #286: The changes in this PR directly modify the PermissionsCheck component to include an additional check for the presence of a refresh token, which aligns with the modifications made in the main PR that also enhances the control flow by adding a check for a valid refresh token.

Poem

🐰 In a world of tokens, both bright and bold,
A rabbit hops through stories untold.
With checks and consents, we dance in delight,
Redirecting to pages, making things right.
So sign in again, let permissions take flight! 🔐

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 86d4b0f and d8408bc.

📒 Files selected for processing (2)

• apps/web/app/(app)/permissions/consent/page.tsx (1 hunks)
• apps/web/app/api/auth/[...nextauth]/auth.ts (1 hunks)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

apps/web/app/api/auth/[...nextauth]/auth.ts (2)

7-7: Consider renaming for clarity.

Since authOptions is later overridden by a dynamic return within NextAuth, consider renaming this constant to something like defaultAuthOptions to clarify it’s the baseline.

-const authOptions = getAuthOptions();
+const defaultAuthOptions = getAuthOptions();

---

12-23: Dynamic auth options look good; consider edge cases.

Switching authentication options based on the consent parameter is useful. However, consider edge cases like invalid query parameters. Make sure any future query parameters you add in req.url don’t conflict with the consent logic.

apps/web/app/(app)/permissions/consent/page.tsx (1)

8-38: New consent page is succinct and consistent with the design.

The layout is clean and the message is clear. Minor mismatch: The component is named PermissionsErrorPage but the text references consent. Consider harmonizing to reflect “Consent” in the component name for clarity.

-export default function PermissionsErrorPage() {
+export default function PermissionsConsentPage() {

apps/web/utils/auth.ts (1)

263-274: Ensure robust logging for missing refresh tokens.
Logging an error and capturing an exception when the refreshToken is null is a good approach to diagnosing token mishandling. Consider whether to escalate this via user-facing messaging or solely rely on logs.

apps/web/utils/actions/permissions.ts (1)

27-39: Distinct separation of hasRefreshToken status.
The new logic clarifies whether a user is missing a refresh token or is fully permissioned, improving control flows in higher-level components. You might want to unify these checks with the existing error returns for easier extension in the future.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bac227e and 86d4b0f.

📒 Files selected for processing (9)

• apps/web/app/(app)/PermissionsCheck.tsx (1 hunks)
• apps/web/app/(app)/permissions/consent/page.tsx (1 hunks)
• apps/web/app/(app)/permissions/error/page.tsx (1 hunks)
• apps/web/app/(landing)/login/LoginForm.tsx (2 hunks)
• apps/web/app/(landing)/login/page.tsx (1 hunks)
• apps/web/app/api/auth/[...nextauth]/auth.ts (1 hunks)
• apps/web/components/TokenCheck.tsx (1 hunks)
• apps/web/utils/actions/permissions.ts (1 hunks)
• apps/web/utils/auth.ts (3 hunks)

🔇 Additional comments (10)

apps/web/app/api/auth/[...nextauth]/auth.ts (2)

2-3: Good import refactoring for modularization.

Importing getAuthOptions and createScopedLogger neatly separates concerns. This makes the authentication logic more readable and easier to maintain.

---

5-5: Logger usage is a solid addition.

Instantiating a scoped logger will improve observability and help trace execution flow for the auth logic.

apps/web/components/TokenCheck.tsx (1)

14-18: Clear error handling and redirection logic.

Handling each error case separately is straightforward and improves maintainability. Good work returning immediately to prevent unintended fall-through.

apps/web/app/(app)/PermissionsCheck.tsx (1)

18-18: Refresh token check aligns with broader consent flow.

It’s consistent to redirect to /permissions/consent when the refresh token is missing. This ensures a clear path for re-consent if needed.

apps/web/app/(app)/permissions/error/page.tsx (1)

12-12: Update to display and logout behavior is user-friendly.

Changing the heading to “We are missing permissions” shifts perspective in a welcoming way. Passing an error parameter on logout effectively channels the user to re-consent. This helps unify the consent handling flow.

Also applies to: 20-23

apps/web/app/(landing)/login/LoginForm.tsx (2)

3-3: Good practice for import ordering.
The import for useState at the top is a nice tidy approach, keeping dependencies organized for better clarity.

---

56-66: Conditional parameter in signIn call.
The logic to spread the callbackUrl conditionally is clear. Including consent only when error === "RequiresReconsent" is a good approach to handle these specific flows.

apps/web/app/(landing)/login/page.tsx (1)

44-44: Refine user experience for custom error states.
Hiding the generic error UI for RequiresReconsent ensures the user is not shown a confusing failure message when prompting re-consent. This is a clean, user-friendly approach to error handling and re-consent flows.

apps/web/utils/auth.ts (1)

26-28: Clarity for getAuthOptions signature.
Exporting getAuthOptions with a clear consent parameter helps keep the authentication flow explicit. The typed approach ensures usage clarity across the codebase.

apps/web/utils/actions/permissions.ts (1)

25-26: Early return for insufficient permissions.
This short-circuit return keeps the flow streamlined by making it clear when the user lacks certain permissions.