feat: distinguish between missing and invalid state (#1099)

frederikprijck · web-flow · commit 3c588e9a2c74 · 2023-05-22T13:18:46.000+02:00
diff --git a/__tests__/Auth0Client/handleRedirectCallback.test.ts b/__tests__/Auth0Client/handleRedirectCallback.test.ts
@@ -30,6 +30,7 @@ import {
 } from '../constants';
 
 import { DEFAULT_AUTH0_CLIENT } from '../../src/constants';
+import { GenericError } from '../../src';
 
 jest.mock('es-cookie');
 jest.mock('../../src/jwt');
@@ -204,6 +205,9 @@ describe('Auth0Client', () => {
 
       expect(error).toBeDefined();
       expect(error.message).toBe('Invalid state');
+      expect(error.error).toBe('missing_transaction');
+      expect(error).toBeInstanceOf(Error);
+      expect(error).toBeInstanceOf(GenericError);
     });
 
     it('returns the transactions appState', async () => {
@@ -269,8 +273,9 @@ describe('Auth0Client', () => {
 
     it('should fail with an error if the state in the transaction does not match the request', async () => {
       const auth0 = setup();
+      let error;
 
-      await expect(async () => {
+      try {
         await loginWithRedirect(
           auth0,
           {},
@@ -281,7 +286,15 @@ describe('Auth0Client', () => {
             }
           }
         );
-      }).rejects.toEqual(new Error('Invalid state'));
+      } catch (e) {
+        error = e;
+      }
+
+      expect(error).toBeDefined();
+      expect(error.message).toBe('Invalid state');
+      expect(error.error).toBe('state_mismatch');
+      expect(error).toBeInstanceOf(Error);
+      expect(error).toBeInstanceOf(GenericError);
     });
 
     it('should not validate the state if there is no state in the transaction', async () => {
diff --git a/src/Auth0Client.ts b/src/Auth0Client.ts
@@ -493,7 +493,7 @@ export class Auth0Client {
     const transaction = this.transactionManager.get();
 
     if (!transaction) {
-      throw new Error('Invalid state');
+      throw new GenericError('missing_transaction', 'Invalid state');
     }
 
     this.transactionManager.remove();
@@ -512,7 +512,7 @@ export class Auth0Client {
       !transaction.code_verifier ||
       (transaction.state && transaction.state !== state)
     ) {
-      throw new Error('Invalid state');
+      throw new GenericError('state_mismatch', 'Invalid state');
     }
 
     const organizationId = transaction.organizationId;

Original file line number	Diff line number	Diff line change
`@@ -493,7 +493,7 @@ export class Auth0Client {`
`493`	`493`	`const transaction = this.transactionManager.get();`
`494`	`494`
`495`	`495`	`if (!transaction) {`
`496`		`- throw new Error('Invalid state');`
	`496`	`+ throw new GenericError('missing_transaction', 'Invalid state');`
`497`	`497`	`}`
`498`	`498`
`499`	`499`	`this.transactionManager.remove();`
`@@ -512,7 +512,7 @@ export class Auth0Client {`
`512`	`512`	`!transaction.code_verifier \|\|`
`513`	`513`	`(transaction.state && transaction.state !== state)`
`514`	`514`	`) {`
`515`		`- throw new Error('Invalid state');`
	`515`	`+ throw new GenericError('state_mismatch', 'Invalid state');`
`516`	`516`	`}`
`517`	`517`
`518`	`518`	`const organizationId = transaction.organizationId;`