@ory/elements-react 1.0.0-pr.5494d7c2 → 1.0.0-pr.97a7df82

package/CHANGELOG.md

@@ -1,3 +1,16 @@
+## 1.0.0-rc.4 (2025-05-15)
+
+### 🩹 Fixes
+
+- properly handle missing fields in OIDC registration ([#534](https://github.com/ory/elements/pull/534))
+- incorrect if branching in handle error ([#533](https://github.com/ory/elements/pull/533))
+- re-enable method chooser on mfa method active screens ([#530](https://github.com/ory/elements/pull/530))
+
+### ❤️ Thank You
+
+- hackerman @aeneasr
+- Jonas Hungershausen
+
 ## 1.0.0-rc.3 (2025-05-09)
 
 ### 🩹 Fixes

package/dist/index.js

@@ -322,6 +322,8 @@ function parseStateFromFlow(flow) {
         return { current: "method_active", method: "code" };
       } else if (methodWithMessage) {
         return { current: "method_active", method: methodWithMessage.group };
+      } else if ((_a = flow.flow.ui.messages) == null ? void 0 : _a.some((m) => m.id === 1010016)) {
+        return { current: "select_method" };
       } else if (flow.flow.active && !["default", "identifier_first"].includes(flow.flow.active)) {
         return { current: "method_active", method: flow.flow.active };
       } else if (isChoosingMethod(flow)) {
@@ -330,8 +332,6 @@ function parseStateFromFlow(flow) {
           return { current: "method_active", method: authMethods[0] };
         }
         return { current: "select_method" };
-      } else if ((_a = flow.flow.ui.messages) == null ? void 0 : _a.some((m) => m.id === 1010016)) {
-        return { current: "select_method" };
       }
       return { current: "provide_identifier" };
     }
@@ -682,6 +682,134 @@ function replaceWindowFlowId(flow) {
   url.searchParams.set("flow", flow);
   window.location.href = url.toString();
 }
+function isGenericErrorResponse(response) {
+  return typeof response === "object" && !!response && "error" in response && typeof response.error === "object" && !!response.error && "id" in response.error;
+}
+function isNeedsPrivilegedSessionError(response) {
+  return isGenericErrorResponse(response) && response.error.id === "session_refresh_required";
+}
+function isSelfServiceFlowExpiredError(response) {
+  return isGenericErrorResponse(response) && response.error.id === "self_service_flow_expired";
+}
+function isBrowserLocationChangeRequired(response) {
+  return isGenericErrorResponse(response) && isGenericErrorResponse(response) && response.error.id === "browser_location_change_required";
+}
+function isAddressNotVerified(response) {
+  return isGenericErrorResponse(response) && response.error.id === "session_verified_address_required";
+}
+function isCsrfError(response) {
+  return isGenericErrorResponse(response) && response.error.id === "security_csrf_violation";
+}
+var isResponseError = (err) => {
+  if (err instanceof clientFetch.ResponseError) {
+    return true;
+  }
+  return typeof err === "object" && !!err && "name" in err && err.name === "ResponseError";
+};
+var isFetchError = (err) => {
+  return err instanceof clientFetch.FetchError;
+};
+
+// src/util/sdk-helpers/urlHelpers.ts
+var verificationUrl = (config) => config.sdk.url + "/self-service/verification/browser";
+var handleFlowError = (opts) => async (err) => {
+  var _a;
+  if (!isResponseError(err)) {
+    if (isFetchError(err)) {
+      throw new clientFetch.FetchError(
+        err,
+        "Unable to call the API endpoint. Ensure that CORS is set up correctly and that you have provided a valid SDK URL to Ory Elements."
+      );
+    }
+    throw err;
+  }
+  const contentType = err.response.headers.get("content-type") || "";
+  if (contentType.includes("application/json")) {
+    const body = await toBody(err.response);
+    if (isSelfServiceFlowExpiredError(body)) {
+      opts.onRestartFlow(body.use_flow_id);
+      return;
+    } else if (isAddressNotVerified(body)) {
+      for (const continueWith of ((_a = body.error.details) == null ? void 0 : _a.continue_with) || []) {
+        if (continueWith.action === "show_verification_ui" && continueWith.flow.url) {
+          opts.onRedirect(continueWith.flow.url, true);
+          return;
+        }
+      }
+      opts.onRedirect(verificationUrl(opts.config), true);
+      return;
+    } else if (isBrowserLocationChangeRequired(body) && body.redirect_browser_to) {
+      opts.onRedirect(body.redirect_browser_to, true);
+      return;
+    } else if (isNeedsPrivilegedSessionError(body) && body.redirect_browser_to) {
+      opts.onRedirect(body.redirect_browser_to, true);
+      return;
+    } else if (isCsrfError(body)) {
+      opts.onRestartFlow();
+      return;
+    }
+    switch (err.response.status) {
+      case 404:
+        opts.onRestartFlow();
+        return;
+      case 410:
+        opts.onRestartFlow();
+        return;
+      case 400:
+        return opts.onValidationError(
+          await err.response.json()
+        );
+      case 403:
+        opts.onRestartFlow();
+        return;
+      case 422: {
+        throw new clientFetch.ResponseError(
+          err.response,
+          "The API returned an error code indicating a required redirect, but the SDK is outdated and does not know how to handle the action. Received response: " + await err.response.json()
+        );
+      }
+    }
+    throw new clientFetch.ResponseError(
+      err.response,
+      "The Ory API endpoint returned a response code the SDK does not know how to handle. Please check the network tab for more information. Received response: " + await err.response.json()
+    );
+  } else if (
+    // Not a JSON response? If it's a text response we will return an error informing the user that the response is not JSON.
+    contentType.includes("text/") || contentType.includes("html") || contentType.includes("xml")
+  ) {
+    await logResponseError(err.response, true);
+    throw new clientFetch.ResponseError(
+      err.response,
+      `The Ory API endpoint returned an unexpected HTML or text response. Check your console output for details.`
+    );
+  }
+  await logResponseError(err.response, false);
+  throw new clientFetch.ResponseError(
+    err.response,
+    "The Ory API endpoint returned unexpected content type `" + contentType + "`.  Check your console output for details."
+  );
+};
+async function toBody(response) {
+  try {
+    return await response.clone().json();
+  } catch (e) {
+    await logResponseError(response, true, [e]);
+    throw new clientFetch.ResponseError(
+      response,
+      "Unable to decode API response using JSON."
+    );
+  }
+}
+async function logResponseError(response, printBody, wrap) {
+  console.error("Unable to decode API response", {
+    response: {
+      status: response.status,
+      headers: Object.fromEntries(response.headers.entries()),
+      body: printBody ? await response.clone().text() : void 0
+    },
+    errors: wrap
+  });
+}
 
 // src/util/onSubmitLogin.ts
 async function onSubmitLogin({ flow }, config, {
@@ -703,7 +831,7 @@ async function onSubmitLogin({ flow }, config, {
     window.location.href = // eslint-disable-next-line promise/always-return
     (_a2 = flow.return_to) != null ? _a2 : config.sdk.url + "/self-service/login/browser";
   }).catch(
-    clientFetch.handleFlowError({
+    handleFlowError({
       onRestartFlow: (useFlowId) => {
         if (useFlowId) {
           replaceWindowFlowId(useFlowId);
@@ -717,7 +845,8 @@ async function onSubmitLogin({ flow }, config, {
           flowType: clientFetch.FlowType.Login
         });
       },
-      onRedirect
+      onRedirect,
+      config
     })
   );
 }
@@ -742,7 +871,7 @@ async function onSubmitRecovery({ flow }, config, {
       flowType: clientFetch.FlowType.Recovery
     });
   }).catch(
-    clientFetch.handleFlowError({
+    handleFlowError({
       onRestartFlow: (useFlowId) => {
         if (useFlowId) {
           replaceWindowFlowId(useFlowId);
@@ -761,7 +890,8 @@ async function onSubmitRecovery({ flow }, config, {
           });
         }
       },
-      onRedirect
+      onRedirect,
+      config
     })
   );
 }
@@ -796,7 +926,7 @@ async function onSubmitRegistration({ flow }, config, {
     }
     onRedirect(clientFetch.registrationUrl(config), true);
   }).catch(
-    clientFetch.handleFlowError({
+    handleFlowError({
       onRestartFlow: (useFlowId) => {
         if (useFlowId) {
           replaceWindowFlowId(useFlowId);
@@ -810,7 +940,8 @@ async function onSubmitRegistration({ flow }, config, {
           flowType: clientFetch.FlowType.Registration
         });
       },
-      onRedirect
+      onRedirect,
+      config
     })
   );
 }
@@ -835,7 +966,7 @@ async function onSubmitSettings({ flow }, config, {
       flowType: clientFetch.FlowType.Settings
     });
   }).catch(
-    clientFetch.handleFlowError({
+    handleFlowError({
       onRestartFlow: (useFlowId) => {
         if (useFlowId) {
           replaceWindowFlowId(useFlowId);
@@ -849,7 +980,8 @@ async function onSubmitSettings({ flow }, config, {
           flowType: clientFetch.FlowType.Settings
         });
       },
-      onRedirect
+      onRedirect,
+      config
     })
   ).catch((err) => {
     if (clientFetch.isResponseError(err)) {
@@ -877,7 +1009,7 @@ async function onSubmitVerification({ flow }, config, {
       flowType: clientFetch.FlowType.Verification
     })
   ).catch(
-    clientFetch.handleFlowError({
+    handleFlowError({
       onRestartFlow: (useFlowId) => {
         if (useFlowId) {
           replaceWindowFlowId(useFlowId);
@@ -891,7 +1023,8 @@ async function onSubmitVerification({ flow }, config, {
           flowType: clientFetch.FlowType.Verification
         });
       },
-      onRedirect
+      onRedirect,
+      config
     })
   );
 }