fix: minor UX improvements (#811)

* fix: show access denied when no next factor is available

* test: update tests to match new behaviour

* chore: add css files to npmignore since they are already bundled

* fix: make clearOnSubmit only clear on errors

* fix: make SessionAuth not set the context before navigation

* feat: make the name optional for custom provider configs

* chore: update changelog

* chore: remove outdated branch reference from test server deps

* docs: fix examples relying on react-router-dom skipping navigation to the current page

* fix: make validation failure redirection aware of the current url

* test: add tests for sessionauth validation failure redirection

* refactor: review comments

* feat: make sessionauth throw if onFailureRedirectionURL returns a relative path

* feat: validate the failure redirect url during success redirection

Author: porcellus

.npmignore

@@ -1,4 +1,5 @@
 **/*.ts
+**/*.css
 **/*.tsx
 !**/*.d.ts
 .git/

CHANGELOG.md

@@ -7,6 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.40.0] - 2024-04-15
+
+### Breaking Changes
+
+-   `onFailureRedirection` is no longer allowed to return relative paths.
+-   We now throw an error if `onFailureRedirection` returns the current URL or path when:
+    -   redirecting away from the auth page (`websiteBasePath`, usually `/auth`) when a session already exists
+    -   redirecting after sign in/up
+    -   redirecting after successful email verification
+    -   redirecting after a successful MFA factor completion
+
+### Changes
+
+-   We now redirect to the factor chooser screen if the MFA claim validator fails even if there is no available next factor. This will always show an access denied screen, which should help debugging.
+-   `clearOnSubmit` now only clears the field value if the request returned an error. This is because the form navigates on success, making clearing the field unnecessary (which can lead to confusing UX if the navigation takes too long).
+-   Fixed an issue where `SessionAuth` contents popped in before navigating away if a claim validator failed:
+    -   Now we ony set the context if `onFailureRedirection` returned the current URL.
+    -   Now we ony call the navigation function if `onFailureRedirection` returned something different than the current URL.
+-   Made the `name` property optional in custom provider configs for usage with `usesDynamicLoginMethods`, where the tenant configuration is expected to set the name dynamically.
+    -   Note, that not setting the name will make the UI crash if the `usesDynamicLoginMethods` is set to `false` or if the tenant configuration doesn't include a provider list.
+
 ## [0.39.1] - 2024-03-27
 
 -   Fixes how we fetch the component to render based on the current path to take into account non auth recipes correctly.

examples/for-tests-react-16/src/App.js

@@ -57,7 +57,8 @@ export function getApiDomain() {
 export function getWebsiteDomain() {
     const websitePort = process.env.REACT_APP_WEBSITE_PORT || 3031;
     const websiteUrl = process.env.REACT_APP_WEBSITE_URL || `http://localhost:${websitePort}`;
-    return websiteUrl;
+
+    return getQueryParams("websiteDomain") ?? websiteUrl;
 }
 
 /*

examples/for-tests/src/App.js

@@ -54,7 +54,7 @@ export function getApiDomain() {
 export function getWebsiteDomain() {
     const websitePort = process.env.REACT_APP_WEBSITE_PORT || 3031;
     const websiteUrl = process.env.REACT_APP_WEBSITE_URL || `http://localhost:${websitePort}`;
-    return websiteUrl;
+    return getQueryParams("websiteDomain") ?? websiteUrl;
 }
 
 /*