Push newAnchor into LoginData (#2278)

The authentication flow returns whether the user authenticated with a new or existing anchor. This data is used tailor subsequent flows to new vs returning users. Originally this information was added to all return types (success & error alike) for simplicity, although it only ever makes sense to return it upon successful authentication (until now we just defaulted to "not a new anchor" upon failures). As we start passing more data through the flow (like whether the user used PIN or not) this shortcut became a bit problematic, so these changes push the `newAnchor` information deeper into the success state.
dfinity · Feb 16, 2024 · 9f645c2 · 9f645c2
1 parent 9e90921
commit 9f645c2
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 24 deletions.
diff --git a/src/frontend/src/components/authenticateBox.ts b/src/frontend/src/components/authenticateBox.ts
@@ -92,11 +92,11 @@ export const authenticateBox = async ({
 
   // Retry until user has successfully authenticated
   for (;;) {
-    const { newAnchor, ...result } = await promptAuth();
+    const result = await promptAuth();
     const loginData = await handleLoginFlowResult(result);
 
     if (nonNullish(loginData)) {
-      return { ...loginData, newAnchor };
+      return loginData;
     }
   }
 };
@@ -163,7 +163,7 @@ export const authenticateBoxFlow = async <T, I>({
     pinIdentityMaterial: I;
   }) => Promise<"valid" | "expired">;
   registerFlowOpts: Parameters<typeof registerFlow<T>>[0];
-}): Promise<LoginFlowResult<T> & { newAnchor: boolean }> => {
+}): Promise<LoginFlowResult<T, { newAnchor: boolean }>> => {
   const pages = authnScreens(i18n, { ...templates });
 
   // The registration flow for a new identity
@@ -197,7 +197,7 @@ export const authenticateBoxFlow = async <T, I>({
 
   // Prompt for an identity number
   const doPrompt = async (): Promise<
-    LoginFlowResult<T> & { newAnchor: boolean }
+    LoginFlowResult<T, { newAnchor: boolean }>
   > => {
     const result = await pages.useExisting();
     if (result.tag === "submit") {
@@ -219,11 +219,17 @@ export const authenticateBoxFlow = async <T, I>({
     }
 
     result satisfies { tag: "recover" };
-    const result2 = await recover();
-    return {
-      newAnchor: false,
-      ...result2,
-    };
+
+    const recoverResult = await recover();
+    if (recoverResult.tag === "ok") {
+      // If an anchor was recovered, then it's _not_ a new anchor
+      return {
+        newAnchor: false,
+        ...recoverResult,
+      };
+    } else {
+      return recoverResult;
+    }
   };
 
   // If there _are_ some anchors, then we show the "pick" screen, otherwise
@@ -250,9 +256,9 @@ export const authenticateBoxFlow = async <T, I>({
   }
 };
 
-export const handleLoginFlowResult = async <T>(
-  result: LoginFlowResult<T>
-): Promise<LoginData<T> | undefined> => {
+export const handleLoginFlowResult = async <T, E>(
+  result: LoginFlowResult<T, E>
+): Promise<LoginData<T, E> | undefined> => {
   switch (result.tag) {
     case "ok":
       await setAnchorUsed(result.userNumber);
@@ -619,7 +625,7 @@ const useIdentityFlow = async <T, I>({
     pin: string;
     pinIdentityMaterial: I;
   }) => Promise<LoginFlowResult<T> | { tag: "err"; message: string }>;
-}): Promise<LoginFlowResult<T> & { newAnchor: boolean }> => {
+}): Promise<LoginFlowResult<T, { newAnchor: boolean }>> => {
   const pinIdentityMaterial: I | undefined = await withLoader(() =>
     retrievePinIdentityMaterial({
       userNumber,
@@ -669,10 +675,7 @@ const useIdentityFlow = async <T, I>({
   });
 
   if (result.kind === "canceled") {
-    return {
-      newAnchor: false,
-      tag: "canceled",
-    } as const;
+    return { tag: "canceled" } as const;
   }
 
   if (result.kind === "passkey") {
@@ -683,7 +686,12 @@ const useIdentityFlow = async <T, I>({
   result satisfies { kind: "pin" };
   const { result: pinResult } = result;
 
-  return { newAnchor: false, ...pinResult };
+  if (pinResult.tag === "ok") {
+    // We log in with an existing PIN anchor, meaning it is _not_ a new anchor
+    return { newAnchor: false, ...pinResult };
+  } else {
+    return pinResult;
+  }
 };
 
 // Use a passkey, with concrete impl.

diff --git a/src/frontend/src/utils/flowResult.ts b/src/frontend/src/utils/flowResult.ts
@@ -2,19 +2,19 @@ import { DynamicKey } from "$src/utils/i18n";
 import { ApiResult, AuthenticatedConnection } from "./iiConnection";
 import { webAuthnErrorCopy } from "./webAuthnErrorUtils";
 
-export type LoginFlowResult<T = AuthenticatedConnection> =
-  | LoginFlowSuccess<T>
+export type LoginFlowResult<T = AuthenticatedConnection, E = object> =
+  | LoginFlowSuccess<T, E>
   | LoginFlowError
   | LoginFlowCanceled;
 
-export type LoginFlowSuccess<T = AuthenticatedConnection> = {
+export type LoginFlowSuccess<T = AuthenticatedConnection, E = object> = {
   tag: "ok";
-} & LoginData<T>;
+} & LoginData<T, E>;
 
-export type LoginData<T = AuthenticatedConnection> = {
+export type LoginData<T = AuthenticatedConnection, E = object> = {
   userNumber: bigint;
   connection: T;
-};
+} & E;
 
 export type LoginFlowError = {
   tag: "err";