From 040b2e336ec295004f854dd502570cee887e8b82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phan=20Kochen?= <git@stephank.nl>
Date: Thu, 21 Nov 2024 14:30:57 +0100
Subject: [PATCH] Allow retrying code form

Fixes #762
---
 lang/de.mo                  | Bin 3081 -> 3174 bytes
 lang/de.po                  |   3 ++
 lang/en.mo                  | Bin 2931 -> 3027 bytes
 lang/en.po                  |   3 ++
 lang/fr.mo                  | Bin 3234 -> 3326 bytes
 lang/fr.po                  |   3 ++
 lang/fr_CA.mo               | Bin 3245 -> 3337 bytes
 lang/fr_CA.po               |   3 ++
 lang/nl.mo                  | Bin 3016 -> 3110 bytes
 lang/nl.po                  |   3 ++
 res/static/style.css        |   3 ++
 src/bridges/email.rs        |  88 ++++++++++++++++++++++++------------
 src/web.rs                  |  10 ++++
 tmpl/confirm_email.mustache |   5 ++
 14 files changed, 92 insertions(+), 29 deletions(-)

diff --git a/lang/de.mo b/lang/de.mo
index 4c9055b56b35b0219dd62adb06dc8700cfa29ab1..e7568c8afd015f3fa9c351a874280cf10bbb479f 100644
GIT binary patch
delta 605
zcmXxh&nrYx6u|Lg%-|Wne@>CP`I*fmKT9c5enw(Jv3cHHL#BE4(1gX5ol;6<E!o&k
zDY9Z|Yb_fVYW@JS@VyVG&i%Z5d#`uSxrdSWNam#~cqT+W*+@Q<QSvB{g(wP$%%FvX
zxQO$3g4OtjHTa2>Se7r+iA!kC53mW(u^(@69CKJJl99fkNDBwk*n=)c@Dlg%{%=1J
z5@}~YhYOg-E_}je{6-s>3Pcikho+$BLXja%;tF1)X|S-!{3j#Q!NV*E!)OXPMl*>=
zY{gd`!H~r}IDuwbhp6xZ$M69g&?*+$$2K(YU7#uS7Bzn0D9(l1^M5(zVH3a5Or1vj
zs9<GEQbJbxCn9|7M;$ATNcrzpO8;b}!oY;)rHrg1|HE8|xiV7}w<Xjo7R~t)&gSx_
z0#V0}Yqjg{D4p8Yo{p=uy`?r%j_Y~a*^XtqgT0}s_LSa8C3Hfs>XcTa=9{$bsWm&f
M<*diDaqBAZ11@4kp8x;=

delta 531
zcmXZZy)Q#i7{~EnuUnLQtBadxSwv#eqzQ>e)Juq=1|4<ja3fyQfyPjxHZh3F$iis5
z|A53oFj^&+E*2uOSbWdD_eq}f$$4&0&U2sBbkE$zd&<5PF-WG#7cxU0#aM_hEaErL
z;G89`V;%eP6&?J*Rs6*XEVP96Z5(0Wz$v`O6@0@1%F5VMjzSJy+{8MbMEgG+XYa(N
z66P_B7r24<Siy8FXYm+KBTbyeY@1ZZDvshantMKRjr(P{hYgg_OyCs9@D>;F2@9A^
zNJCh}W%O_u@9+>Gqwh-{VS{D#sGs8^{zUufPHBhz6~?$fh+bB{n~^9*_L2O6x=9mV
zB!duVf?&#`uOOIY@O=DG@Fb?#V-_MAB8C(^6Fo}vyESjGTB&Uvc)nxhEq~vhjQbCX
G8|xpi(K4X`

diff --git a/lang/de.po b/lang/de.po
index 6e56a4cf..8a249525 100644
--- a/lang/de.po
+++ b/lang/de.po
@@ -29,6 +29,9 @@ msgstr "Benutze den Link in der Email für den Login bei"
 msgid "Alternatively, enter the code from the email to continue in this browser tab:"
 msgstr "Alternativ gebe in diesem Browsertab den in der Email stehenden Code ein:"
 
+msgid "The code you entered was incorrect."
+msgstr "Der eingegebene Code war falsch."
+
 msgid "The request is invalid, and could not be completed."
 msgstr "Dieser Seitenaufruf ist fehlerhaft, und wir können ihn nicht beenden."
 
diff --git a/lang/en.mo b/lang/en.mo
index 31c181567e4f320e39c6eeb5c59f8fc8d7131f01..0ca68f1d842e58c355aa93bbaf4ca85e7e53418c 100644
GIT binary patch
delta 610
zcma*kze@sf7{~EPGxM^n%pVPrM}g83K~&H`ApJyYNN^H8!o|zWkQx%28X6*qhQ`Jq
z0-+)N4;mV(wW&s@rXZsCb7y-GJl_}JFL&JM`QB&ZIoW)R1}=n3(&O|CouW^DEL6xZ
zvW^BW;WlpKIga87#_$W5G14P4jd|4bW1PTCT)=zGVh7_QO_>jfOmVP^b7<ojUgIIQ
zyZgmnku>`pZeasw@evF7jYZ4{MRxE3HTYzo7kn2r_zi0CAB^#RiH5x78Pw!8)Z|yF
z$?s5;KVcSwhMQbAP=l9IgP))VZ=(i(?e25^UhoQP@H5ol?^xjb5)XUHYpA!*AZ`t_
za!WEmkGLlyyyI4al>ubP+sa^9u2i@%VR(tqQTnfRD4kq?HGfOUCk8{g6>fEWEB;i;
oE?ee-y>D98y5(49vr*hLE7g+iI991X)5;iY{?<|O_J2?Q0#TJmRR910

delta 531
zcmXZZF)u?=7{>9Z*QJW0Rb^<6!XRl<3_4)C>0n_bkq(UzA<@gwh#Kq$vHB8?U5vsc
zj1r5*QV|x5|9ei~<UPN8&dtqv&biMM-}%;CHoO*<rwjBWU8GMF3{(f#@C%o4Igr+|
ziDUSLIef<|{^BgI^!W8XoMPU>MZCcXUvQjd6+@}aLK!D<2b*}_o&Vu9^IWgAffX#_
zC2ry!*09jWw|IsY_yaBQe9{L#L<@Y67Wfsb?5|HAEb&6Wf3c00I7Ul+g%Lg=iIq+H
zz%yupx6lF~cjq0nz^MTrxP%t?0xj?@THwr}lwf~Xql~Qk4KPD<01eYtX_|`=-?-wI
xMIKk&r2BoG!=2C;M{J;mJmQkvsmUg-?#K0`gIc_MQg6>CD?z&v{)7xs@DGt;G0^}3

diff --git a/lang/en.po b/lang/en.po
index daf4c63f..957dd9a1 100644
--- a/lang/en.po
+++ b/lang/en.po
@@ -29,6 +29,9 @@ msgstr "Use the link in that email to login to"
 msgid "Alternatively, enter the code from the email to continue in this browser tab:"
 msgstr "Alternatively, enter the code from the email to continue in this browser tab:"
 
+msgid "The code you entered was incorrect."
+msgstr "The code you entered was incorrect."
+
 msgid "The request is invalid, and could not be completed."
 msgstr "The request is invalid, and could not be completed."
 
diff --git a/lang/fr.mo b/lang/fr.mo
index cfc7e53fcb4e02513e9395684adee79801fab586..07c1661a507493d47351157785cb27af10406af4 100644
GIT binary patch
delta 604
zcmYk(ze_?<6u|MLY5B6OG%F$WVGy)LB-xK8nj$Oc2b55Y=qrTsky@gQP-_qc(HaFo
zv(ON2EkO+p(a_M==pPVN^u14m4xIaW_i*2P_uP9C_z9HXy^d2My2)Phg$$90HU`3F
z7nw&5CvX*)@C1GMft~n?Gw5j$8NfKI`aTBn45N61(^y5nNLfZ4B7GEQF@h%c;3byu
zu09`iiu5yIz-27p5I*7>eqjRRjUt<Pi(43O5{cmvZr~fL2B%!A=`t_zutK4TWB80}
z1DaOrB#i2ZbGVM@$j;>()rWk|BI6iARo}*AJU|`&Zjnih;v(+V=MT8U|Hak9Vl1IL
zbsDjvosm-#%F<y~MEIr^U5qp$ZMCVi)>Rwez=Y<-Lwd=-P}iZZOkFj%CG1}`nzh1R
zsoG-pP|{2pdePj~jZEIi8Y#Vy$m!`!(#&R!WPY$R?6`6U4c%InOQdsY{r)<iNaz2r
IdDWimzZNq_YybcN

delta 531
zcmXZZy-Px26vy$Ow|jfBH?`Y~q1IB-78p@USW^@<l+aR(kcDvxDru0&pg$mjT7{b1
z?$lOm<QPFi(BfQ6OAvkUqX*9O@f^II=jAVc7q5K8>>CjSWP*GlljLcLh4{iX{Kk3A
zTG9rVu@7tL;wP@)4^HA@OQXM!De4N&U=^3~75ix`X-jDuX&k~mEaQ2z{>5=>*O79V
z!704NEqug0CR+Ix&(Om<u41lD+Qll4pwli5;uvl+Ukm)0rE!hH25K0bppL=7NQbnI
zJIIdpgmd`TtfOJ+ih2S^@d2~=j_Www*{D4{q`t=sOm#^i=9`GH@_#cRhEb9OsD})q
zo8%(Iw<fq{u|E^sq<KCLXr3f!_67^V3=>?Ec_#KOEqSHF(LugcJSq6Dm9hL|`_}QN
H!_U?~+x0Sm

diff --git a/lang/fr.po b/lang/fr.po
index 08f583ab..504f0388 100644
--- a/lang/fr.po
+++ b/lang/fr.po
@@ -29,6 +29,9 @@ msgstr "Utilisez le lien contenu dans cet e-mail pour vous connecter à"
 msgid "Alternatively, enter the code from the email to continue in this browser tab:"
 msgstr "Vous pouvez également saisir le code figurant dans l'e-mail pour continuer dans cet onglet du navigateur :"
 
+msgid "The code you entered was incorrect."
+msgstr "Le code saisi était incorrect."
+
 msgid "The request is invalid, and could not be completed."
 msgstr "La demande n'est pas valide et n'a pas pu être traitée."
 
diff --git a/lang/fr_CA.mo b/lang/fr_CA.mo
index 046f83a37464199c36a9851aca1c283669231573..6f7a374dc7b806cc01cef15630bf34abae804d9f 100644
GIT binary patch
delta 604
zcmYk(%PT}-7{~G7jBy#`Htx4L<x)}-xr{8xLP)vfQf#Ji)JQWmXC$O4vY4_lC4YcY
zij}gEou!4yQg)X90A=C(o}oPTyr1(toz8im_r0!5*QeggeWxO7$VT#&Y$lIAEJT4<
znnphk;S$ba1}pFbEAa~_up~$7z-2W318l-G?8jRi$4{)1QtI<bEi|UE7vorq=eUda
zzx6<_)J{Ev^SF)O_=qd`jbU8QlQ!@UH?b{0yRi(eQ@^1ZaIC-#osuFvEYjG+L3}~8
zfq-A?#8zCu8C=B+War8$%zmg2L)0NOeFsl4jTSZpq!Ap(S=`4_d_sr+D_A5Q;t`rt
zXAn2aSUDxpR?zK8eAA6;Rt8aNwp8)2W&<3U7+xi0Ir$gnI?R=stLC=E9P%@)8-bfo
z&!o3G5?`~eo%ohz$C7r!UbD8tjunkX;)#SENp{`z_^xuBY|DMk2}hl%^>CRCN0a~G
JdGkMee*k`eMT!6b

delta 531
zcmXZZKP&@b7{~En&sC}abrfl-g)}0OG!fdNHHpE1=)%&W#HBH~#?XjLOeQffip^xY
znAt3(laa8ou~;m=_v({8@8_N;cX^+C-;<G>;reULJ{K`aCdfxJNgjk)h%a2mZ_Hxe
zl2);X{rH3qzT*=9U>XZ8|9uxnsp~k4m$-<}I6zxTTguSL;1F(O4Ud}jFHTT9VQCF>
zID@CSf%jO#M62ZDAy)7cgMo?>X$!A#3?pq)94E2J{>t+(N8<v60U9`kAGnTAyR?Ze
zGO-?T9$%VuJSv@0Ph$%2uz+v4g5w?10($7-EgoaKQwp)aiC$LTHygyTkK_l`O$O0L
zauDKM6P&V`&jcrFu8$uyR}wUPf`woY6C9GcCT3=uO0~SVTdMBtmwm^|S-xjqhy84{
GVf_JI4KkPj

diff --git a/lang/fr_CA.po b/lang/fr_CA.po
index e00b3227..679dc289 100644
--- a/lang/fr_CA.po
+++ b/lang/fr_CA.po
@@ -29,6 +29,9 @@ msgstr "Utilisez le lien contenu dans ce courriel pour vous connecter à"
 msgid "Alternatively, enter the code from the email to continue in this browser tab:"
 msgstr "Vous pouvez également saisir le code figurant dans l'e-mail pour continuer dans cet onglet du navigateur :"
 
+msgid "The code you entered was incorrect."
+msgstr "Le code saisi était incorrect."
+
 msgid "The request is invalid, and could not be completed."
 msgstr "La demande n'est pas valide et n'a pas pu être traitée."
 
diff --git a/lang/nl.mo b/lang/nl.mo
index f6ca5b296136880b0d524e4f7f6a2a396abe8815..6c2a09e26e6953ca3f103aaab9a927bae3313bb1 100644
GIT binary patch
delta 604
zcmZ9}O-lk%6oBEQX=#?Fl^TRvLDZ%X!=hF#gy;*RproKM9YhERCQAxJl4#W`h}sMN
z0YNDG0YWX?1ktXg&?*R8^xn}n9XRvMxm>;XoT>Wn0)=<4?OF&w*+;&RA@b6~gK$_y
zR?vyFxQT0cg<bf8-S~|Q=x!1j!8oe*A_nmWr?7(aSi>HXf<$d1gDfoJB<dKz5}x2=
zqn@^l3{kJ*I_7a4pKu$0FoE%Aku*NwE)KNRFIGg2`WbsM;t=t0zAW=H!@>@Z;Vr7p
zs;D-;;RJr+91c6{)5>5!^%+L7gg$)5Q~X3V)og41e=l&0x`HwExJ33iUp9Ez$9q&$
zrx7zcc`_wwBR%Gd2){K$9YiD2Q7@&vAtMzACNwW@(o6n@`W&h;bt%4<a6fU<lo_sa
z&9Z0>CH0gRKGqMzS~jN{S}L4R9E3C3q;42mGB;X|*nIY2CY#odbj@I^x&PmunDgBF
E3zr^7n*aa+

delta 531
zcmXZZzb^xE7{~EX&lUCaT1P8s4F+Klq#>b$O8khy!Xhe>N*W=JfyPij+CM--Bvvu?
zAGpnAG%#8v7L$RckyyOH-}5BT_jTXrdcEiSTqE_Ati2`NTM+|fntUcR<XMD;_`)^(
z#yOmKq;;%fAHJZE@3@Lh9K(D|SU<oa_BEWrJ6yq6?5C`ZD`hEUF@<|r#rpsL7f0Cp
zQE3BnIEhzSz(*`%x|L_~0(bBOO+(9VQVFkd5StiBuU(qu{Tk+Cg2FbM6J4VD;XO{_
z1LpA)lQ<rerf~_))K2jnZ_wQLI>P@O#Vz)mxQGGn;t!Uw&?!ZDzYUL-x*3TQr0I|Y
zsE0JsO)?1aj18tN`mw<zZ6h4a9>5fP%|djAh#}d}M32%!xl%ehELQeUN`dd>oZ#4v
KM}tPJ?)(7|Los^*

diff --git a/lang/nl.po b/lang/nl.po
index 79498c07..519503d1 100644
--- a/lang/nl.po
+++ b/lang/nl.po
@@ -29,6 +29,9 @@ msgstr "Gebruik de link in die email om in te loggen op"
 msgid "Alternatively, enter the code from the email to continue in this browser tab:"
 msgstr "Als alternatief kunt u ook de code uit de email invoeren om in deze browser tab verder te gaan:"
 
+msgid "The code you entered was incorrect."
+msgstr "De ingevoerde code was incorrect."
+
 msgid "The request is invalid, and could not be completed."
 msgstr "De aanvraag is ongeldig, en kon niet worden verwerkt."
 
diff --git a/res/static/style.css b/res/static/style.css
index 4fc5cf0b..06b7127e 100644
--- a/res/static/style.css
+++ b/res/static/style.css
@@ -58,3 +58,6 @@ hr {
 aside p, aside .entry button, aside .entry input {
   font-size: 0.9em;
 }
+aside .error {
+  color: #f00;
+}
diff --git a/src/bridges/email.rs b/src/bridges/email.rs
index 932e7b67..56d3a998 100644
--- a/src/bridges/email.rs
+++ b/src/bridges/email.rs
@@ -1,9 +1,12 @@
 use crate::agents::mailer::SendMail;
 use crate::bridges::{complete_auth, AuthContext, BridgeData};
+use crate::config::Config;
 use crate::crypto::random_zbase32;
 use crate::error::BrokerError;
 use crate::metrics;
-use crate::web::{html_response, json_response, Context, HandlerResult};
+use crate::web::{html_response, json_response, Context, HandlerResult, Response};
+use gettext::Catalog;
+use http::StatusCode;
 use percent_encoding::{utf8_percent_encode, AsciiSet, CONTROLS};
 use serde::{Deserialize, Serialize};
 use serde_json::json;
@@ -39,13 +42,7 @@ pub async fn auth(mut ctx: AuthContext) -> HandlerResult {
         utf8_percent_encode(&code, QUERY_ESCAPE)
     );
 
-    let display_origin = ctx
-        .return_params
-        .as_ref()
-        .expect("email::request called without redirect_uri set")
-        .redirect_uri
-        .origin()
-        .unicode_serialization();
+    let display_origin = ctx.display_origin();
 
     let catalog = ctx.catalog();
     let subject = format!(
@@ -103,26 +100,13 @@ pub async fn auth(mut ctx: AuthContext) -> HandlerResult {
             "session": &ctx.session_id,
         })))
     } else {
-        let catalog = ctx.catalog();
-        Ok(html_response(ctx.app.templates.confirm_email.render(&[
-            ("display_origin", display_origin.as_str()),
-            ("session_id", &ctx.session_id),
-            ("title", catalog.gettext("Confirm your address")),
-            (
-                "explanation",
-                catalog.gettext("We've sent you an email to confirm your address."),
-            ),
-            (
-                "use",
-                catalog.gettext("Use the link in that email to login to"),
-            ),
-            (
-                "alternate",
-                catalog.gettext(
-                    "Alternatively, enter the code from the email to continue in this browser tab:",
-                ),
-            ),
-        ])))
+        Ok(render_form(
+            &ctx.app,
+            ctx.catalog(),
+            &ctx.session_id,
+            &display_origin,
+            None,
+        ))
     }
 }
 
@@ -143,7 +127,21 @@ pub async fn confirmation(ctx: &mut Context) -> HandlerResult {
 
     if code != bridge_data.code {
         metrics::AUTH_EMAIL_CODE_INCORRECT.inc();
-        return Err(BrokerError::ProviderInput("incorrect code".to_owned()));
+        let mut res = if ctx.want_json {
+            json_response(&json!({
+                "result": "incorrect_code",
+            }))
+        } else {
+            render_form(
+                &ctx.app,
+                ctx.catalog(),
+                &ctx.session_id,
+                &ctx.display_origin(),
+                Some("The code you entered was incorrect."),
+            )
+        };
+        *res.status_mut() = StatusCode::FORBIDDEN;
+        return Ok(res);
     }
 
     if !ctx.app.uncounted_emails.contains(&data.email_addr) {
@@ -152,3 +150,35 @@ pub async fn confirmation(ctx: &mut Context) -> HandlerResult {
 
     complete_auth(ctx, data).await
 }
+
+fn render_form(
+    app: &Config,
+    catalog: &Catalog,
+    session_id: &str,
+    display_origin: &str,
+    error: Option<&str>,
+) -> Response {
+    html_response(app.templates.confirm_email.render(&[
+        ("display_origin", display_origin),
+        ("session_id", session_id),
+        ("title", catalog.gettext("Confirm your address")),
+        (
+            "explanation",
+            catalog.gettext("We've sent you an email to confirm your address."),
+        ),
+        (
+            "use",
+            catalog.gettext("Use the link in that email to login to"),
+        ),
+        (
+            "alternate",
+            catalog.gettext(
+                "Alternatively, enter the code from the email to continue in this browser tab:",
+            ),
+        ),
+        (
+            "error",
+            error.map(|msg| catalog.gettext(msg)).unwrap_or_default(),
+        ),
+    ]))
+}
diff --git a/src/web.rs b/src/web.rs
index 7b149849..88c46c33 100644
--- a/src/web.rs
+++ b/src/web.rs
@@ -148,6 +148,16 @@ impl RequestData {
     pub fn form_params(&self) -> HashMap<String, String> {
         parse_form_encoded(&self.body)
     }
+
+    /// Unicode serialization of the origin for display.
+    pub fn display_origin(&self) -> String {
+        self.return_params
+            .as_ref()
+            .expect("display_origin called without redirect_uri set")
+            .redirect_uri
+            .origin()
+            .unicode_serialization()
+    }
 }
 
 impl Context {
diff --git a/tmpl/confirm_email.mustache b/tmpl/confirm_email.mustache
index 70482c13..df5cb1f8 100644
--- a/tmpl/confirm_email.mustache
+++ b/tmpl/confirm_email.mustache
@@ -29,6 +29,11 @@
             <input type="text" name="code" maxlength="20" autofocus autocomplete="off" autocorrect="off" autocapitalize="off"><button type="submit">Login</button>
           </div>
         </form>
+        {{# error }}
+          <p class="error">
+            {{ error }}
+          </p>
+        {{/ error }}
       </aside>
    </div>
 </body>