Pre registration hook still creates a user despite throwing PreUserRegistrationError

s4rb.maciej.kulinski · March 24, 2021, 8:07am

Hello,

I have this code in my pre registration hook:

if (
	/dev/.test(context.webtask.headers.host) &&
	!/example\.com$/.test(user.email)
) {
	cb(
	  new PreUserRegistrationError(
	    'Denied user registration in Pre User Registration Hook',
	    'You are not allowed to access this environment.',
	  ),
	  { user: null },
	);
} else {
	const response = {};
	response.user = user;
	cb(null, response);
}

It’s designed to prevent users with email addresses that don’t end on example.com from signing up on to tenants with dev in the name.

When I try to sign up with user foo@bar.com on my dev tenant I do get the “You are not allowed to access this environment.” message and my app handles kicking the user back to the public space but at the back user is still being created in the database.

I would expect that throwing the PreUserRegistrationError like I do here would stop user from ever getting to the database. Can you please advise?

Thanks,
Maciej

ricardo.batista · March 24, 2021, 11:23am

Hi @s4rb.maciej.kulinski

I’ve tried a Pre User Registration hook with just:

cb(new PreUserRegistrationError('Denied user registration in Pre User Registration Hook', 'You are not allowed to register.'));

And after trying to signup, I get the InternalExtensibilityError and the user is not created. Can you try removing the { user: null }, from your cb(new PreUserRegistrationError…) ?

Could also be an idea to return with all the cb() calls, to ensure that another callback down the line is not sending the user. Something like:

if (...) {
    (...)
    return cb(new PreUserRegistrationError...)
} else {
    (...)
    return cb(null, response)
}

As a last resorts, you can put some console.log() throughout your code and check with the Realtime Logs Extension what is happening: Real-time Webtask Logs

konrad.sopala · March 24, 2021, 11:15am

Thanks for helping on this one Ricardo!

s4rb.maciej.kulinski · March 24, 2021, 2:00pm

Mystery solved!

My check for “dev” tenant was the culprit!

Interestingly, when testing the hook I could see context.webtask.headers.host populated with something along the lines of [my auth0 tenant].webtask.io so I decided to use that as my tenant. This does not seem to be the case when hook is actually used. No idea what that value ends up being but it no longer had my “dev” tenant name. That in turn meant that my IF statement was no longer satisfied. I was actually seeing “You are not allowed to access this environment.” from the rule with similar check not from this hook!

Long story short, lesson here is to use context.webtask.body.user.tenant for tenant name.

My final hook looks like this, if anyone is interested. It works now!

const { get } = require('lodash');

const response = {};
response.user = user;

const tenant =
  get(context.webtask, 'body.user.tenant') ||
  get(context.webtask, 'body.connection.tenant');
const exampleOnlyEmail = /^.+(?:@|\.)example\.com$/g;

if (/dev/.test(tenant) && !exampleOnlyEmail.test(user.email)) {
  return cb(
    new PreUserRegistrationError(
      'Denied non-example user registration',
      'You are not allowed to access this environment.',
    ),
  );
}

cb(null, response);

Thank you all for your time and help!

konrad.sopala · March 24, 2021, 5:02pm

Thanks for sharing it with the rest of community!

konrad.sopala · March 25, 2021, 10:20am