feat(ui): Support signUpIfMissing with Clerk <SignIn> component#7928
feat(ui): Support signUpIfMissing with Clerk <SignIn> component#7928
Conversation
The `<SignIn>` component can already be used in a sign-in-or-sign-up flow (`CombinedFlow`) under certain conditions. When strict enumeration protection is enabled, make that combined flow pass the `signUpIfMissing` parameter to the backend to allow an enumeration-safe combined flow. Previously, attempting to use a combined flow with strict enumeration protection enabled was silently broken. Under the hood, the backend treats sign up if missing as an account transfer. We therefore add support for this account transfer logic when handling first factor verification in the combined sign in flow when strict enumeration protection is enabled.
🦋 Changeset detectedLatest commit: 40d8ceb The changes in this PR will be included in the next version bump. This PR includes changesets to release 20 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review infoConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Pro Disabled knowledge base sources:
📒 Files selected for processing (2)
📝 WalkthroughWalkthroughAdds support for a transferable email-link verification status and related transfer flow: treats Possibly related PRs
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/clerk-js/src/core/resources/SignIn.ts`:
- Around line 311-312: SignInFuture.waitForEmailLinkVerification currently
treats only 'verified' and 'expired' as terminal statuses, which causes
transferable flows started by createEmailLinkFlow to poll indefinitely; update
the status check inside SignInFuture.waitForEmailLinkVerification to include
'transferable' alongside 'verified' and 'expired' so the polling loop calls
stop()/resolves when status === 'transferable', ensuring transferable email-link
flows terminate properly.
ℹ️ Review info
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (15)
.changeset/fancy-candies-slide.mdpackages/clerk-js/src/core/clerk.tspackages/clerk-js/src/core/resources/SignIn.tspackages/clerk-js/src/core/resources/UserSettings.tspackages/shared/src/errors/emailLinkError.tspackages/shared/src/types/userSettings.tspackages/ui/src/components/SignIn/SignInFactorOneCodeForm.tsxpackages/ui/src/components/SignIn/SignInFactorOneEmailLinkCard.tsxpackages/ui/src/components/SignIn/SignInStart.tsxpackages/ui/src/components/SignIn/__tests__/SignInFactorOneTransfer.test.tsxpackages/ui/src/components/SignIn/__tests__/SignInStart.test.tsxpackages/ui/src/components/SignIn/__tests__/handleSignUpIfMissingTransfer.test.tspackages/ui/src/components/SignIn/handleSignUpIfMissingTransfer.tspackages/ui/src/test/fixture-helpers.tspackages/ui/src/test/fixtures.ts
This is connected to custom flows and was missed in the previous PRs supporting custom flows. Let's add it now while we are here.
| const res = await this.#resource.__internal_baseGet(); | ||
| const status = res.firstFactorVerification.status; | ||
| if (status === 'verified' || status === 'expired') { | ||
| if (status === 'verified' || status === 'expired' || status === 'transferable') { |
There was a problem hiding this comment.
This change is not necessary for Clerk builtin components but was missed in #7749. As suggested by CodeRabbit, let's just fix it now.
@clerk/agent-toolkit
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/hono
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/react
@clerk/react-router
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/ui
@clerk/upgrade
@clerk/vue
commit: |
|
Depends on re-revert of #7962 with Enterprise SSO captcha transfer fix. |
1 participant
Description
The
<SignIn>component can already be used in a sign-in-or-sign-up flow (CombinedFlow) under certain conditions. When strict enumeration protection is enabled, make that combined flow pass thesignUpIfMissingparameter to the backend to allow an enumeration-safe combined flow. Previously, attempting to use a combined flow with strict enumeration protection enabled was silently broken.Under the hood, the backend treats sign up if missing as an account transfer. We therefore add support for this account transfer logic when handling first factor verification in the combined sign in flow when strict enumeration protection is enabled.
Fixes USER-4769.
We should merge this in coordination with documentation and a Changelog release, since it will change existing behavior (although with a fix for something that is currently broken)
Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change
Summary by CodeRabbit
New Features
Tests