fix: resolved gitlab integration creation issue regarding groups

backend/src/db/migrations/20240528153905_add-user-account-mfa-locking.ts

@@ -1,43 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const hasConsecutiveFailedMfaAttempts = await knex.schema.hasColumn(TableName.Users, "consecutiveFailedMfaAttempts");
-  const hasIsLocked = await knex.schema.hasColumn(TableName.Users, "isLocked");
-  const hasTemporaryLockDateEnd = await knex.schema.hasColumn(TableName.Users, "temporaryLockDateEnd");
-
-  await knex.schema.alterTable(TableName.Users, (t) => {
-    if (!hasConsecutiveFailedMfaAttempts) {
-      t.integer("consecutiveFailedMfaAttempts").defaultTo(0);
-    }
-
-    if (!hasIsLocked) {
-      t.boolean("isLocked").defaultTo(false);
-    }
-
-    if (!hasTemporaryLockDateEnd) {
-      t.dateTime("temporaryLockDateEnd").nullable();
-    }
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasConsecutiveFailedMfaAttempts = await knex.schema.hasColumn(TableName.Users, "consecutiveFailedMfaAttempts");
-  const hasIsLocked = await knex.schema.hasColumn(TableName.Users, "isLocked");
-  const hasTemporaryLockDateEnd = await knex.schema.hasColumn(TableName.Users, "temporaryLockDateEnd");
-
-  await knex.schema.alterTable(TableName.Users, (t) => {
-    if (hasConsecutiveFailedMfaAttempts) {
-      t.dropColumn("consecutiveFailedMfaAttempts");
-    }
-
-    if (hasIsLocked) {
-      t.dropColumn("isLocked");
-    }
-
-    if (hasTemporaryLockDateEnd) {
-      t.dropColumn("temporaryLockDateEnd");
-    }
-  });
-}

backend/src/db/schemas/users.ts

@@ -22,10 +22,7 @@ export const UsersSchema = z.object({
   updatedAt: z.date(),
   isGhost: z.boolean().default(false),
   username: z.string(),
-  isEmailVerified: z.boolean().default(false).nullable().optional(),
-  consecutiveFailedMfaAttempts: z.number().optional(),
-  isLocked: z.boolean().optional(),
-  temporaryLockDateEnd: z.date().nullable().optional()
+  isEmailVerified: z.boolean().default(false).nullable().optional()
 });
 
 export type TUsers = z.infer<typeof UsersSchema>;

backend/src/server/config/rateLimiter.ts

@@ -52,14 +52,6 @@ export const inviteUserRateLimit: RateLimitOptions = {
   keyGenerator: (req) => req.realIp
 };
 
-export const mfaRateLimit: RateLimitOptions = {
-  timeWindow: 60 * 1000,
-  max: 20,
-  keyGenerator: (req) => {
-    return req.headers.authorization?.split(" ")[1] || req.realIp;
-  }
-};
-
 export const creationLimit: RateLimitOptions = {
   // identity, project, org
   timeWindow: 60 * 1000,

backend/src/server/routes/v1/integration-auth-router.ts

@@ -330,7 +330,7 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
           teams: z
             .object({
               name: z.string(),
-              id: z.string().optional()
+              id: z.string()
             })
             .array()
         })

backend/src/server/routes/v1/project-router.ts

@@ -8,7 +8,6 @@ import {
   UsersSchema
 } from "@app/db/schemas";
 import { PROJECTS } from "@app/lib/api-docs";
-import { BadRequestError } from "@app/lib/errors";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -193,19 +192,18 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       }
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async () => {
-      // const workspace = await server.services.project.deleteProject({
-      //   filter: {
-      //     type: ProjectFilterType.ID,
-      //     projectId: req.params.workspaceId
-      //   },
-      //   actorId: req.permission.id,
-      //   actorAuthMethod: req.permission.authMethod,
-      //   actor: req.permission.type,
-      //   actorOrgId: req.permission.orgId
-      // });
-      // return { workspace };
-      throw new BadRequestError({ message: "Project delete has been paused temporarily, please try again later" });
+    handler: async (req) => {
+      const workspace = await server.services.project.deleteProject({
+        filter: {
+          type: ProjectFilterType.ID,
+          projectId: req.params.workspaceId
+        },
+        actorId: req.permission.id,
+        actorAuthMethod: req.permission.authMethod,
+        actor: req.permission.type,
+        actorOrgId: req.permission.orgId
+      });
+      return { workspace };
     }
   });
 

backend/src/server/routes/v1/user-router.ts

@@ -1,15 +1,11 @@
 import { z } from "zod";
 
 import { UserEncryptionKeysSchema, UsersSchema } from "@app/db/schemas";
-import { getConfig } from "@app/lib/config/env";
-import { logger } from "@app/lib/logger";
-import { authRateLimit, readLimit } from "@app/server/config/rateLimiter";
+import { readLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
 export const registerUserRouter = async (server: FastifyZodProvider) => {
-  const appCfg = getConfig();
-
   server.route({
     method: "GET",
     url: "/",
@@ -29,29 +25,4 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
       return { user };
     }
   });
-
-  server.route({
-    method: "GET",
-    url: "/:userId/unlock",
-    config: {
-      rateLimit: authRateLimit
-    },
-    schema: {
-      querystring: z.object({
-        token: z.string().trim()
-      }),
-      params: z.object({
-        userId: z.string()
-      })
-    },
-    handler: async (req, res) => {
-      try {
-        await server.services.user.unlockUser(req.params.userId, req.query.token);
-      } catch (err) {
-        logger.error(`User unlock failed for ${req.params.userId}`);
-        logger.error(err);
-      }
-      return res.redirect(`${appCfg.SITE_URL}/login`);
-    }
-  });
 };

backend/src/server/routes/v2/mfa-router.ts

@@ -2,7 +2,7 @@ import jwt from "jsonwebtoken";
 import { z } from "zod";
 
 import { getConfig } from "@app/lib/config/env";
-import { mfaRateLimit } from "@app/server/config/rateLimiter";
+import { writeLimit } from "@app/server/config/rateLimiter";
 import { AuthModeMfaJwtTokenPayload, AuthTokenType } from "@app/services/auth/auth-type";
 
 export const registerMfaRouter = async (server: FastifyZodProvider) => {
@@ -34,7 +34,7 @@ export const registerMfaRouter = async (server: FastifyZodProvider) => {
     method: "POST",
     url: "/mfa/send",
     config: {
-      rateLimit: mfaRateLimit
+      rateLimit: writeLimit
     },
     schema: {
       response: {
@@ -53,7 +53,7 @@ export const registerMfaRouter = async (server: FastifyZodProvider) => {
     url: "/mfa/verify",
     method: "POST",
     config: {
-      rateLimit: mfaRateLimit
+      rateLimit: writeLimit
     },
     schema: {
       body: z.object({

backend/src/services/auth-token/auth-token-service.ts

@@ -13,9 +13,8 @@ import { TCreateTokenForUserDTO, TIssueAuthTokenDTO, TokenType, TValidateTokenFo
 
 type TAuthTokenServiceFactoryDep = {
   tokenDAL: TTokenDALFactory;
-  userDAL: Pick<TUserDALFactory, "findById" | "transaction">;
+  userDAL: Pick<TUserDALFactory, "findById">;
 };
-
 export type TAuthTokenServiceFactory = ReturnType<typeof tokenServiceFactory>;
 
 export const getTokenConfig = (tokenType: TokenType) => {
@@ -54,11 +53,6 @@ export const getTokenConfig = (tokenType: TokenType) => {
       const expiresAt = new Date(new Date().getTime() + 86400000);
       return { token, expiresAt };
     }
-    case TokenType.TOKEN_USER_UNLOCK: {
-      const token = crypto.randomBytes(16).toString("hex");
-      const expiresAt = new Date(new Date().getTime() + 259200000);
-      return { token, expiresAt };
-    }
     default: {
       const token = crypto.randomBytes(16).toString("hex");
       const expiresAt = new Date();

backend/src/services/auth-token/auth-token-types.ts

@@ -3,8 +3,7 @@ export enum TokenType {
   TOKEN_EMAIL_VERIFICATION = "emailVerification", // unverified -> verified
   TOKEN_EMAIL_MFA = "emailMfa",
   TOKEN_EMAIL_ORG_INVITATION = "organizationInvitation",
-  TOKEN_EMAIL_PASSWORD_RESET = "passwordReset",
-  TOKEN_USER_UNLOCK = "userUnlock"
+  TOKEN_EMAIL_PASSWORD_RESET = "passwordReset"
 }
 
 export type TCreateTokenForUserDTO = {

backend/src/services/auth/auth-fns.ts

@@ -44,27 +44,3 @@ export const validateSignUpAuthorization = (token: string, userId: string, valid
   if (decodedToken.authTokenType !== AuthTokenType.SIGNUP_TOKEN) throw new UnauthorizedError();
   if (decodedToken.userId !== userId) throw new UnauthorizedError();
 };
-
-export const enforceUserLockStatus = (isLocked: boolean, temporaryLockDateEnd?: Date | null) => {
-  if (isLocked) {
-    throw new UnauthorizedError({
-      name: "User Locked",
-      message:
-        "User is locked due to multiple failed login attempts. An email has been sent to you in order to unlock your account. You can also reset your password to unlock."
-    });
-  }
-
-  if (temporaryLockDateEnd) {
-    const timeDiff = new Date().getTime() - temporaryLockDateEnd.getTime();
-    if (timeDiff < 0) {
-      const secondsDiff = (-1 * timeDiff) / 1000;
-      const timeDisplay =
-        secondsDiff > 60 ? `${Math.ceil(secondsDiff / 60)} minutes` : `${Math.ceil(secondsDiff)} seconds`;
-
-      throw new UnauthorizedError({
-        name: "User Locked",
-        message: `User is temporary locked due to multiple failed login attempts. Try again after ${timeDisplay}. You can also reset your password now to proceed.`
-      });
-    }
-  }
-};

backend/src/services/auth/auth-login-service.ts

@@ -4,7 +4,7 @@ import { TUsers, UserDeviceSchema } from "@app/db/schemas";
 import { isAuthMethodSaml } from "@app/ee/services/permission/permission-fns";
 import { getConfig } from "@app/lib/config/env";
 import { generateSrpServerKey, srpCheckClientProof } from "@app/lib/crypto";
-import { BadRequestError, DatabaseError, UnauthorizedError } from "@app/lib/errors";
+import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
 import { getServerCfg } from "@app/services/super-admin/super-admin-service";
 
 import { TTokenDALFactory } from "../auth-token/auth-token-dal";
@@ -13,7 +13,7 @@ import { TokenType } from "../auth-token/auth-token-types";
 import { TOrgDALFactory } from "../org/org-dal";
 import { SmtpTemplates, TSmtpService } from "../smtp/smtp-service";
 import { TUserDALFactory } from "../user/user-dal";
-import { enforceUserLockStatus, validateProviderAuthToken } from "./auth-fns";
+import { validateProviderAuthToken } from "./auth-fns";
 import {
   TLoginClientProofDTO,
   TLoginGenServerPublicKeyDTO,
@@ -212,9 +212,6 @@ export const authLoginServiceFactory = ({
     });
     // send multi factor auth token if they it enabled
     if (userEnc.isMfaEnabled && userEnc.email) {
-      const user = await userDAL.findById(userEnc.userId);
-      enforceUserLockStatus(Boolean(user.isLocked), user.temporaryLockDateEnd);
-
       const mfaToken = jwt.sign(
         {
           authMethod,
@@ -303,111 +300,28 @@ export const authLoginServiceFactory = ({
   const resendMfaToken = async (userId: string) => {
     const user = await userDAL.findById(userId);
     if (!user || !user.email) return;
-    enforceUserLockStatus(Boolean(user.isLocked), user.temporaryLockDateEnd);
     await sendUserMfaCode({
       userId: user.id,
       email: user.email
     });
   };
 
-  const processFailedMfaAttempt = async (userId: string) => {
-    try {
-      const updatedUser = await userDAL.transaction(async (tx) => {
-        const PROGRESSIVE_DELAY_INTERVAL = 3;
-        const user = await userDAL.updateById(userId, { $incr: { consecutiveFailedMfaAttempts: 1 } }, tx);
-
-        if (!user) {
-          throw new Error("User not found");
-        }
-
-        const progressiveDelaysInMins = [5, 30, 60];
-
-        // lock user when failed attempt exceeds threshold
-        if (
-          user.consecutiveFailedMfaAttempts &&
-          user.consecutiveFailedMfaAttempts >= PROGRESSIVE_DELAY_INTERVAL * (progressiveDelaysInMins.length + 1)
-        ) {
-          return userDAL.updateById(
-            userId,
-            {
-              isLocked: true,
-              temporaryLockDateEnd: null
-            },
-            tx
-          );
-        }
-
-        // delay user only when failed MFA attempts is a multiple of configured delay interval
-        if (user.consecutiveFailedMfaAttempts && user.consecutiveFailedMfaAttempts % PROGRESSIVE_DELAY_INTERVAL === 0) {
-          const delayIndex = user.consecutiveFailedMfaAttempts / PROGRESSIVE_DELAY_INTERVAL - 1;
-          return userDAL.updateById(
-            userId,
-            {
-              temporaryLockDateEnd: new Date(new Date().getTime() + progressiveDelaysInMins[delayIndex] * 60 * 1000)
-            },
-            tx
-          );
-        }
-
-        return user;
-      });
-
-      return updatedUser;
-    } catch (error) {
-      throw new DatabaseError({ error, name: "Process failed MFA Attempt" });
-    }
-  };
-
   /*
    * Multi factor authentication verification of code
    * Third step of login in which user completes with mfa
    * */
   const verifyMfaToken = async ({ userId, mfaToken, mfaJwtToken, ip, userAgent, orgId }: TVerifyMfaTokenDTO) => {
-    const appCfg = getConfig();
-    const user = await userDAL.findById(userId);
-    enforceUserLockStatus(Boolean(user.isLocked), user.temporaryLockDateEnd);
-
-    try {
-      await tokenService.validateTokenForUser({
-        type: TokenType.TOKEN_EMAIL_MFA,
-        userId,
-        code: mfaToken
-      });
-    } catch (err) {
-      const updatedUser = await processFailedMfaAttempt(userId);
-      if (updatedUser.isLocked) {
-        if (updatedUser.email) {
-          const unlockToken = await tokenService.createTokenForUser({
-            type: TokenType.TOKEN_USER_UNLOCK,
-            userId: updatedUser.id
-          });
-
-          await smtpService.sendMail({
-            template: SmtpTemplates.UnlockAccount,
-            subjectLine: "Unlock your Infisical account",
-            recipients: [updatedUser.email],
-            substitutions: {
-              token: unlockToken,
-              callback_url: `${appCfg.SITE_URL}/api/v1/user/${updatedUser.id}/unlock`
-            }
-          });
-        }
-      }
-
-      throw err;
-    }
+    await tokenService.validateTokenForUser({
+      type: TokenType.TOKEN_EMAIL_MFA,
+      userId,
+      code: mfaToken
+    });
 
     const decodedToken = jwt.verify(mfaJwtToken, getConfig().AUTH_SECRET) as AuthModeMfaJwtTokenPayload;
 
     const userEnc = await userDAL.findUserEncKeyByUserId(userId);
     if (!userEnc) throw new Error("Failed to authenticate user");
 
-    // reset lock states
-    await userDAL.updateById(userId, {
-      consecutiveFailedMfaAttempts: 0,
-      temporaryLockDateEnd: null
-    });
-
     const token = await generateUserTokens({
       user: {
         ...userEnc,

backend/src/services/auth/auth-password-service.ts

@@ -174,12 +174,6 @@ export const authPaswordServiceFactory = ({
       salt,
       verifier
     });
-
-    await userDAL.updateById(userId, {
-      isLocked: false,
-      temporaryLockDateEnd: null,
-      consecutiveFailedMfaAttempts: 0
-    });
   };
 
   /*

backend/src/services/integration-auth/integration-team.ts

@@ -5,7 +5,7 @@ import { Integrations, IntegrationUrls } from "./integration-list";
 
 type Team = {
   name: string;
-  teamId: string;
+  id: string;
 };
 const getTeamsGitLab = async ({ url, accessToken }: { url: string; accessToken: string }) => {
   const gitLabApiUrl = url ? `${url}/api` : IntegrationUrls.GITLAB_API_URL;
@@ -22,7 +22,7 @@ const getTeamsGitLab = async ({ url, accessToken }: { url: string; accessToken:
 
   teams = res.map((t) => ({
     name: t.name,
-    teamId: t.id
+    id: t.id.toString()
   }));
 
   return teams;

backend/src/services/integration/integration-service.ts

@@ -1,4 +1,4 @@
-import { ForbiddenError, subject } from "@casl/ability";
+import { ForbiddenError } from "@casl/ability";
 
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
@@ -66,11 +66,6 @@ export const integrationServiceFactory = ({
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);
 
-    ForbiddenError.from(permission).throwUnlessCan(
-      ProjectPermissionActions.Read,
-      subject(ProjectPermissionSub.Secrets, { environment: sourceEnvironment, secretPath })
-    );
-
     const folder = await folderDAL.findBySecretPath(integrationAuth.projectId, sourceEnvironment, secretPath);
     if (!folder) throw new BadRequestError({ message: "Folder path not found" });
 
@@ -128,11 +123,6 @@ export const integrationServiceFactory = ({
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Integrations);
 
-    ForbiddenError.from(permission).throwUnlessCan(
-      ProjectPermissionActions.Read,
-      subject(ProjectPermissionSub.Secrets, { environment, secretPath })
-    );
-
     const folder = await folderDAL.findBySecretPath(integration.projectId, environment, secretPath);
     if (!folder) throw new BadRequestError({ message: "Folder path not found" });
 

backend/src/services/smtp/smtp-service.ts

@@ -21,7 +21,6 @@ export enum SmtpTemplates {
   EmailVerification = "emailVerification.handlebars",
   SecretReminder = "secretReminder.handlebars",
   EmailMfa = "emailMfa.handlebars",
-  UnlockAccount = "unlockAccount.handlebars",
   AccessApprovalRequest = "accessApprovalRequest.handlebars",
   HistoricalSecretList = "historicalSecretLeakIncident.handlebars",
   NewDeviceJoin = "newDevice.handlebars",

backend/src/services/smtp/templates/unlockAccount.handlebars

@@ -1,16 +0,0 @@
-<html>
-
-  <head>
-    <meta charset="utf-8" />
-    <meta http-equiv="x-ua-compatible" content="ie=edge" />
-    <title>Your Infisical account has been locked</title>
-  </head>
-
-  <body>
-    <h2>Unlock your Infisical account</h2>
-    <p>Your account has been temporarily locked due to multiple failed login attempts. </h2>
-    <a href="{{callback_url}}?token={{token}}">Unlock your account now</a>
-    <p>If these attempts were not made by you, reset your password immediately.</p>
-  </body>
-
-</html>

backend/src/services/user/user-service.ts

@@ -207,19 +207,6 @@ export const userServiceFactory = ({
     return userAction;
   };
 
-  const unlockUser = async (userId: string, token: string) => {
-    await tokenService.validateTokenForUser({
-      userId,
-      code: token,
-      type: TokenType.TOKEN_USER_UNLOCK
-    });
-
-    await userDAL.update(
-      { id: userId },
-      { consecutiveFailedMfaAttempts: 0, isLocked: false, temporaryLockDateEnd: null }
-    );
-  };
-
   return {
     sendEmailVerificationCode,
     verifyEmailVerificationCode,
@@ -229,7 +216,6 @@ export const userServiceFactory = ({
     deleteMe,
     getMe,
     createUserAction,
-    getUserAction,
-    unlockUser
+    getUserAction
   };
 };

frontend/src/hooks/api/integrationAuth/types.ts

@@ -30,7 +30,7 @@ export type HerokuPipelineCoupling = {
 
 export type Team = {
   name: string;
-  teamId: string;
+  id: string;
 };
 
 export type Environment = {

frontend/src/pages/integrations/aws-secret-manager/create.tsx

@@ -169,12 +169,12 @@ export default function AWSSecretManagerCreateIntegrationPage() {
           mappingBehavior: selectedMappingBehavior
         }
       });
+
       setIsLoading(false);
       setTargetSecretNameErrorText("");
 
       router.push(`/integrations/${localStorage.getItem("projectData.id")}`);
     } catch (err) {
-      setIsLoading(false);
       console.error(err);
     }
   };

frontend/src/pages/integrations/gitlab/create.tsx

@@ -121,7 +121,7 @@ export default function GitLabCreateIntegrationPage() {
       if (integrationAuthTeams) {
         if (integrationAuthTeams.length > 0) {
           // case: user is part of at least 1 group in GitLab
-          setValue("targetTeamId", String(integrationAuthTeams[0].teamId));
+          setValue("targetTeamId", String(integrationAuthTeams[0].id));
         } else {
           // case: user is not part of any groups in GitLab
           setValue("targetTeamId", "none");
@@ -312,8 +312,8 @@ export default function GitLabCreateIntegrationPage() {
                         {integrationAuthTeams.length > 0 ? (
                           integrationAuthTeams.map((integrationAuthTeam) => (
                             <SelectItem
-                              value={String(integrationAuthTeam.teamId as string)}
-                              key={`target-team-${String(integrationAuthTeam.teamId)}`}
+                              value={String(integrationAuthTeam.id as string)}
+                              key={`target-team-${String(integrationAuthTeam.id)}`}
                             >
                               {integrationAuthTeam.name}
                             </SelectItem>

frontend/src/views/Login/components/InitialStep/InitialStep.tsx

@@ -105,18 +105,8 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
           });
         }
       }
-    } catch (err: any) {
+    } catch (err) {
       console.error(err);
-      if (err.response.data.error === "User Locked") {
-        createNotification({
-          title: err.response.data.error,
-          text: err.response.data.message,
-          type: "error"
-        });
-        setIsLoading(false);
-        return;
-      }
-
       setLoginError(true);
       createNotification({
         text: "Login unsuccessful. Double-check your credentials and try again.",

frontend/src/views/Login/components/MFAStep/MFAStep.tsx

@@ -46,7 +46,20 @@ type Props = {
   callbackPort?: string | null;
 };
 
+interface VerifyMfaTokenError {
+  response: {
+    data: {
+      context: {
+        code: string;
+        triesLeft: number;
+      };
+    };
+    status: number;
+  };
+}
+
 export const MFAStep = ({ email, password, providerAuthToken }: Props) => {
+  
   const router = useRouter();
   const [isLoading, setIsLoading] = useState(false);
   const [isLoadingResend, setIsLoadingResend] = useState(false);
@@ -165,31 +178,20 @@ export const MFAStep = ({ email, password, providerAuthToken }: Props) => {
           });
         }
       }
-    } catch (err: any) {
-      if (err.response.data.error === "User Locked") {
-        createNotification({
-          title: err.response.data.error,
-          text: err.response.data.message,
-          type: "error"
-        });
-        setIsLoading(false);
-        return;
-      }
-
+    } catch (err) {
+      const error = err as VerifyMfaTokenError;
       createNotification({
         text: "Failed to log in",
         type: "error"
       });
 
-      if (triesLeft) {
-        setTriesLeft((left) => {
-          if (triesLeft === 1) {
-            router.push("/");
-          }
-          return (left as number) - 1;
-        });
-      } else {
-        setTriesLeft(2);
+      if (error?.response?.status === 500) {
+        window.location.reload();
+      } else if (error?.response?.data?.context?.triesLeft) {
+        setTriesLeft(error?.response?.data?.context?.triesLeft);
+        if (error.response.data.context.triesLeft === 0) {
+          window.location.reload();
+        }
       }
 
       setIsLoading(false);