Fixes around account switching / authentication (#1575)

* Fix missing page reload after account switch on logout

* Fix missing key

* Explain why we set multi_auth cookies on login/signup

* Fix 500 if multi_auth cookie missing
This commit is contained in:
ekzyis 2024-11-11 16:16:32 +01:00 committed by GitHub
parent 4675a2c29d
commit 406ae81693
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 9 additions and 3 deletions

View File

@ -79,6 +79,7 @@ export default function Login ({ providers, callbackUrl, multiAuth, error, text,
case 'Email':
return (
<OverlayTrigger
key={provider.id}
placement='bottom'
overlay={multiAuth ? <Tooltip>not available for account switching yet</Tooltip> : <></>}
trigger={['hover', 'focus']}

View File

@ -265,6 +265,7 @@ function LogoutObstacle ({ onClose }) {
const { registration: swRegistration, togglePushSubscription } = useServiceWorker()
const { removeLocalWallets } = useWallets()
const { multiAuthSignout } = useAccounts()
const router = useRouter()
return (
<div className='d-flex m-auto flex-column w-fit-content'>
@ -283,6 +284,8 @@ function LogoutObstacle ({ onClose }) {
// only signout if multiAuth did not find a next available account
if (switchSuccess) {
onClose()
// reload whatever page we're on to avoid any bugs
router.reload()
return
}

View File

@ -97,6 +97,8 @@ function getCallbacks (req, res) {
const secret = process.env.NEXTAUTH_SECRET
const jwt = await encodeJWT({ token, secret })
const me = await prisma.user.findUnique({ where: { id: token.id } })
// we set multi_auth cookies on login/signup with only one user so the rest of the code doesn't
// have to consider the case where they aren't set yet because account switching wasn't used yet
setMultiAuthCookies(req, res, { ...me, jwt })
}

View File

@ -36,9 +36,9 @@ export default (req, res) => {
cookies.push(cookie.serialize(`multi_auth.${userId}`, '', { ...cookieOptions, expires: 0, maxAge: 0 }))
// update multi_auth cookie and check if there are more accounts available
const oldMultiAuth = b64Decode(req.cookies.multi_auth)
const newMultiAuth = oldMultiAuth.filter(({ id }) => id !== Number(userId))
if (newMultiAuth.length === 0) {
const oldMultiAuth = req.cookies.multi_auth ? b64Decode(req.cookies.multi_auth) : undefined
const newMultiAuth = oldMultiAuth?.filter(({ id }) => id !== Number(userId))
if (!oldMultiAuth || newMultiAuth?.length === 0) {
// no next account available. cleanup: remove multi_auth + pointer cookie
cookies.push(cookie.serialize('multi_auth', '', { ...cookieOptions, httpOnly: false, expires: 0, maxAge: 0 }))
cookies.push(cookie.serialize('multi_auth.user-id', '', { ...cookieOptions, httpOnly: false, expires: 0, maxAge: 0 }))