Fixes around account switching / authentication (#1575)

* Fix missing page reload after account switch on logout * Fix missing key * Explain why we set multi_auth cookies on login/signup * Fix 500 if multi_auth cookie missing
2024-11-11 16:16:32 +01:00 · 2024-11-11 16:16:32 +01:00 · 406ae81693
commit 406ae81693
parent 4675a2c29d
4 changed files with 9 additions and 3 deletions
--- a/components/login.js
+++ b/components/login.js
@ -79,6 +79,7 @@ export default function Login ({ providers, callbackUrl, multiAuth, error, text,
          case 'Email':
            return (
              <OverlayTrigger
                key={provider.id}
                placement='bottom'
                overlay={multiAuth ? <Tooltip>not available for account switching yet</Tooltip> : <></>}
                trigger={['hover', 'focus']}
--- a/components/nav/common.js
+++ b/components/nav/common.js
@ -265,6 +265,7 @@ function LogoutObstacle ({ onClose }) {
  const { registration: swRegistration, togglePushSubscription } = useServiceWorker()
  const { removeLocalWallets } = useWallets()
  const { multiAuthSignout } = useAccounts()
  const router = useRouter()
  return (
    <div className='d-flex m-auto flex-column w-fit-content'>
@ -283,6 +284,8 @@ function LogoutObstacle ({ onClose }) {
            // only signout if multiAuth did not find a next available account
            if (switchSuccess) {
              onClose()
              // reload whatever page we're on to avoid any bugs
              router.reload()
              return
            }
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@ -97,6 +97,8 @@ function getCallbacks (req, res) {
        const secret = process.env.NEXTAUTH_SECRET
        const jwt = await encodeJWT({ token, secret })
        const me = await prisma.user.findUnique({ where: { id: token.id } })
        // we set multi_auth cookies on login/signup with only one user so the rest of the code doesn't
        // have to consider the case where they aren't set yet because account switching wasn't used yet
        setMultiAuthCookies(req, res, { ...me, jwt })
      }
--- a/pages/api/signout.js
+++ b/pages/api/signout.js
@ -36,9 +36,9 @@ export default (req, res) => {
  cookies.push(cookie.serialize(`multi_auth.${userId}`, '', { ...cookieOptions, expires: 0, maxAge: 0 }))
  // update multi_auth cookie and check if there are more accounts available
-  const oldMultiAuth = b64Decode(req.cookies.multi_auth)
+  const oldMultiAuth = req.cookies.multi_auth ? b64Decode(req.cookies.multi_auth) : undefined
-  const newMultiAuth = oldMultiAuth.filter(({ id }) => id !== Number(userId))
+  const newMultiAuth = oldMultiAuth?.filter(({ id }) => id !== Number(userId))
-  if (newMultiAuth.length === 0) {
+  if (!oldMultiAuth || newMultiAuth?.length === 0) {
    // no next account available. cleanup: remove multi_auth + pointer cookie
    cookies.push(cookie.serialize('multi_auth', '', { ...cookieOptions, httpOnly: false, expires: 0, maxAge: 0 }))
    cookies.push(cookie.serialize('multi_auth.user-id', '', { ...cookieOptions, httpOnly: false, expires: 0, maxAge: 0 }))