fix(auth): complete CLI login for already-authed users + login CTA on account_exists claim#220
Merged
Merged
Conversation
…A on account_exists claim Two funnel-blocking UI gaps found in a live cross-interface journey test: BUG 1 — `instant login` (CLI device-flow) could not complete for an already-signed-in user. The CLI opens /login?cli_session=<id> and polls, but an already-authed user lands directly on LoginPage with a live token and never takes the OAuth/magic-link callback path that fires completeCliSession — so the device flow never completed and the CLI polled forever. LoginPage now fires the SAME completion path (completeCliSession, reused from LoginCallbackPage — no duplicated fetch) on mount when both getToken() and a cli_session param are present, then shows a "return to your terminal" confirmation instead of the sign-in form. A completion failure surfaces a non-blocking note (still signed in, re-run `instant login`). BUG 2 — the account_exists (409) claim error told the user to "log in first" with no control to do so. ClaimPage now renders a "Log in to claim" CTA on that specific error (keyed on error code, not status, since already_claimed is also 409) routing to /login?next=<claim path with token> so the claim resumes after sign-in. The claim is still correctly refused for an existing account — this only adds the recovery control. Tests: LoginPage already-authed + cli_session completion (fired / no-op when unauthed / no-op without param / non-blocking failure); ClaimPage account_exists CTA (renders + carries token, not on already_claimed/plain errors). Playwright D2-authed + account_exists CTA specs in funnel-recovery.spec.ts. Patch coverage 100% (diff-cover). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
size-limit report 📦
|
…re 100% patch coverage The mount effect double-invoked under React StrictMode, firing completeCliSession twice (Playwright caught it: count=2 locally, racy 0 in CI). Guard with a fire-once ref and drop the per-pass `cancelled` flag — under StrictMode the first pass's cleanup fired before the async resolved, so the cancelled-gate (with the ref blocking the second pass) dropped the result and never rendered the confirmation. A setState after unmount is a no-op in React 19, so firing once and always committing is correct. Also split the pre-existing PAT-error ternary into single-line statements so v8 emits per-line DA markers (its multi-line-ternary continuation lines carry no marker), restoring diff-cover to 100% patch coverage after the insertion shifted those lines into the diff window. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes two funnel-blocking UI gaps found in a live cross-interface journey test. One PR, both bugs.
BUG 1 (HIGH) —
instant logincannot complete for an already-signed-in userWhen a developer who is already authenticated runs
instant login, the CLI opens/login?cli_session=<id>and polls. An already-authed user lands directly onLoginPagewith a live token and never takes the OAuth/magic-link return path (LoginCallbackPage) that firescompleteCliSession— soPOST /auth/cli/<id>/completenever fires and the CLI polls forever.Fix (
src/pages/LoginPage.tsx): a mount effect that, when bothgetToken()returns a token and acli_sessionparam is present, fires the samecompleteCliSession(cliSessionId)path used byLoginCallbackPage(reused, not duplicated), then renders a "✓ Your CLI session is approved — return to your terminal" confirmation instead of the sign-in form. A completion failure surfaces a non-blocking note (still signed in; re-runinstant login) — never hard-blocks. The fresh-OAuth/magic-link cli-completion inLoginCallbackPage(web #216 / D2) is untouched and still verified by its existing tests.BUG 2 (MED) —
account_exists(409) claim error had no way to log inOn the claim page, claiming with an email that already has an account returns 409
account_existsand the UI said "log in first" but rendered no login control.Fix (
src/pages/ClaimPage.tsx): theaccount_existserror branch now renders a "Log in to claim" CTA routing to/login?next=<claim path with token>so the claim resumes after login. Detection keys on the error code (not status) becausealready_claimedis also 409 (api/internal/handlers/onboarding.go) and is NOT login-recoverable. The claim is still correctly refused for an existing account — this only adds the recovery control.Tests
LoginPage.test.tsx— already-authed + cli_session fires completion + shows confirmation; no-op when unauthed; no-op without param; non-blocking failure note.ClaimPage.test.tsx— account_exists renders the CTA carrying the token throughnext=; NOT rendered onalready_claimed(also 409) or plain errors.e2e/funnel-recovery.spec.ts— Playwright D2-authed completion + failure note + account_exists CTA (mockedVITE_NO_PROXY=1mode).npm run gategreen (tsc + build incl. prerender + 1267 vitest).diff-coverpatch coverage 100% (18 lines, 0 missing).Verification: CLI-login fix verified in code + tests; live-authed verification pending (needs a real session). The claim-page CTA renders in the served bundle and is verifiable post-deploy.
🤖 Generated with Claude Code