fix(auth): harden magic-link root_url and clean up stale array-response code

- Defensive fallback for root_url: $ae_loc.base_url || window.location.origin so the backend email builder always gets a valid URL (guide warns that a null root_url produces a broken magic link "None?user_id=...") - handle_lookup_user_email: drop stale array-response branch; use user_id (V3 primary field) instead of user_id_random (legacy alias, same value) - handle_change_password: same cleanup — user_id preferred over user_id_random, dead array-response else-if removed Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 12:40:59 -04:00
parent 4d08994e79
commit fdee7c16ca
1 changed files with 12 additions and 21 deletions
--- a/src/lib/app_components/e_app_sign_in_out.svelte
+++ b/src/lib/app_components/e_app_sign_in_out.svelte
@@ -233,12 +233,18 @@ function handle_send_auth_email({ user_id }: { user_id: string }) {
    console.log($ae_loc.hostname); // URL hostname

    // This function creates a new auth_key and then sends an email to the user with the new auth key.
+    // WHY: root_url is required by the backend email builder — if null/undefined it
+    // produces a broken link ("None?user_id=..."). Fall back to window.location.origin
+    // in case $ae_loc.base_url is not yet set when this fires.
+    const magic_link_root_url =
+        $ae_loc.base_url || (browser ? window.location.origin : '');
+
    ae_promises.send_email_auth_ae_obj__user_id =
        core_func.send_email_auth_ae_obj__user_id({
            api_cfg: $ae_api,
            account_id: $slct.account_id,
            user_id: user_id,
-            base_url: $ae_loc.base_url,
+            base_url: magic_link_root_url,
            log_lvl: 0
        });
 }
@@ -256,17 +262,9 @@ function handle_lookup_user_email({ email }: { email: string }) {
            log_lvl: 0
        })
        .then((user_response) => {
-            if (user_response?.user_id_random) {
+            if (user_response?.user_id) {
                console.log(`User found for email:`, user_response);
-                handle_send_auth_email({
-                    user_id: user_response.user_id_random
-                });
-                email_send_status = 'sent';
-            } else if (user_response && user_response.length > 0) {
-                console.log(`Multiple users found for email:`, user_response);
-                handle_send_auth_email({
-                    user_id: user_response[0].user_id_random
-                });
+                handle_send_auth_email({ user_id: user_response.user_id });
                email_send_status = 'sent';
            } else {
                console.warn('No user found for email:', email);
@@ -324,19 +322,12 @@ async function handle_change_password() {
                log_lvl: 0
            });

-        if (!ae_promises.load__user_obj_li) {
-            // This means a 404 was returned
+        if (!ae_promises.load__user_obj_li?.user_id) {
            alert('No user found with that email address.');
            return;
-        } else if (ae_promises.load__user_obj_li?.user_id_random) {
+        } else {
            console.log(`User found for email:`, ae_promises.load__user_obj_li);
-            use_user_id = ae_promises.load__user_obj_li.user_id_random;
-        } else if (ae_promises.load__user_obj_li.length > 0) {
-            console.log(
-                `Multiple users found for email:`,
-                ae_promises.load__user_obj_li
-            );
-            use_user_id = ae_promises.load__user_obj_li[0].user_id_random;
+            use_user_id = ae_promises.load__user_obj_li.user_id;
        }
    } else {
        wait_for_lookup = false;