Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): harden magic-link root_url and clean up stale array-response code

Browse Source 
- Defensive fallback for root_url: $ae_loc.base_url || window.location.origin
  so the backend email builder always gets a valid URL (guide warns that a null
  root_url produces a broken magic link "None?user_id=...")
- handle_lookup_user_email: drop stale array-response branch; use user_id (V3
  primary field) instead of user_id_random (legacy alias, same value)
- handle_change_password: same cleanup — user_id preferred over user_id_random,
  dead array-response else-if removed

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-04-25 12:40:59 -04:00
parent 4d08994e79
commit fdee7c16ca
1 changed files with 12 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/lib/app_components/e_app_sign_in_out.svelte
View File

@@ -233,12 +233,18 @@ function handle_send_auth_email({ user_id }: { user_id: string }) {
console.log($ae_loc.hostname); // URL hostname console.log($ae_loc.hostname); // URL hostname
// This function creates a new auth_key and then sends an email to the user with the new auth key. // This function creates a new auth_key and then sends an email to the user with the new auth key.
// WHY: root_url is required by the backend email builder — if null/undefined it
// produces a broken link ("None?user_id=..."). Fall back to window.location.origin
// in case $ae_loc.base_url is not yet set when this fires.
const magic_link_root_url =
$ae_loc.base_url || (browser ? window.location.origin : '');
ae_promises.send_email_auth_ae_obj__user_id = ae_promises.send_email_auth_ae_obj__user_id =
core_func.send_email_auth_ae_obj__user_id({ core_func.send_email_auth_ae_obj__user_id({
api_cfg: $ae_api, api_cfg: $ae_api,
account_id: $slct.account_id, account_id: $slct.account_id,
user_id: user_id, user_id: user_id,
base_url: $ae_loc.base_url, base_url: magic_link_root_url,
log_lvl: 0 log_lvl: 0
}); });
} }
@@ -256,17 +262,9 @@ function handle_lookup_user_email({ email }: { email: string }) {
log_lvl: 0 log_lvl: 0
}) })
.then((user_response) => { .then((user_response) => {
if (user_response?.user_id_random) { if (user_response?.user_id) {
console.log(`User found for email:`, user_response); console.log(`User found for email:`, user_response);
handle_send_auth_email({ handle_send_auth_email({ user_id: user_response.user_id });
user_id: user_response.user_id_random
});
email_send_status = 'sent';
} else if (user_response && user_response.length > 0) {
console.log(`Multiple users found for email:`, user_response);
handle_send_auth_email({
user_id: user_response[0].user_id_random
});
email_send_status = 'sent'; email_send_status = 'sent';
} else { } else {
console.warn('No user found for email:', email); console.warn('No user found for email:', email);
@@ -324,19 +322,12 @@ async function handle_change_password() {
log_lvl: 0 log_lvl: 0
}); });
if (!ae_promises.load__user_obj_li) { if (!ae_promises.load__user_obj_li?.user_id) {
// This means a 404 was returned
alert('No user found with that email address.'); alert('No user found with that email address.');
return; return;
} else if (ae_promises.load__user_obj_li?.user_id_random) { } else {
console.log(`User found for email:`, ae_promises.load__user_obj_li); console.log(`User found for email:`, ae_promises.load__user_obj_li);
use_user_id = ae_promises.load__user_obj_li.user_id_random; use_user_id = ae_promises.load__user_obj_li.user_id;
} else if (ae_promises.load__user_obj_li.length > 0) {
console.log(
`Multiple users found for email:`,
ae_promises.load__user_obj_li
);
use_user_id = ae_promises.load__user_obj_li[0].user_id_random;
} }
} else { } else {
wait_for_lookup = false; wait_for_lookup = false;