Project

General

Profile

Actions
Copy link

dev #2188

open

Authentication Flow Improvements

Added by Ayat Rahman about 1 year ago. Updated about 1 year ago.

Status:
Complete
Priority:
High
Assignee:
Ayat Rahman
Target version:
-
Start date:
04/06/2025
Due date:
04/06/2025 (about 12 months late)
% Done:

100%

Estimated time:
Spent time:
6:00 h

Description

Description:

This issue addresses several critical problems in our authentication flow that affect user experience and security:

  1. Modal Opening Issue: The sign-in/sign-up modal fails to open when clicking the authentication links for the second time
  2. Routing Implementation: Removed intercepting routes in favor of direct authentication pages for more reliable behavior
  3. Post-Login Redirection: Implement proper redirection to originally requested private pages after successful sign-in
  4. Security Fix: Resolved issue where logged-out users could briefly access private pages before page refresh

Steps to Reproduce (Original Issues):

  1. Modal Issue:

    • Click sign-in button (modal opens)
    • Close modal without signing in
    • Click sign-in button again → modal fails to open

  2. Security Issue:

    • Log in and access a private page (e.g., /submit-ai)
    • Click logout
    • Without refreshing, try to access /submit-ai again → page remains accessible

Changes Implemented:

  1. Modal Fix:

    • Removed intercepting route pattern
    • Implemented direct route navigation to /auth/signin and /auth/signup
    • Added proper history management to ensure modals/pages open consistently

  2. Redirection Flow:

    • Store originally requested URL before auth redirect
    • Restore destination after successful authentication
    • Implemented in both middleware and client-side logic

  3. Security Fix:

    • Enhanced middleware to aggressively validate authentication state
    • Added immediate client-side state clearing on logout
    • Implemented BroadcastChannel for cross-tab auth state synchronization
    • Added periodic auth validation checks (every 5 minutes)

  4. New Components:

    • Created AuthStateListener for real-time auth state management
    • Added proper cache control headers for protected routes

Testing Instructions:

  1. Modal Test:

    • Click sign-in button multiple times → should open consistently
    • Navigate directly to /auth/signin → should show auth page properly

  2. Redirection Test:

    • Attempt to access /submit-ai while logged out
    • After sign-in, verify you're redirected to /submit-ai
    • Test with multiple private routes

  3. Security Test:

    • Log in and access private page
    • Click logout → verify immediate redirect to home page
    • Attempt to access private page without refresh → should redirect to sign-in
    • Test across multiple browser tabs
Actions
Copy link

Also available in: Atom PDF