fix: validate returnTo parameter in auth callback and update default organization name in welcome page

2026-02-09 09:38:44 +01:00
parent a3e9bac119
commit ead1e006dc
3 changed files with 14 additions and 10 deletions
--- a/lib/auth/context.tsx
+++ b/lib/auth/context.tsx
@@ -167,12 +167,15 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
                 // * Update session cookie
                 const result = await setSessionAction(access_token)
                 if (result.success && result.user) {
-                     setUser(result.user)
-                     localStorage.setItem('user', JSON.stringify(result.user))
-                     
-                     // * Force hard reload to ensure browser sends new cookie to backend
-                     // * router.refresh() is not enough for Client Components fetching data immediately
-                     // window.location.reload()
+                     try {
+                       const fullProfile = await apiRequest<{ id: string; email: string; display_name?: string; totp_enabled: boolean; org_id?: string; role?: string }>('/auth/user/me')
+                       const merged = { ...fullProfile, org_id: result.user.org_id ?? fullProfile.org_id, role: result.user.role ?? fullProfile.role }
+                       setUser(merged)
+                       localStorage.setItem('user', JSON.stringify(merged))
+                     } catch {
+                       setUser(result.user)
+                       localStorage.setItem('user', JSON.stringify(result.user))
+                     }
                     router.refresh()
                 }
             } catch (e) {