fix: validate returnTo parameter in auth callback and update default organization name in welcome page
This commit is contained in:
Usman Baig
@@ -69,8 +69,9 @@ function AuthCallbackContent() {
|
|||||||
if (typeof window !== 'undefined' && localStorage.getItem('pulse_pending_checkout')) {
|
if (typeof window !== 'undefined' && localStorage.getItem('pulse_pending_checkout')) {
|
||||||
router.push('/welcome')
|
router.push('/welcome')
|
||||||
} else {
|
} else {
|
||||||
const returnTo = searchParams.get('returnTo') || '/'
|
const raw = searchParams.get('returnTo') || '/'
|
||||||
router.push(returnTo)
|
const safe = (typeof raw === 'string' && raw.startsWith('/') && !raw.startsWith('//')) ? raw : '/'
|
||||||
|
router.push(safe)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
setError(authMessageFromErrorType('invalid'))
|
setError(authMessageFromErrorType('invalid'))
|
||||||
|
|||||||
@@ -47,12 +47,12 @@ import Link from 'next/link'
|
|||||||
import ScriptSetupBlock from '@/components/sites/ScriptSetupBlock'
|
import ScriptSetupBlock from '@/components/sites/ScriptSetupBlock'
|
||||||
|
|
||||||
const TOTAL_STEPS = 5
|
const TOTAL_STEPS = 5
|
||||||
const DEFAULT_ORG_NAME = 'My workspace'
|
const DEFAULT_ORG_NAME = 'My organization'
|
||||||
const SITE_DRAFT_KEY = 'pulse_welcome_site_draft'
|
const SITE_DRAFT_KEY = 'pulse_welcome_site_draft'
|
||||||
const WELCOME_COMPLETED_KEY = 'pulse_welcome_completed'
|
const WELCOME_COMPLETED_KEY = 'pulse_welcome_completed'
|
||||||
|
|
||||||
function slugFromName(name: string): string {
|
function slugFromName(name: string): string {
|
||||||
return name.toLowerCase().replace(/[^a-z0-9]/g, '-').replace(/-+/g, '-').replace(/^-|-$/g, '') || 'my-workspace'
|
return name.toLowerCase().replace(/[^a-z0-9]/g, '-').replace(/-+/g, '-').replace(/^-|-$/g, '') || 'my-organization'
|
||||||
}
|
}
|
||||||
|
|
||||||
function suggestSlugVariant(slug: string): string {
|
function suggestSlugVariant(slug: string): string {
|
||||||
|
|||||||
@@ -167,12 +167,15 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
|
|||||||
// * Update session cookie
|
// * Update session cookie
|
||||||
const result = await setSessionAction(access_token)
|
const result = await setSessionAction(access_token)
|
||||||
if (result.success && result.user) {
|
if (result.success && result.user) {
|
||||||
setUser(result.user)
|
try {
|
||||||
localStorage.setItem('user', JSON.stringify(result.user))
|
const fullProfile = await apiRequest<{ id: string; email: string; display_name?: string; totp_enabled: boolean; org_id?: string; role?: string }>('/auth/user/me')
|
||||||
|
const merged = { ...fullProfile, org_id: result.user.org_id ?? fullProfile.org_id, role: result.user.role ?? fullProfile.role }
|
||||||
// * Force hard reload to ensure browser sends new cookie to backend
|
setUser(merged)
|
||||||
// * router.refresh() is not enough for Client Components fetching data immediately
|
localStorage.setItem('user', JSON.stringify(merged))
|
||||||
// window.location.reload()
|
} catch {
|
||||||
|
setUser(result.user)
|
||||||
|
localStorage.setItem('user', JSON.stringify(result.user))
|
||||||
|
}
|
||||||
router.refresh()
|
router.refresh()
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
|||||||
Reference in New Issue
Block a user