Correction signin
This commit is contained in:
parent
f682af6c10
commit
54c7990ed8
@ -9,75 +9,68 @@ export default function SignIn() {
|
||||
const router = useRouter();
|
||||
const searchParams = useSearchParams();
|
||||
const [initializationStatus, setInitializationStatus] = useState<string | null>(null);
|
||||
const [isLoggingIn, setIsLoggingIn] = useState(false);
|
||||
const hasAttemptedLogin = useRef(false);
|
||||
const isLogoutRedirect = useRef(false);
|
||||
|
||||
// Check URL parameters for logout flag
|
||||
const logoutParam = searchParams.get('logout');
|
||||
const isLogoutRedirect = logoutParam === 'true';
|
||||
|
||||
// Check if we should force login prompt (after logout)
|
||||
// Debug logging
|
||||
useEffect(() => {
|
||||
// Check for server-side cookie that marks logout
|
||||
const forceLoginCookie = document.cookie
|
||||
.split(';')
|
||||
.find(c => c.trim().startsWith('force_login_prompt='));
|
||||
|
||||
// Check URL parameters for logout flag
|
||||
const logoutParam = searchParams.get('logout');
|
||||
|
||||
// If logout occurred, mark it and prevent auto-login
|
||||
if (forceLoginCookie || logoutParam === 'true') {
|
||||
isLogoutRedirect.current = true;
|
||||
|
||||
// Clear OAuth parameters from URL if present
|
||||
const url = new URL(window.location.href);
|
||||
const hasOAuthParams = url.searchParams.has('code') ||
|
||||
url.searchParams.has('state') ||
|
||||
url.searchParams.has('error');
|
||||
|
||||
if (hasOAuthParams) {
|
||||
url.searchParams.delete('code');
|
||||
url.searchParams.delete('state');
|
||||
url.searchParams.delete('error');
|
||||
url.searchParams.delete('error_description');
|
||||
url.searchParams.set('logout', 'true');
|
||||
window.history.replaceState({}, '', url.toString());
|
||||
}
|
||||
|
||||
// Don't auto-trigger login after logout
|
||||
return;
|
||||
}
|
||||
}, [searchParams]);
|
||||
console.log('[SignIn] Status:', status, 'Session:', !!session, 'Logout redirect:', isLogoutRedirect, 'Has attempted:', hasAttemptedLogin.current);
|
||||
}, [status, session, isLogoutRedirect]);
|
||||
|
||||
// Clear stale force_login_prompt cookie on mount (it should only last 5 minutes)
|
||||
useEffect(() => {
|
||||
// If not a logout redirect, clear any stale force_login_prompt cookie
|
||||
if (!isLogoutRedirect) {
|
||||
const forceLoginCookie = document.cookie
|
||||
.split(';')
|
||||
.find(c => c.trim().startsWith('force_login_prompt='));
|
||||
|
||||
if (forceLoginCookie) {
|
||||
console.log('[SignIn] Clearing stale force_login_prompt cookie');
|
||||
document.cookie = 'force_login_prompt=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC';
|
||||
}
|
||||
}
|
||||
}, [isLogoutRedirect]);
|
||||
|
||||
// Handle authentication redirect
|
||||
useEffect(() => {
|
||||
// If user is already authenticated, redirect to home
|
||||
if (status === "authenticated" && session?.user) {
|
||||
console.log('[SignIn] User authenticated, redirecting to home');
|
||||
router.push("/");
|
||||
return;
|
||||
}
|
||||
|
||||
// Don't auto-login if this is a logout redirect or we've already attempted login
|
||||
if (isLogoutRedirect.current || hasAttemptedLogin.current) {
|
||||
// Don't auto-login if this is a logout redirect
|
||||
if (isLogoutRedirect) {
|
||||
console.log('[SignIn] Logout redirect detected, showing login button');
|
||||
return;
|
||||
}
|
||||
|
||||
// Don't auto-login if status is still loading (might be processing OAuth callback)
|
||||
// Don't auto-login if we've already attempted or are currently logging in
|
||||
if (hasAttemptedLogin.current || isLoggingIn) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Don't auto-login if status is still loading
|
||||
if (status === "loading") {
|
||||
return;
|
||||
}
|
||||
|
||||
// Auto-login for new users (SSO natural flow)
|
||||
// Only if not authenticated and not from logout
|
||||
if (status === "unauthenticated") {
|
||||
console.log('[SignIn] Status is unauthenticated, triggering Keycloak login');
|
||||
hasAttemptedLogin.current = true;
|
||||
// Small delay to ensure we're not in a logout redirect flow
|
||||
const timer = setTimeout(() => {
|
||||
if (status === "unauthenticated" && !isLogoutRedirect.current) {
|
||||
// Trigger Keycloak sign-in (SSO will work naturally)
|
||||
signIn("keycloak", { callbackUrl: "/" });
|
||||
}
|
||||
}, 1000);
|
||||
setIsLoggingIn(true);
|
||||
|
||||
return () => clearTimeout(timer);
|
||||
// Trigger Keycloak sign-in immediately
|
||||
signIn("keycloak", { callbackUrl: "/" });
|
||||
}
|
||||
}, [status, session, router]);
|
||||
}, [status, session, router, isLogoutRedirect, isLoggingIn]);
|
||||
|
||||
useEffect(() => {
|
||||
if (session?.user) {
|
||||
@ -113,10 +106,6 @@ export default function SignIn() {
|
||||
}
|
||||
}, [session]);
|
||||
|
||||
// Show logout message if coming from logout
|
||||
const showLogoutMessage = isLogoutRedirect.current ||
|
||||
searchParams.get('logout') === 'true';
|
||||
|
||||
return (
|
||||
<div
|
||||
className="min-h-screen flex items-center justify-center"
|
||||
@ -130,7 +119,7 @@ export default function SignIn() {
|
||||
<div className="w-full max-w-md space-y-8 bg-white/90 backdrop-blur-sm p-8 rounded-xl shadow-xl">
|
||||
<div>
|
||||
<h2 className="mt-6 text-center text-3xl font-bold tracking-tight text-gray-900">
|
||||
{showLogoutMessage
|
||||
{isLogoutRedirect
|
||||
? "Vous avez été déconnecté avec succès. Veuillez vous reconnecter."
|
||||
: initializationStatus === "initializing"
|
||||
? "Initialisation de votre espace..."
|
||||
@ -138,28 +127,22 @@ export default function SignIn() {
|
||||
? "Initialisation réussie, redirection..."
|
||||
: initializationStatus === "failed"
|
||||
? "Échec de l'initialisation. Veuillez réessayer."
|
||||
: isLoggingIn
|
||||
? "Connexion à Keycloak en cours..."
|
||||
: status === "loading"
|
||||
? "Chargement..."
|
||||
: "Redirection vers la page de connexion..."}
|
||||
</h2>
|
||||
{showLogoutMessage && (
|
||||
|
||||
{/* Show login button after logout OR if auto-login failed */}
|
||||
{(isLogoutRedirect || (status === "unauthenticated" && hasAttemptedLogin.current && !isLoggingIn)) && (
|
||||
<div className="mt-4 text-center">
|
||||
<button
|
||||
onClick={() => {
|
||||
// Clear flags before logging in
|
||||
console.log('[SignIn] Manual login button clicked');
|
||||
hasAttemptedLogin.current = false;
|
||||
isLogoutRedirect.current = false;
|
||||
|
||||
// Use NextAuth signin normally
|
||||
// The force_login_prompt cookie set by mark-logout will be used
|
||||
// to determine if we should add prompt=login
|
||||
// For now, we'll rely on Keycloak's behavior: if SSO session exists
|
||||
// and we want to force login, we need to add prompt=login
|
||||
// Since NextAuth doesn't easily support dynamic prompt, we'll
|
||||
// use a workaround: modify the authorization URL after NextAuth generates it
|
||||
// This is complex, so for now we'll use normal signin
|
||||
// The user will be prompted if SSO session was cleared by end-sso-session
|
||||
signIn("keycloak", {
|
||||
callbackUrl: "/",
|
||||
});
|
||||
setIsLoggingIn(true);
|
||||
signIn("keycloak", { callbackUrl: "/" });
|
||||
}}
|
||||
className="mt-4 px-4 py-2 bg-blue-600 text-white rounded-lg hover:bg-blue-700 transition-colors"
|
||||
>
|
||||
@ -167,7 +150,8 @@ export default function SignIn() {
|
||||
</button>
|
||||
</div>
|
||||
)}
|
||||
{initializationStatus === "initializing" && (
|
||||
|
||||
{(initializationStatus === "initializing" || isLoggingIn || status === "loading") && (
|
||||
<div className="flex justify-center mt-4">
|
||||
<div className="animate-spin rounded-full h-12 w-12 border-t-2 border-b-2 border-blue-500"></div>
|
||||
</div>
|
||||
|
||||
@ -1,5 +1,10 @@
|
||||
/** @type {import('next').NextConfig} */
|
||||
const nextConfig = {
|
||||
// Allow cross-origin requests from the reverse proxy domain
|
||||
allowedDevOrigins: [
|
||||
'hub.slm-lab.net',
|
||||
'https://hub.slm-lab.net',
|
||||
],
|
||||
webpack: (config, { isServer }) => {
|
||||
// Handle node: protocol imports
|
||||
if (!isServer) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user