@jmruthers/pace-core 0.5.43 → 0.5.45

package/src/providers/AuthProvider.tsx

@@ -34,14 +34,6 @@ export interface AuthContextType {
 
 const AuthContext = createContext<AuthContextType | undefined>(undefined);
 
-export const useAuth = () => {
-  const context = useContext(AuthContext);
-  if (!context) {
-    throw new Error('useAuth must be used within an AuthProvider');
-  }
-  return context;
-};
-
 export interface AuthProviderProps {
   children: React.ReactNode;
   supabaseClient?: SupabaseClient;
@@ -83,312 +75,213 @@ export function AuthProvider({ children, supabaseClient }: AuthProviderProps) {
     };
   }, []);
 
-  // Load initial user if no session but supabase client exists
+  // FIXED: Proper session restoration with better error handling
   useEffect(() => {
-    if (!supabaseClient) return;
+    if (!supabaseClient) {
+      setAuthLoading(false);
+      return;
+    }
 
-    const loadInitialUser = async (retryCount = 0) => {
+    let isMounted = true;
+
+    const initializeAuth = async () => {
       try {
-        DebugLogger.log('AuthProvider', `Loading initial user (attempt ${retryCount + 1})...`);
-        const response = await supabaseClient.auth.getUser();
-        const { data: { user: initialUser }, error } = response || { data: { user: null }, error: null };
+        DebugLogger.log('AuthProvider', 'Initializing authentication...');
+        
+        // First, try to get the current session
+        const { data: { session: currentSession }, error: sessionError } = await supabaseClient.auth.getSession();
         
-        if (error) {
-          console.warn('Failed to get initial user:', error);
-          // Retry once if it's a network error
-          if (retryCount === 0 && (error.message?.includes('network') || error.message?.includes('timeout'))) {
-            console.log('AuthProvider: Retrying initial user load due to network error...');
-            setTimeout(() => loadInitialUser(1), 1000);
-            return;
+        if (sessionError) {
+          console.warn('[AuthProvider] Error getting current session:', sessionError);
+          // Don't treat session errors as fatal - user might not be logged in
+        }
+
+        if (currentSession && isMounted) {
+          DebugLogger.log('AuthProvider', 'Session restored from storage:', currentSession.user?.email);
+          setSession(currentSession);
+          setUser(currentSession.user);
+          setAuthError(null);
+        } else if (isMounted) {
+          DebugLogger.log('AuthProvider', 'No session found in storage');
+          // Try to get user anyway (in case session is expired but user exists)
+          const { data: { user: currentUser }, error: userError } = await supabaseClient.auth.getUser();
+          
+          if (userError) {
+            DebugLogger.log('AuthProvider', 'No user found:', userError.message);
+          } else if (currentUser && isMounted) {
+            DebugLogger.log('AuthProvider', 'User found without session:', currentUser.email);
+            setUser(currentUser);
+            // Don't set session if it's null - this prevents issues
           }
-          setAuthLoading(false);
-          return;
         }
-        
-        if (initialUser) {
-          DebugLogger.log('AuthProvider', 'Initial user loaded successfully:', initialUser.email);
-          setUser(initialUser);
-        } else {
-          DebugLogger.log('AuthProvider', 'No initial user found');
+
+        if (isMounted) {
+          setAuthLoading(false);
         }
-        setAuthLoading(false);
       } catch (error) {
-        console.error('Error loading initial user:', error);
-        // Retry once if it's a network error
-        if (retryCount === 0 && (error instanceof Error && (error.message.includes('network') || error.message.includes('timeout')))) {
-          console.log('AuthProvider: Retrying initial user load due to network error...');
-          setTimeout(() => loadInitialUser(1), 1000);
-          return;
+        console.error('[AuthProvider] Error during auth initialization:', error);
+        if (isMounted) {
+          setAuthLoading(false);
+          // Don't set auth error for initialization failures - user might not be logged in
         }
-        setAuthLoading(false);
       }
     };
 
-    // Only load initial user if we haven't set up the auth state change listener yet
-    // This prevents race conditions between loadInitialUser and auth state change
-    const timeoutId = setTimeout(() => {
-      if (authLoading && !user && !session) {
-        loadInitialUser();
-      }
-    }, 100);
-
-    return () => clearTimeout(timeoutId);
-  }, [supabaseClient, authLoading, user, session]);
-
-  // Auth state change listener
-  useEffect(() => {
-    if (!supabaseClient) {
-      setAuthLoading(false);
-      return;
-    }
-
-    // Reasonable timeout to allow for auth state changes while preventing infinite hanging
-    const timeoutId = setTimeout(() => {
-      if (authLoading) {
-        console.warn('AuthProvider: Auth loading timeout reached - this may indicate a network issue or slow auth response');
-        setAuthLoading(false);
-        setAuthError(new AuthError('Authentication timeout - please try refreshing the page'));
-      }
-    }, 10000); // Increased to 10 seconds to allow for proper auth flow
-
-    try {
-      DebugLogger.log('AuthProvider', 'Setting up auth state change listener...');
-      const authStateChange = supabaseClient.auth.onAuthStateChange(
-        (event, session) => {
-          try {
-            DebugLogger.log('AuthProvider', 'Auth state changed:', event, session?.user?.email);
-            
-            // Clear timeout immediately when we get an auth state change
-            clearTimeout(timeoutId);
+    // Set up auth state change listener
+    const { data: { subscription } } = supabaseClient.auth.onAuthStateChange(
+      (event, session) => {
+        if (!isMounted) return;
+
+        try {
+          DebugLogger.log('AuthProvider', 'Auth state changed:', event, session?.user?.email);
+          
+          // Handle different auth events
+          if (event === 'SIGNED_OUT') {
+            DebugLogger.log('AuthProvider', 'User signed out, clearing all state');
+            setSession(null);
+            setUser(null);
+            setAuthError(null);
+          } else if (event === 'SIGNED_IN' || event === 'TOKEN_REFRESHED') {
+            DebugLogger.log('AuthProvider', 'User signed in or token refreshed');
+            setSession(session);
+            setUser(session?.user ?? null);
             
-            // Handle different auth events
-            if (event === 'SIGNED_OUT') {
-              DebugLogger.log('AuthProvider', 'User signed out, clearing all state');
-              // Clear all state immediately and aggressively
-              setSession(null);
-              setUser(null);
-              setAuthLoading(false);
+            // Only clear auth error if we have a valid session
+            if (session) {
               setAuthError(null);
-            } else if (event === 'SIGNED_IN' || event === 'TOKEN_REFRESHED') {
-              DebugLogger.log('AuthProvider', 'User signed in or token refreshed');
+            }
+          } else if (event === 'INITIAL_SESSION') {
+            DebugLogger.log('AuthProvider', 'Initial session event');
+            if (session) {
               setSession(session);
-              setUser(session?.user ?? null);
-              setAuthLoading(false);
-              
-              // Only clear auth error if we have a valid session
-              if (session) {
-                setAuthError(null);
-              }
-            } else {
-              // Handle other events (INITIAL_SESSION, etc.)
-              if (session) {
-                setSession(session);
-                setUser(session.user ?? null);
-                setAuthLoading(false);
-                if (session) {
-                  setAuthError(null);
-                }
-              }
+              setUser(session.user ?? null);
+              setAuthError(null);
             }
-          } catch (error) {
-            console.warn('[AuthProvider] Error in auth state change handler:', error);
-            // Ensure loading is always set to false
+          }
+          
+          // Always set loading to false after any auth state change
+          setAuthLoading(false);
+        } catch (error) {
+          console.warn('[AuthProvider] Error in auth state change handler:', error);
+          if (isMounted) {
             setAuthLoading(false);
           }
         }
-      );
-
-      const subscription = authStateChange?.data?.subscription || authStateChange;
-      
-      return () => {
-        clearTimeout(timeoutId);
-        if (subscription && typeof subscription.unsubscribe === 'function') {
-          DebugLogger.log('AuthProvider', 'Cleaning up auth state listener');
-          subscription.unsubscribe();
-        }
-      };
-    } catch (error) {
-      console.error('AuthProvider: Error setting up auth state change listener:', error);
-      
-      // Don't set authError for connection issues or auth session missing errors
-      if (error instanceof Error && 
-          !error.message.includes('No API key found') && 
-          !error.message.includes('AuthSessionMissingError') &&
-          !error.message.includes('Auth session missing')) {
-        setAuthError(error as AuthError);
       }
-      setAuthLoading(false);
-      clearTimeout(timeoutId);
-      return () => {};
-    }
+    );
+
+    // Initialize auth
+    initializeAuth();
+
+    return () => {
+      isMounted = false;
+      subscription?.unsubscribe();
+    };
   }, [supabaseClient]);
 
   // Auth methods
   const signIn = useCallback(async (email: string, password?: string) => {
     if (!supabaseClient) {
-      const error = new Error('No Supabase client provided') as AuthError;
-      setAuthError(error);
-      return { error };
+      return { error: new AuthError('Supabase client not available') };
     }
 
-    setAuthLoading(true);
-    setAuthError(null);
-    
     try {
-      const { error } = await supabaseClient.auth.signInWithPassword({ email, password: password || '' });
-      if (error) {
-        setAuthError(error);
-      }
+      const { error } = await supabaseClient.auth.signInWithPassword({
+        email,
+        password: password || '',
+      });
       return { error };
-    } catch (err: any) {
-      const authError = err as AuthError;
-      setAuthError(authError);
-      return { error: authError };
-    } finally {
-      setAuthLoading(false);
+    } catch (error) {
+      return { error: error as AuthError };
     }
   }, [supabaseClient]);
 
   const signUp = useCallback(async (email: string, password: string) => {
     if (!supabaseClient) {
-      const error = new Error('No Supabase client provided') as AuthError;
-      setAuthError(error);
-      return { error };
+      return { error: new AuthError('Supabase client not available') };
     }
 
-    setAuthError(null);
     try {
-      const { error } = await supabaseClient.auth.signUp({ email, password });
-      if (error) {
-        setAuthError(error);
-      }
+      const { error } = await supabaseClient.auth.signUp({
+        email,
+        password,
+      });
       return { error };
-    } catch (err: any) {
-      const authError = err as AuthError;
-      setAuthError(authError);
-      return { error: authError };
+    } catch (error) {
+      return { error: error as AuthError };
     }
   }, [supabaseClient]);
 
   const signOut = useCallback(async () => {
-    DebugLogger.log('AuthProvider', 'signOut called');
-    
-    // Immediately set loading to false to prevent timeout warnings
-    setAuthLoading(false);
-    
     if (!supabaseClient) {
-      DebugLogger.log('AuthProvider', 'No supabase client, clearing state manually');
-      setUser(null);
-      setSession(null);
-      setAuthError(null);
-      return { error: null };
+      return { error: new AuthError('Supabase client not available') };
     }
-    
-    // Clear state immediately before calling Supabase signOut
-    DebugLogger.log('AuthProvider', 'Pre-clearing state before signOut call');
-    setUser(null);
-    setSession(null);
-    setAuthError(null);
-    
+
     try {
-      DebugLogger.log('AuthProvider', 'Calling supabase signOut');
-      
-      // Add a timeout to prevent hanging
-      const signOutPromise = supabaseClient.auth.signOut();
-      const timeoutPromise = new Promise((_, reject) => 
-        setTimeout(() => reject(new Error('SignOut timeout')), 3000)
-      );
-      
-      const { error } = await Promise.race([signOutPromise, timeoutPromise]) as any;
-      
-      if (error && !error.message?.includes('SignOut timeout')) {
-        console.error('[AuthProvider] signOut error:', error);
-        // Don't set auth error for logout - we've already cleared state
-      }
-      
-      DebugLogger.log('AuthProvider', 'signOut process completed');
-      return { error: null }; // Always return success for logout
-    } catch (err) {
-      console.warn('[AuthProvider] signOut exception (ignored):', err);
-      // Ignore errors during logout - state is already cleared
-      return { error: null };
+      const { error } = await supabaseClient.auth.signOut();
+      return { error };
+    } catch (error) {
+      return { error: error as AuthError };
     }
   }, [supabaseClient]);
 
   const resetPassword = useCallback(async (email: string) => {
     if (!supabaseClient) {
-      const error = new Error('No Supabase client provided') as AuthError;
-      setAuthError(error);
-      return { error };
+      return { error: new AuthError('Supabase client not available') };
     }
 
-    setAuthError(null);
     try {
       const { error } = await supabaseClient.auth.resetPasswordForEmail(email);
-      if (error) {
-        setAuthError(error);
-      }
       return { error };
-    } catch (err: any) {
-      const authError = err as AuthError;
-      setAuthError(authError);
-      return { error: authError };
+    } catch (error) {
+      return { error: error as AuthError };
     }
   }, [supabaseClient]);
 
   const updatePassword = useCallback(async (password: string) => {
-    if (!supabaseClient) return { error: new AuthError('Supabase client not available.', 500) };
-    const { error } = await supabaseClient.auth.updateUser({ password });
-    if (error) {
-      setAuthError(error);
+    if (!supabaseClient) {
+      return { error: new AuthError('Supabase client not available') };
+    }
+
+    try {
+      const { error } = await supabaseClient.auth.updateUser({
+        password,
+      });
+      return { error };
+    } catch (error) {
+      return { error: error as AuthError };
     }
-    return { error };
   }, [supabaseClient]);
 
   const refreshSession = useCallback(async () => {
     if (!supabaseClient) {
-      const error = new Error('No Supabase client provided') as AuthError;
-      setAuthError(error);
-      return { error };
+      return { error: new AuthError('Supabase client not available') };
     }
 
-    setAuthError(null);
     try {
       const { error } = await supabaseClient.auth.refreshSession();
-      if (error) {
-        setAuthError(error);
-      }
       return { error };
-    } catch (err: any) {
-      const authError = err as AuthError;
-      setAuthError(authError);
-      return { error: authError };
+    } catch (error) {
+      return { error: error as AuthError };
     }
   }, [supabaseClient]);
 
-  // Memoized derived values
-  const isAuthenticated = !!user;
-
   // Memoized context value
-  const contextValue = useMemo<AuthContextType>(() => ({
+  const contextValue = useMemo(() => ({
     user,
     session,
-    isAuthenticated,
+    isAuthenticated: !!user && !!session,
     authLoading,
     authError,
     error: authError, // Alias for backward compatibility
-    supabase: supabaseClient || null,
-
+    supabase: supabaseClient || null, // Ensure null instead of undefined
     signIn,
     signUp,
     signOut,
     resetPassword,
     updatePassword,
     refreshSession,
-  }), [
-    user, session, isAuthenticated, authLoading, authError, supabaseClient,
-    signIn, signUp, signOut, resetPassword, updatePassword, refreshSession,
-  ]);
+  }), [user, session, authLoading, authError, supabaseClient, signIn, signUp, signOut, resetPassword, updatePassword, refreshSession]);
 
   return (
     <AuthContext.Provider value={contextValue}>
@@ -396,3 +289,11 @@ export function AuthProvider({ children, supabaseClient }: AuthProviderProps) {
     </AuthContext.Provider>
   );
 }
+
+export const useAuth = (): AuthContextType => {
+  const context = useContext(AuthContext);
+  if (!context) {
+    throw new Error('useAuth must be used within an AuthProvider');
+  }
+  return context;
+};

package/src/providers/OrganisationProvider.tsx

@@ -166,8 +166,15 @@ export function OrganisationProvider({ children }: OrganisationProviderProps) {
       setError(null);
       return;
     }
-      setIsLoading(true);
-      setError(null);
+
+    // FIXED: Additional check to prevent loading during auth state changes
+    if (isLoading) {
+      DebugLogger.log("OrganisationProvider", "Already loading, skipping duplicate load");
+      return;
+    }
+
+    setIsLoading(true);
+    setError(null);
       
       try {
         DebugLogger.log("OrganisationProvider", "Loading organisations for user:", user.id);
@@ -214,15 +221,42 @@ export function OrganisationProvider({ children }: OrganisationProviderProps) {
           throw new Error('User has no active organisation memberships') as OrganisationSecurityError;
         }
 
+        // FIXED: Debug log to identify any problematic membership data
+        memberships.forEach((membership: any, index: number) => {
+          if (!membership.organisation_id || membership.organisation_id.trim() === '') {
+            console.warn(`[OrganisationProvider] Membership ${index} has invalid organisation_id:`, membership);
+          }
+        });
+
         // Get organisation details for the memberships
         const organisationIds = memberships
           .map((m: any) => m.organisation_id)
-          .filter((id: string) => id && id.trim() !== '' && /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(id));
+          .filter((id: string) => {
+            // FIXED: Better validation to prevent empty string UUID errors
+            if (!id || typeof id !== 'string') {
+              console.warn("[OrganisationProvider] Invalid organisation ID (not string):", id);
+              return false;
+            }
+            const trimmedId = id.trim();
+            if (trimmedId === '') {
+              console.warn("[OrganisationProvider] Empty organisation ID found");
+              return false;
+            }
+            // Validate UUID format
+            const isValidUuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(trimmedId);
+            if (!isValidUuid) {
+              console.warn("[OrganisationProvider] Invalid UUID format:", trimmedId);
+            }
+            return isValidUuid;
+          });
         
         if (organisationIds.length === 0) {
+          console.warn("[OrganisationProvider] No valid organisation IDs found in memberships:", memberships);
           throw new Error('No valid organisation IDs found in memberships') as OrganisationSecurityError;
         }
         
+        DebugLogger.log("OrganisationProvider", "Valid organisation IDs:", organisationIds);
+        
         const { data: organisations, error: orgError } = await supabase
           .from('organisations')
           .select('id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at')
@@ -264,14 +298,25 @@ export function OrganisationProvider({ children }: OrganisationProviderProps) {
           const persistedOrgString = localStorage.getItem(STORAGE_KEYS.SELECTED_ORGANISATION);
           if (persistedOrgString) {
             const persistedOrg = JSON.parse(persistedOrgString) as Organisation;
-            const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);
-            if (validPersistedOrg) {
-              initialOrg = validPersistedOrg;
-              DebugLogger.log("OrganisationProvider", "Restored persisted organisation:", initialOrg.display_name);
+            // FIXED: Validate persisted org ID before using it
+            if (persistedOrg.id && typeof persistedOrg.id === 'string' && persistedOrg.id.trim() !== '') {
+              const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);
+              if (validPersistedOrg) {
+                initialOrg = validPersistedOrg;
+                DebugLogger.log("OrganisationProvider", "Restored persisted organisation:", initialOrg.display_name);
+              } else {
+                console.warn("[OrganisationProvider] Persisted organisation not found in active orgs, clearing cache");
+                localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
+              }
+            } else {
+              console.warn("[OrganisationProvider] Invalid persisted organisation ID, clearing cache");
+              localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
             }
           }
         } catch (storageError) {
           console.warn("[OrganisationProvider] Failed to restore persisted organisation:", storageError);
+          // Clear potentially corrupted cache
+          localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
         }
         
         // 2. Fall back to org_admin role organisation (highest privilege)
@@ -320,10 +365,27 @@ export function OrganisationProvider({ children }: OrganisationProviderProps) {
       }
   }, [user, session, supabase]);
 
-  // Load organisations when dependencies change
+  // FIXED: Load organisations only when authentication is complete and stable
   useEffect(() => {
-    loadUserOrganisations();
-  }, [loadUserOrganisations]);
+    // Only load organizations if we have a valid user and session
+    // and we're not in the middle of authentication loading
+    if (user && session && supabase && !isLoading) {
+      DebugLogger.log("OrganisationProvider", "Authentication stable, loading organizations...");
+      loadUserOrganisations();
+    } else if (!user && !session) {
+      // Clear state if no authentication
+      DebugLogger.log("OrganisationProvider", "No authentication, clearing organization state");
+      setSelectedOrganisation(null);
+      setOrganisations([]);
+      setUserMemberships([]);
+      setRoleMapState(new Map());
+      setIsLoading(false);
+      setError(null);
+      // FIXED: Clear localStorage when no authentication to prevent stale data
+      localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
+      localStorage.removeItem(STORAGE_KEYS.ORGANISATION_CONTEXT);
+    }
+  }, [user, session, supabase, isLoading, loadUserOrganisations]);
 
   // Handle logout and redirect to login
   const handleLogoutAndRedirect = useCallback(async () => {