npm - @micha.bigler/ui-core-micha - Versions diffs - 2.3.1 → 2.3.3 - Mend

@micha.bigler/ui-core-micha 2.3.1 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/pages/SignupConfirmPage.js +10 -16
package/package.json +1 -1
package/src/pages/SignupConfirmPage.jsx +10 -15

package/dist/pages/SignupConfirmPage.js CHANGED Viewed

@@ -3,21 +3,20 @@ import { jsxs as _jsxs, jsx as _jsx, Fragment as _Fragment } from "react/jsx-run
 //
 // S13: Completes a pending registration. Reads the signed pending-token from
 // the URL (`?token=...`), asks the user for a password, and POSTs to
-// `register_confirm`. On success, the user is logged in by the backend session
-// cookie; we hand off to AuthContext.login so the SPA picks it up immediately.
-import React, { useContext, useMemo, useState } from 'react';
+// `register_confirm`. On success, the user is sent to /login to sign in
+// explicitly — matches the existing invite/password-reset pattern and
+// preserves any MFA / login-event flow the app may enforce.
+import React, { useMemo, useState } from 'react';
 import { useLocation, useNavigate } from 'react-router-dom';
 import { Alert, Box, Button, Stack, TextField, Typography, } from '@mui/material';
 import { Helmet } from 'react-helmet';
 import { useTranslation } from 'react-i18next';
 import { NarrowPage } from '../layout/PageLayout';
-import { AuthContext } from '../auth/AuthContext';
-import { confirmRegistration, fetchCurrentUser } from '../auth/authApi';
+import { confirmRegistration } from '../auth/authApi';
 export function SignupConfirmPage() {
     const { t } = useTranslation();
     const location = useLocation();
     const navigate = useNavigate();
-    const { login } = useContext(AuthContext);
     const tokenFromUrl = useMemo(() => {
         const query = new URLSearchParams(location.search);
         return query.get('token') || '';
@@ -44,16 +43,11 @@ export function SignupConfirmPage() {
         setSubmitting(true);
         try {
             await confirmRegistration({ token: tokenFromUrl, password });
-            // Refresh user state from session before navigating home.
-            try {
-                const user = await fetchCurrentUser();
-                login(user);
-            }
-            catch (_a) {
-                // If user fetch fails, still navigate — the session cookie is set
-                // server-side and the next page-load will pick the user up.
-            }
-            navigate('/', { replace: true });
+            // Send the user to /login. Aligned with PasswordInvitePage; no implicit
+            // session that would bypass MFA challenges or skip the explicit login
+            // event in audit logs.
+            navigate('/login', { replace: true });
+            return;
         }
         catch (err) {
             setErrorKey((err === null || err === void 0 ? void 0 : err.code) || 'Auth.PENDING_TOKEN_INVALID');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@micha.bigler/ui-core-micha",
-  "version": "2.3.1",
+  "version": "2.3.3",
   "main": "dist/index.js",
   "module": "dist/index.js",
   "repository": {

package/src/pages/SignupConfirmPage.jsx CHANGED Viewed

@@ -2,9 +2,10 @@
 //
 // S13: Completes a pending registration. Reads the signed pending-token from
 // the URL (`?token=...`), asks the user for a password, and POSTs to
-// `register_confirm`. On success, the user is logged in by the backend session
-// cookie; we hand off to AuthContext.login so the SPA picks it up immediately.
-import React, { useContext, useMemo, useState } from 'react';
+// `register_confirm`. On success, the user is sent to /login to sign in
+// explicitly — matches the existing invite/password-reset pattern and
+// preserves any MFA / login-event flow the app may enforce.
+import React, { useMemo, useState } from 'react';
 import { useLocation, useNavigate } from 'react-router-dom';
 import {
   Alert,
@@ -17,14 +18,12 @@ import {
 import { Helmet } from 'react-helmet';
 import { useTranslation } from 'react-i18next';
 import { NarrowPage } from '../layout/PageLayout';
-import { AuthContext } from '../auth/AuthContext';
-import { confirmRegistration, fetchCurrentUser } from '../auth/authApi';
+import { confirmRegistration } from '../auth/authApi';
 export function SignupConfirmPage() {
   const { t } = useTranslation();
   const location = useLocation();
   const navigate = useNavigate();
-  const { login } = useContext(AuthContext);
   const tokenFromUrl = useMemo(() => {
     const query = new URLSearchParams(location.search);
@@ -56,15 +55,11 @@ export function SignupConfirmPage() {
     setSubmitting(true);
     try {
       await confirmRegistration({ token: tokenFromUrl, password });
-      // Refresh user state from session before navigating home.
-      try {
-        const user = await fetchCurrentUser();
-        login(user);
-      } catch {
-        // If user fetch fails, still navigate — the session cookie is set
-        // server-side and the next page-load will pick the user up.
-      }
-      navigate('/', { replace: true });
+      // Send the user to /login. Aligned with PasswordInvitePage; no implicit
+      // session that would bypass MFA challenges or skip the explicit login
+      // event in audit logs.
+      navigate('/login', { replace: true });
+      return;
     } catch (err) {
       setErrorKey(err?.code || 'Auth.PENDING_TOKEN_INVALID');
     } finally {