@micha.bigler/ui-core-micha 2.3.2 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/pages/SignupConfirmPage.js +7 -7
  2. package/package.json +1 -1
  3. package/src/pages/SignupConfirmPage.jsx +7 -7
package/dist/pages/SignupConfirmPage.js CHANGED
@@ -3,9 +3,9 @@ import { jsxs as _jsxs, jsx as _jsx, Fragment as _Fragment } from "react/jsx-run
3
3
  //
4
4
  // S13: Completes a pending registration. Reads the signed pending-token from
5
5
  // the URL (`?token=...`), asks the user for a password, and POSTs to
6
- // `register_confirm`. On success, the backend has set the session cookie; we
7
- // trigger a full page reload to `/` so AuthProvider re-initialises and picks
8
- // the user up at mount avoids React-state races inside the SPA.
6
+ // `register_confirm`. On success, the user is sent to /login to sign in
7
+ // explicitly matches the existing invite/password-reset pattern and
8
+ // preserves any MFA / login-event flow the app may enforce.
9
9
  import React, { useMemo, useState } from 'react';
10
10
  import { useLocation, useNavigate } from 'react-router-dom';
11
11
  import { Alert, Box, Button, Stack, TextField, Typography, } from '@mui/material';
@@ -43,10 +43,10 @@ export function SignupConfirmPage() {
43
43
  setSubmitting(true);
44
44
  try {
45
45
  await confirmRegistration({ token: tokenFromUrl, password });
46
- // Full page reload so AuthProvider re-initialises with the just-set
47
- // session cookie. Avoids React-state races where the SPA's route guard
48
- // could read a stale (null) user between login() and navigate('/').
49
- window.location.assign('/');
46
+ // Send the user to /login. Aligned with PasswordInvitePage; no implicit
47
+ // session that would bypass MFA challenges or skip the explicit login
48
+ // event in audit logs.
49
+ navigate('/login', { replace: true });
50
50
  return;
51
51
  }
52
52
  catch (err) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@micha.bigler/ui-core-micha",
3
- "version": "2.3.2",
3
+ "version": "2.3.3",
4
4
  "main": "dist/index.js",
5
5
  "module": "dist/index.js",
6
6
  "repository": {
package/src/pages/SignupConfirmPage.jsx CHANGED
@@ -2,9 +2,9 @@
2
2
  //
3
3
  // S13: Completes a pending registration. Reads the signed pending-token from
4
4
  // the URL (`?token=...`), asks the user for a password, and POSTs to
5
- // `register_confirm`. On success, the backend has set the session cookie; we
6
- // trigger a full page reload to `/` so AuthProvider re-initialises and picks
7
- // the user up at mount avoids React-state races inside the SPA.
5
+ // `register_confirm`. On success, the user is sent to /login to sign in
6
+ // explicitly matches the existing invite/password-reset pattern and
7
+ // preserves any MFA / login-event flow the app may enforce.
8
8
  import React, { useMemo, useState } from 'react';
9
9
  import { useLocation, useNavigate } from 'react-router-dom';
10
10
  import {
@@ -55,10 +55,10 @@ export function SignupConfirmPage() {
55
55
  setSubmitting(true);
56
56
  try {
57
57
  await confirmRegistration({ token: tokenFromUrl, password });
58
- // Full page reload so AuthProvider re-initialises with the just-set
59
- // session cookie. Avoids React-state races where the SPA's route guard
60
- // could read a stale (null) user between login() and navigate('/').
61
- window.location.assign('/');
58
+ // Send the user to /login. Aligned with PasswordInvitePage; no implicit
59
+ // session that would bypass MFA challenges or skip the explicit login
60
+ // event in audit logs.
61
+ navigate('/login', { replace: true });
62
62
  return;
63
63
  } catch (err) {
64
64
  setErrorKey(err?.code || 'Auth.PENDING_TOKEN_INVALID');