@micha.bigler/ui-core-micha 2.3.2 → 2.4.0

package/dist/pages/SignupConfirmPage.js

@@ -3,9 +3,9 @@ import { jsxs as _jsxs, jsx as _jsx, Fragment as _Fragment } from "react/jsx-run
 //
 // S13: Completes a pending registration. Reads the signed pending-token from
 // the URL (`?token=...`), asks the user for a password, and POSTs to
-// `register_confirm`. On success, the backend has set the session cookie; we
-// trigger a full page reload to `/` so AuthProvider re-initialises and picks
-// the user up at mount — avoids React-state races inside the SPA.
+// `register_confirm`. On success, the user is sent to /login to sign in
+// explicitly — matches the existing invite/password-reset pattern and
+// preserves any MFA / login-event flow the app may enforce.
 import React, { useMemo, useState } from 'react';
 import { useLocation, useNavigate } from 'react-router-dom';
 import { Alert, Box, Button, Stack, TextField, Typography, } from '@mui/material';
@@ -43,10 +43,10 @@ export function SignupConfirmPage() {
         setSubmitting(true);
         try {
             await confirmRegistration({ token: tokenFromUrl, password });
-            // Full page reload so AuthProvider re-initialises with the just-set
-            // session cookie. Avoids React-state races where the SPA's route guard
-            // could read a stale (null) user between login() and navigate('/').
-            window.location.assign('/');
+            // Send the user to /login. Aligned with PasswordInvitePage; no implicit
+            // session that would bypass MFA challenges or skip the explicit login
+            // event in audit logs.
+            navigate('/login', { replace: true });
             return;
         }
         catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@micha.bigler/ui-core-micha",
-  "version": "2.3.2",
+  "version": "2.4.0",
   "main": "dist/index.js",
   "module": "dist/index.js",
   "repository": {
@@ -14,10 +14,12 @@
     "@mui/material": "^7.3.5",
     "@mui/x-data-grid": "^8.4.0",
     "axios": "^1.0.0",
+    "i18next": "^25.10.10 || ^26.0.0",
     "qrcode.react": "^4.2.0",
     "react": "^19.2.1",
     "react-dom": "^19.2.1",
     "react-helmet": "^6.0.0",
+    "react-i18next": "^16.3.5 || ^17.0.0",
     "react-router-dom": "^7.9.6"
   },
   "scripts": {
@@ -25,9 +27,8 @@
   },
   "devDependencies": {
     "@mui/icons-material": "^7.3.11",
+    "i18next": "^26.2.0",
+    "react-i18next": "^17.0.8",
     "typescript": "^5.9.3"
-  },
-  "dependencies": {
-    "react-i18next": "^16.3.5"
   }
 }

package/src/pages/SignupConfirmPage.jsx

@@ -2,9 +2,9 @@
 //
 // S13: Completes a pending registration. Reads the signed pending-token from
 // the URL (`?token=...`), asks the user for a password, and POSTs to
-// `register_confirm`. On success, the backend has set the session cookie; we
-// trigger a full page reload to `/` so AuthProvider re-initialises and picks
-// the user up at mount — avoids React-state races inside the SPA.
+// `register_confirm`. On success, the user is sent to /login to sign in
+// explicitly — matches the existing invite/password-reset pattern and
+// preserves any MFA / login-event flow the app may enforce.
 import React, { useMemo, useState } from 'react';
 import { useLocation, useNavigate } from 'react-router-dom';
 import {
@@ -55,10 +55,10 @@ export function SignupConfirmPage() {
     setSubmitting(true);
     try {
       await confirmRegistration({ token: tokenFromUrl, password });
-      // Full page reload so AuthProvider re-initialises with the just-set
-      // session cookie. Avoids React-state races where the SPA's route guard
-      // could read a stale (null) user between login() and navigate('/').
-      window.location.assign('/');
+      // Send the user to /login. Aligned with PasswordInvitePage; no implicit
+      // session that would bypass MFA challenges or skip the explicit login
+      // event in audit logs.
+      navigate('/login', { replace: true });
       return;
     } catch (err) {
       setErrorKey(err?.code || 'Auth.PENDING_TOKEN_INVALID');