@tern-secure/nextjs 4.0.0 → 4.2.0

package/dist/cjs/boundary/TernSecureClientProvider.js

@@ -28,13 +28,19 @@ var import_client_init = require("../utils/client-init");
 var import_auth = require("firebase/auth");
 var import_TernSecureCtx = require("./TernSecureCtx");
 var import_navigation = require("next/navigation");
+var import_internal_route = require("../app-router/route-handler/internal-route");
+var import_construct = require("../utils/construct");
 function TernSecureClientProvider({
   children,
-  loginPath = "/sign-in",
-  loadingComponent
+  loginPath = process.env.NEXT_PUBLIC_SIGN_IN_PATH || "/sign-in",
+  signUpPath = process.env.NEXT_PUBLIC_SIGN_UP_PATH || "/sign-up",
+  loadingComponent,
+  requiresVerification
 }) {
   const auth = (0, import_react.useMemo)(() => import_client_init.ternSecureAuth, []);
   const router = (0, import_navigation.useRouter)();
+  const pathname = (0, import_navigation.usePathname)();
+  const [isRedirecting, setIsRedirecting] = (0, import_react.useState)(false);
   const [authState, setAuthState] = (0, import_react.useState)(() => ({
     userId: null,
     isLoaded: false,
@@ -43,9 +49,58 @@ function TernSecureClientProvider({
     isVerified: false,
     isAuthenticated: false,
     token: null,
-    email: null
+    email: null,
+    status: "loading",
+    requiresVerification
   }));
+  const constructUrlWithRedirect = (0, import_react.useCallback)(
+    (loginPath2, currentPath, loginPathParam, signUpPathParam) => {
+      const baseUrl = window.location.origin;
+      const signInUrl = new URL(loginPath2, baseUrl);
+      if (!currentPath.includes(loginPathParam) && !currentPath.includes(signUpPathParam)) {
+        signInUrl.searchParams.set("redirect", currentPath);
+      }
+      return signInUrl.toString();
+    },
+    []
+  );
+  const shouldRedirect = (0, import_react.useCallback)(
+    (pathname2, isVerified) => {
+      const searchParams = new URLSearchParams(window.location.search);
+      if ((0, import_internal_route.isBaseAuthRoute)(pathname2) && !searchParams.has("redirect")) {
+        return false;
+      }
+      if ((0, import_internal_route.isInternalRoute)(pathname2)) {
+        return false;
+      }
+      if ((0, import_internal_route.isAuthRoute)(pathname2) && (!requiresVerification || isVerified)) {
+        return false;
+      }
+      return true;
+    },
+    [requiresVerification]
+  );
+  const redirectToLogin = (0, import_react.useCallback)(
+    (currentPath) => {
+      const path = currentPath || pathname || "/";
+      if ((0, import_internal_route.isInternalRoute)(path)) {
+        return;
+      }
+      if ((0, import_construct.hasRedirectLoop)(path, loginPath)) {
+        return;
+      }
+      setIsRedirecting(true);
+      const loginUrl = constructUrlWithRedirect(loginPath, path, loginPath, signUpPath);
+      if (process.env.NODE_ENV === "production") {
+        window.location.href = loginUrl;
+      } else {
+        router.push(loginUrl);
+      }
+    },
+    [router, loginPath, signUpPath, pathname, constructUrlWithRedirect]
+  );
   const handleSignOut = (0, import_react.useCallback)(async (error) => {
+    const currentPath = window.location.pathname;
     await auth.signOut();
     setAuthState({
       isLoaded: true,
@@ -55,56 +110,124 @@ function TernSecureClientProvider({
       token: null,
       email: null,
       isVerified: false,
-      isAuthenticated: false
+      isAuthenticated: false,
+      status: "unauthenticated",
+      requiresVerification
     });
-    router.push(loginPath);
-  }, [auth, router, loginPath]);
+    redirectToLogin(currentPath);
+  }, [auth, redirectToLogin, requiresVerification]);
   const setEmail = (0, import_react.useCallback)((email) => {
     setAuthState((prev) => ({
       ...prev,
       email
     }));
   }, []);
+  const getAuthError = (0, import_react.useCallback)(() => {
+    if (authState.error) {
+      const error = authState.error;
+      return {
+        success: false,
+        message: error.message,
+        error: error.code,
+        user: null
+      };
+    }
+    if (authState.requiresVerification && authState.isValid && !authState.isVerified) {
+      return {
+        success: false,
+        message: "Email verification required",
+        error: "EMAIL_NOT_VERIFIED",
+        user: null
+      };
+    }
+    if (!authState.isAuthenticated && authState.status !== "loading") {
+      return {
+        success: false,
+        message: "User is not authenticated",
+        error: "AUTHENTICATED",
+        user: null
+      };
+    }
+    return {
+      success: true,
+      user: import_client_init.ternSecureAuth.currentUser
+    };
+  }, [
+    authState.error,
+    authState.isValid,
+    authState.isVerified,
+    authState.isAuthenticated,
+    authState.status,
+    authState.requiresVerification
+  ]);
   (0, import_react.useEffect)(() => {
-    const unsubscribe = (0, import_auth.onAuthStateChanged)(auth, async (user) => {
-      if (user) {
-        const isValid = !!user.uid;
-        const isVerified = user.emailVerified;
-        setAuthState({
-          isLoaded: true,
-          userId: user.uid,
-          isValid,
-          isVerified,
-          isAuthenticated: isValid && isVerified,
-          token: user.getIdToken(),
-          error: null,
-          email: user.email
-        });
-      } else {
-        setAuthState({
-          isLoaded: true,
-          userId: null,
-          isValid: false,
-          isVerified: false,
-          isAuthenticated: false,
-          token: null,
-          error: new Error("User is not authenticated"),
-          email: null
-        });
-        if (!window.location.pathname.includes("/sign-up")) {
-          router.push(loginPath);
+    let mounted = true;
+    let initialLoad = true;
+    const unsubscribe = (0, import_auth.onAuthStateChanged)(
+      auth,
+      async (user) => {
+        if (!mounted) return;
+        try {
+          if (user) {
+            const isValid = !!user.uid;
+            const isVerified = user.emailVerified;
+            const isAuthenticated = isValid && (!requiresVerification || isVerified);
+            setAuthState({
+              isLoaded: true,
+              userId: user.uid,
+              isValid,
+              isVerified,
+              isAuthenticated: isValid && isVerified,
+              token: user.getIdToken(),
+              error: null,
+              email: user.email,
+              status: isAuthenticated ? "authenticated" : "unverified",
+              requiresVerification
+            });
+            if (requiresVerification && !isVerified && shouldRedirect(pathname || "", isVerified)) {
+              if (initialLoad || !isRedirecting) {
+                redirectToLogin(pathname);
+              }
+            }
+          } else {
+            setAuthState({
+              isLoaded: true,
+              userId: null,
+              isValid: false,
+              isVerified: false,
+              isAuthenticated: false,
+              token: null,
+              error: null,
+              email: null,
+              status: "unauthenticated",
+              requiresVerification
+            });
+            if (shouldRedirect(pathname || "", false) && initialLoad) {
+              redirectToLogin();
+            }
+          }
+        } catch (error) {
+          console.error("Auth state change error:", error);
+          if (mounted) {
+            handleSignOut(error instanceof Error ? error : new Error("Authentication error occurred"));
+          }
+        } finally {
+          initialLoad = false;
         }
       }
-    }, (error) => {
-      handleSignOut(error instanceof Error ? error : new Error("Authentication error occurred"));
-    });
-    return () => unsubscribe();
-  }, [auth, handleSignOut, router, loginPath]);
+    );
+    return () => {
+      mounted = false;
+      unsubscribe();
+    };
+  }, [auth, handleSignOut, redirectToLogin, requiresVerification, pathname, isRedirecting, shouldRedirect]);
   const contextValue = (0, import_react.useMemo)(() => ({
     ...authState,
     signOut: handleSignOut,
-    setEmail
-  }), [authState, auth, handleSignOut, setEmail]);
+    setEmail,
+    getAuthError,
+    redirectToLogin
+  }), [authState, handleSignOut, setEmail, getAuthError, redirectToLogin]);
   if (!authState.isLoaded) {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_TernSecureCtx.TernSecureCtx.Provider, { value: contextValue, children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { "aria-live": "polite", "aria-busy": "true", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { className: "sr-only", children: "Loading authentication state..." }) }) });
   }

package/dist/cjs/boundary/TernSecureClientProvider.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\n\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\nimport { ternSecureAuth } from '../utils/client-init'\nimport { onAuthStateChanged, User } from \"firebase/auth\"\nimport { TernSecureCtx, TernSecureCtxValue } from './TernSecureCtx'\nimport { type TernSecureState } from '../types'\nimport { useRouter } from 'next/navigation'\n\ninterface TernSecureClientProviderProps {\n  children: React.ReactNode;\n  onUserChanged?: (user: User | null) => Promise<void>;\n  loginPath?: string;\n  loadingComponent?: React.ReactNode;\n}\n\nexport function TernSecureClientProvider({ \n  children, \n  loginPath = '/sign-in',\n  loadingComponent\n}: TernSecureClientProviderProps) {\n  const auth = useMemo(() => ternSecureAuth, []);\n  const router = useRouter();\n  const [authState, setAuthState] = useState<TernSecureState>(() => ({\n    userId: null,\n    isLoaded: false,\n    error: null,\n    isValid: false,\n    isVerified: false,\n    isAuthenticated: false,\n    token: null,\n    email: null,\n  }));\n\n  const handleSignOut = useCallback(async (error?: Error) => {\n    await auth.signOut();\n    setAuthState({\n      isLoaded: true,\n      userId: null,\n      error: error || null,\n      isValid: false,\n      token: null,\n      email: null,\n      isVerified: false,\n      isAuthenticated: false,\n    });\n    router.push(loginPath);\n  }, [auth, router, loginPath]);\n\n  const setEmail = useCallback((email: string) => {\n    setAuthState((prev) => ({\n      ...prev,\n      email,\n    }))\n  }, [])\n\nuseEffect(() => {\n    const unsubscribe = onAuthStateChanged(auth, async (user: User | null) => {\n      if (user) {\n        const isValid = !!user.uid;\n        const isVerified = user.emailVerified;\n        setAuthState({\n          isLoaded: true,\n          userId: user.uid,\n          isValid,\n          isVerified,\n          isAuthenticated: isValid && isVerified,\n          token: user.getIdToken(),\n          error: null,\n          email: user.email,\n        })\n      } else {\n        setAuthState({\n          isLoaded: true,\n          userId: null,\n          isValid: false,\n          isVerified: false,\n          isAuthenticated: false,\n          token: null,\n          error: new Error('User is not authenticated'),\n          email: null,\n        })\n        if (!window.location.pathname.includes(\"/sign-up\")) {\n          router.push(loginPath)\n        }\n      }\n    }, (error) => {\n      handleSignOut(error instanceof Error ? error : new Error('Authentication error occurred'));\n    })\n    \n    return () => unsubscribe()\n  }, [auth, handleSignOut, router, loginPath])\n\n  const contextValue: TernSecureCtxValue = useMemo(() => ({\n    ...authState,\n    signOut: handleSignOut,\n    setEmail\n  }), [authState, auth, handleSignOut, setEmail]);\n\n  if (!authState.isLoaded) {\n    return (\n      <TernSecureCtx.Provider value={contextValue}>\n        {loadingComponent || (\n          <div aria-live=\"polite\" aria-busy=\"true\">\n            <span className=\"sr-only\">Loading authentication state...</span>\n          </div>\n        )}\n      </TernSecureCtx.Provider>\n    );\n  }\n\n  return (\n      <TernSecureCtx.Provider value={contextValue}>\n       {children}\n      </TernSecureCtx.Provider>\n  )\n}"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAwGY;AAtGZ,mBAAiE;AACjE,yBAA+B;AAC/B,kBAAyC;AACzC,2BAAkD;AAElD,wBAA0B;AASnB,SAAS,yBAAyB;AAAA,EACvC;AAAA,EACA,YAAY;AAAA,EACZ;AACF,GAAkC;AAChC,QAAM,WAAO,sBAAQ,MAAM,mCAAgB,CAAC,CAAC;AAC7C,QAAM,aAAS,6BAAU;AACzB,QAAM,CAAC,WAAW,YAAY,QAAI,uBAA0B,OAAO;AAAA,IACjE,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,iBAAiB;AAAA,IACjB,OAAO;AAAA,IACP,OAAO;AAAA,EACT,EAAE;AAEF,QAAM,oBAAgB,0BAAY,OAAO,UAAkB;AACzD,UAAM,KAAK,QAAQ;AACnB,iBAAa;AAAA,MACX,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,OAAO,SAAS;AAAA,MAChB,SAAS;AAAA,MACT,OAAO;AAAA,MACP,OAAO;AAAA,MACP,YAAY;AAAA,MACZ,iBAAiB;AAAA,IACnB,CAAC;AACD,WAAO,KAAK,SAAS;AAAA,EACvB,GAAG,CAAC,MAAM,QAAQ,SAAS,CAAC;AAE5B,QAAM,eAAW,0BAAY,CAAC,UAAkB;AAC9C,iBAAa,CAAC,UAAU;AAAA,MACtB,GAAG;AAAA,MACH;AAAA,IACF,EAAE;AAAA,EACJ,GAAG,CAAC,CAAC;AAEP,8BAAU,MAAM;AACZ,UAAM,kBAAc,gCAAmB,MAAM,OAAO,SAAsB;AACxE,UAAI,MAAM;AACR,cAAM,UAAU,CAAC,CAAC,KAAK;AACvB,cAAM,aAAa,KAAK;AACxB,qBAAa;AAAA,UACX,UAAU;AAAA,UACV,QAAQ,KAAK;AAAA,UACb;AAAA,UACA;AAAA,UACA,iBAAiB,WAAW;AAAA,UAC5B,OAAO,KAAK,WAAW;AAAA,UACvB,OAAO;AAAA,UACP,OAAO,KAAK;AAAA,QACd,CAAC;AAAA,MACH,OAAO;AACL,qBAAa;AAAA,UACX,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,YAAY;AAAA,UACZ,iBAAiB;AAAA,UACjB,OAAO;AAAA,UACP,OAAO,IAAI,MAAM,2BAA2B;AAAA,UAC5C,OAAO;AAAA,QACT,CAAC;AACD,YAAI,CAAC,OAAO,SAAS,SAAS,SAAS,UAAU,GAAG;AAClD,iBAAO,KAAK,SAAS;AAAA,QACvB;AAAA,MACF;AAAA,IACF,GAAG,CAAC,UAAU;AACZ,oBAAc,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,+BAA+B,CAAC;AAAA,IAC3F,CAAC;AAED,WAAO,MAAM,YAAY;AAAA,EAC3B,GAAG,CAAC,MAAM,eAAe,QAAQ,SAAS,CAAC;AAE3C,QAAM,mBAAmC,sBAAQ,OAAO;AAAA,IACtD,GAAG;AAAA,IACH,SAAS;AAAA,IACT;AAAA,EACF,IAAI,CAAC,WAAW,MAAM,eAAe,QAAQ,CAAC;AAE9C,MAAI,CAAC,UAAU,UAAU;AACvB,WACE,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC5B,8BACC,4CAAC,SAAI,aAAU,UAAS,aAAU,QAChC,sDAAC,UAAK,WAAU,WAAU,6CAA+B,GAC3D,GAEJ;AAAA,EAEJ;AAEA,SACI,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC7B,UACF;AAEN;","names":[]}
+{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\n\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\nimport { ternSecureAuth } from '../utils/client-init'\nimport { onAuthStateChanged, User } from \"firebase/auth\"\nimport { TernSecureCtx, TernSecureCtxValue } from './TernSecureCtx'\nimport type { TernSecureState, AuthError, SignInResponse } from \"../types\"\nimport type { ERRORS } from '../errors'\nimport { useRouter, usePathname } from 'next/navigation'\nimport { isBaseAuthRoute, isInternalRoute, isAuthRoute} from '../app-router/route-handler/internal-route'\nimport { hasRedirectLoop } from '../utils/construct'\n\n\n\n/**\n * @internal\n * Internal provider props - not meant for direct usage\n */\ninterface TernSecureClientProviderProps {\n  children: React.ReactNode\n  /** Callback when user state changes */\n  onUserChanged?: (user: User | null) => Promise<void>\n  /** Login page path */\n  loginPath?: string\n  /** Signup page path */\n  signUpPath?: string\n  /** Custom loading component */\n  loadingComponent?: React.ReactNode\n  /** Whether email verification is required */\n  requiresVerification: boolean\n}\n\n/**\n * @internal\n * Internal provider component that handles authentication state\n * This is wrapped by the public TernSecureProvider\n */\n\nexport function TernSecureClientProvider({ \n  children, \n  loginPath = process.env.NEXT_PUBLIC_SIGN_IN_PATH || '/sign-in',\n  signUpPath = process.env.NEXT_PUBLIC_SIGN_UP_PATH || '/sign-up',\n  loadingComponent,\n  requiresVerification,\n}: TernSecureClientProviderProps) {\n  const auth = useMemo(() => ternSecureAuth, []);\n  const router = useRouter();\n  const pathname = usePathname() // Get current pathname\n  const [isRedirecting, setIsRedirecting] = useState(false)\n\n  const [authState, setAuthState] = useState<TernSecureState>(() => ({\n    userId: null,\n    isLoaded: false,\n    error: null,\n    isValid: false,\n    isVerified: false,\n    isAuthenticated: false,\n    token: null,\n    email: null,\n    status: \"loading\",\n    requiresVerification,\n  }));\n\n  const constructUrlWithRedirect = useCallback(\n    (loginPath: string, currentPath: string, loginPathParam: string, signUpPathParam: string): string => {\n      const baseUrl = window.location.origin\n      const signInUrl = new URL(loginPath, baseUrl)\n\n      // Only add redirect if not already on login or signup page\n      if (!currentPath.includes(loginPathParam) && !currentPath.includes(signUpPathParam)) {\n        signInUrl.searchParams.set(\"redirect\", currentPath)\n      }\n      return signInUrl.toString()\n    },\n    [],\n  )\n\n\n  const shouldRedirect = useCallback(\n    (pathname: string, isVerified: boolean) => {\n      // Get current search params\n      const searchParams = new URLSearchParams(window.location.search)\n\n      // Don't redirect if we're on the base sign-in page with no redirect param\n      if (isBaseAuthRoute(pathname) && !searchParams.has(\"redirect\")) {\n        return false\n      }\n\n      // Don't redirect if we're on an internal route\n      if (isInternalRoute(pathname)) {\n        return false\n      }\n\n      // Don't redirect if we're in auth routes (except when handling verification)\n      if (isAuthRoute(pathname) && (!requiresVerification || isVerified)) {\n        return false\n      }\n\n      return true\n    },\n    [requiresVerification],\n  )\n\n  const redirectToLogin = useCallback(\n    (currentPath?: string) => {\n      const path = currentPath || pathname || \"/\"\n\n\n      if (isInternalRoute(path)) {  // Don't redirect if we're already on an internal route\n        return\n      }\n\n       // Check for redirect loops\n      if (hasRedirectLoop(path, loginPath)) {\n        return\n      }\n\n      setIsRedirecting(true)\n\n      const loginUrl = constructUrlWithRedirect(loginPath, path, loginPath, signUpPath)\n\n      if (process.env.NODE_ENV === \"production\") {\n        window.location.href = loginUrl\n      } else {\n        // Use router.push for development\n        router.push(loginUrl)\n      }\n  }, \n  [router, loginPath, signUpPath, pathname, constructUrlWithRedirect]\n)\n\n  const handleSignOut = useCallback(async (error?: Error) => {\n    const currentPath = window.location.pathname\n    await auth.signOut();\n    setAuthState({\n      isLoaded: true,\n      userId: null,\n      error: error || null,\n      isValid: false,\n      token: null,\n      email: null,\n      isVerified: false,\n      isAuthenticated: false,\n      status: \"unauthenticated\",\n      requiresVerification,\n    })\n    redirectToLogin(currentPath)\n  }, [auth, redirectToLogin, requiresVerification])\n\n  const setEmail = useCallback((email: string) => {\n    setAuthState((prev) => ({\n      ...prev,\n      email,\n    }))\n  }, [])\n\n  const getAuthError = useCallback((): SignInResponse => {\n    if (authState.error) {\n      const error = authState.error as AuthError;\n      return {\n        success: false,\n        message: error.message,\n        error: error.code as keyof typeof ERRORS,\n        user: null,\n      }\n    }\n\n    if (authState.requiresVerification && authState.isValid && !authState.isVerified) {\n      return {\n        success: false,\n        message: 'Email verification required',\n        error: 'EMAIL_NOT_VERIFIED',\n        user: null,\n      }\n    }\n\n    if (!authState.isAuthenticated && authState.status !== \"loading\") {\n      return {\n        success: false,\n        message: 'User is not authenticated',\n        error: 'AUTHENTICATED',\n        user: null,\n      }\n    }\n\n    return {\n      success: true,\n      user: ternSecureAuth.currentUser,\n    }\n  }, [\n    authState.error,\n    authState.isValid,\n    authState.isVerified,\n    authState.isAuthenticated,\n    authState.status,\n    authState.requiresVerification,\n  ])\n\nuseEffect(() => {\n  let mounted = true\n  let initialLoad = true\n\n  const unsubscribe = onAuthStateChanged(\n    auth,\n      async (user: User | null) => {\n       if (!mounted) return\n       try {\n        if (user) {\n        const isValid = !!user.uid;\n        const isVerified = user.emailVerified;\n        const isAuthenticated = isValid && (!requiresVerification || isVerified) // Consider user authenticated if verification is not required or if email is verified\n\n        setAuthState({\n          isLoaded: true,\n          userId: user.uid,\n          isValid,\n          isVerified,\n          isAuthenticated: isValid && isVerified,\n          token: user.getIdToken(),\n          error: null,\n          email: user.email,\n          status: isAuthenticated ? \"authenticated\" : \"unverified\",\n          requiresVerification,\n        })\n       \n        if (requiresVerification && !isVerified && shouldRedirect(pathname || \"\", isVerified)) {\n          if(initialLoad || !isRedirecting) {\n            redirectToLogin(pathname)\n        }\n      }\n      } else {\n        setAuthState({\n          isLoaded: true,\n          userId: null,\n          isValid: false,\n          isVerified: false,\n          isAuthenticated: false,\n          token: null,\n          error: null,\n          email: null,\n          status: \"unauthenticated\",\n          requiresVerification,\n        })\n        \n        if (shouldRedirect(pathname || \"\", false) && initialLoad) {\n          redirectToLogin()\n        }\n      }\n    } catch (error){\n      console.error(\"Auth state change error:\", error)\n      if (mounted) {\n        handleSignOut(error instanceof Error ? error : new Error(\"Authentication error occurred\"))\n      }\n    } finally {\n      initialLoad = false\n    }\n  })\n    \n  return () => {\n    mounted = false\n    unsubscribe()\n  }\n  }, [auth, handleSignOut, redirectToLogin, requiresVerification, pathname, isRedirecting, shouldRedirect])\n\n  const contextValue: TernSecureCtxValue = useMemo(() => ({\n    ...authState,\n    signOut: handleSignOut,\n    setEmail,\n    getAuthError,\n    redirectToLogin,\n  }), [authState, handleSignOut, setEmail, getAuthError, redirectToLogin]);\n\n  if (!authState.isLoaded) {\n    return (\n      <TernSecureCtx.Provider value={contextValue}>\n        {loadingComponent || (\n          <div aria-live=\"polite\" aria-busy=\"true\">\n            <span className=\"sr-only\">Loading authentication state...</span>\n          </div>\n        )}\n      </TernSecureCtx.Provider>\n    );\n  }\n\n  return (\n      <TernSecureCtx.Provider value={contextValue}>\n       {children}\n      </TernSecureCtx.Provider>\n  )\n}"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAqRY;AAnRZ,mBAAiE;AACjE,yBAA+B;AAC/B,kBAAyC;AACzC,2BAAkD;AAGlD,wBAAuC;AACvC,4BAA6D;AAC7D,uBAAgC;AA4BzB,SAAS,yBAAyB;AAAA,EACvC;AAAA,EACA,YAAY,QAAQ,IAAI,4BAA4B;AAAA,EACpD,aAAa,QAAQ,IAAI,4BAA4B;AAAA,EACrD;AAAA,EACA;AACF,GAAkC;AAChC,QAAM,WAAO,sBAAQ,MAAM,mCAAgB,CAAC,CAAC;AAC7C,QAAM,aAAS,6BAAU;AACzB,QAAM,eAAW,+BAAY;AAC7B,QAAM,CAAC,eAAe,gBAAgB,QAAI,uBAAS,KAAK;AAExD,QAAM,CAAC,WAAW,YAAY,QAAI,uBAA0B,OAAO;AAAA,IACjE,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,iBAAiB;AAAA,IACjB,OAAO;AAAA,IACP,OAAO;AAAA,IACP,QAAQ;AAAA,IACR;AAAA,EACF,EAAE;AAEF,QAAM,+BAA2B;AAAA,IAC/B,CAACA,YAAmB,aAAqB,gBAAwB,oBAAoC;AACnG,YAAM,UAAU,OAAO,SAAS;AAChC,YAAM,YAAY,IAAI,IAAIA,YAAW,OAAO;AAG5C,UAAI,CAAC,YAAY,SAAS,cAAc,KAAK,CAAC,YAAY,SAAS,eAAe,GAAG;AACnF,kBAAU,aAAa,IAAI,YAAY,WAAW;AAAA,MACpD;AACA,aAAO,UAAU,SAAS;AAAA,IAC5B;AAAA,IACA,CAAC;AAAA,EACH;AAGA,QAAM,qBAAiB;AAAA,IACrB,CAACC,WAAkB,eAAwB;AAEzC,YAAM,eAAe,IAAI,gBAAgB,OAAO,SAAS,MAAM;AAG/D,cAAI,uCAAgBA,SAAQ,KAAK,CAAC,aAAa,IAAI,UAAU,GAAG;AAC9D,eAAO;AAAA,MACT;AAGA,cAAI,uCAAgBA,SAAQ,GAAG;AAC7B,eAAO;AAAA,MACT;AAGA,cAAI,mCAAYA,SAAQ,MAAM,CAAC,wBAAwB,aAAa;AAClE,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT;AAAA,IACA,CAAC,oBAAoB;AAAA,EACvB;AAEA,QAAM,sBAAkB;AAAA,IACtB,CAAC,gBAAyB;AACxB,YAAM,OAAO,eAAe,YAAY;AAGxC,cAAI,uCAAgB,IAAI,GAAG;AACzB;AAAA,MACF;AAGA,cAAI,kCAAgB,MAAM,SAAS,GAAG;AACpC;AAAA,MACF;AAEA,uBAAiB,IAAI;AAErB,YAAM,WAAW,yBAAyB,WAAW,MAAM,WAAW,UAAU;AAEhF,UAAI,QAAQ,IAAI,aAAa,cAAc;AACzC,eAAO,SAAS,OAAO;AAAA,MACzB,OAAO;AAEL,eAAO,KAAK,QAAQ;AAAA,MACtB;AAAA,IACJ;AAAA,IACA,CAAC,QAAQ,WAAW,YAAY,UAAU,wBAAwB;AAAA,EACpE;AAEE,QAAM,oBAAgB,0BAAY,OAAO,UAAkB;AACzD,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,KAAK,QAAQ;AACnB,iBAAa;AAAA,MACX,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,OAAO,SAAS;AAAA,MAChB,SAAS;AAAA,MACT,OAAO;AAAA,MACP,OAAO;AAAA,MACP,YAAY;AAAA,MACZ,iBAAiB;AAAA,MACjB,QAAQ;AAAA,MACR;AAAA,IACF,CAAC;AACD,oBAAgB,WAAW;AAAA,EAC7B,GAAG,CAAC,MAAM,iBAAiB,oBAAoB,CAAC;AAEhD,QAAM,eAAW,0BAAY,CAAC,UAAkB;AAC9C,iBAAa,CAAC,UAAU;AAAA,MACtB,GAAG;AAAA,MACH;AAAA,IACF,EAAE;AAAA,EACJ,GAAG,CAAC,CAAC;AAEL,QAAM,mBAAe,0BAAY,MAAsB;AACrD,QAAI,UAAU,OAAO;AACnB,YAAM,QAAQ,UAAU;AACxB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,QACb,MAAM;AAAA,MACR;AAAA,IACF;AAEA,QAAI,UAAU,wBAAwB,UAAU,WAAW,CAAC,UAAU,YAAY;AAChF,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,UAAU,mBAAmB,UAAU,WAAW,WAAW;AAChE,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,MAAM,kCAAe;AAAA,IACvB;AAAA,EACF,GAAG;AAAA,IACD,UAAU;AAAA,IACV,UAAU;AAAA,IACV,UAAU;AAAA,IACV,UAAU;AAAA,IACV,UAAU;AAAA,IACV,UAAU;AAAA,EACZ,CAAC;AAEH,8BAAU,MAAM;AACd,QAAI,UAAU;AACd,QAAI,cAAc;AAElB,UAAM,kBAAc;AAAA,MAClB;AAAA,MACE,OAAO,SAAsB;AAC5B,YAAI,CAAC,QAAS;AACd,YAAI;AACH,cAAI,MAAM;AACV,kBAAM,UAAU,CAAC,CAAC,KAAK;AACvB,kBAAM,aAAa,KAAK;AACxB,kBAAM,kBAAkB,YAAY,CAAC,wBAAwB;AAE7D,yBAAa;AAAA,cACX,UAAU;AAAA,cACV,QAAQ,KAAK;AAAA,cACb;AAAA,cACA;AAAA,cACA,iBAAiB,WAAW;AAAA,cAC5B,OAAO,KAAK,WAAW;AAAA,cACvB,OAAO;AAAA,cACP,OAAO,KAAK;AAAA,cACZ,QAAQ,kBAAkB,kBAAkB;AAAA,cAC5C;AAAA,YACF,CAAC;AAED,gBAAI,wBAAwB,CAAC,cAAc,eAAe,YAAY,IAAI,UAAU,GAAG;AACrF,kBAAG,eAAe,CAAC,eAAe;AAChC,gCAAgB,QAAQ;AAAA,cAC5B;AAAA,YACF;AAAA,UACA,OAAO;AACL,yBAAa;AAAA,cACX,UAAU;AAAA,cACV,QAAQ;AAAA,cACR,SAAS;AAAA,cACT,YAAY;AAAA,cACZ,iBAAiB;AAAA,cACjB,OAAO;AAAA,cACP,OAAO;AAAA,cACP,OAAO;AAAA,cACP,QAAQ;AAAA,cACR;AAAA,YACF,CAAC;AAED,gBAAI,eAAe,YAAY,IAAI,KAAK,KAAK,aAAa;AACxD,8BAAgB;AAAA,YAClB;AAAA,UACF;AAAA,QACF,SAAS,OAAM;AACb,kBAAQ,MAAM,4BAA4B,KAAK;AAC/C,cAAI,SAAS;AACX,0BAAc,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,+BAA+B,CAAC;AAAA,UAC3F;AAAA,QACF,UAAE;AACA,wBAAc;AAAA,QAChB;AAAA,MACF;AAAA,IAAC;AAED,WAAO,MAAM;AACX,gBAAU;AACV,kBAAY;AAAA,IACd;AAAA,EACA,GAAG,CAAC,MAAM,eAAe,iBAAiB,sBAAsB,UAAU,eAAe,cAAc,CAAC;AAExG,QAAM,mBAAmC,sBAAQ,OAAO;AAAA,IACtD,GAAG;AAAA,IACH,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,CAAC,WAAW,eAAe,UAAU,cAAc,eAAe,CAAC;AAEvE,MAAI,CAAC,UAAU,UAAU;AACvB,WACE,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC5B,8BACC,4CAAC,SAAI,aAAU,UAAS,aAAU,QAChC,sDAAC,UAAK,WAAU,WAAU,6CAA+B,GAC3D,GAEJ;AAAA,EAEJ;AAEA,SACI,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC7B,UACF;AAEN;","names":["loginPath","pathname"]}

package/dist/cjs/boundary/TernSecureCtx.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/boundary/TernSecureCtx.tsx"],"sourcesContent":["\"use client\"\n\nimport { createContext, useContext } from 'react'\nimport { ternSecureAuth } from '../utils/client-init';\nimport { User } from 'firebase/auth';\nimport { type TernSecureState } from '../types';\n\nexport const TernSecureUser = (): User | null => {\n  return ternSecureAuth.currentUser;\n}\n\nexport interface TernSecureCtxValue extends TernSecureState {\n signOut: () => Promise<void>\n setEmail: (email: string) => void\n}\n\nexport const TernSecureCtx = createContext<TernSecureCtxValue | null>(null)\n\nTernSecureCtx.displayName = 'TernSecureCtx'\n\nexport const useTernSecure = (hookName: string) => {\n  const context = useContext(TernSecureCtx)\n  \n  if (!context) {\n    throw new Error(\n      `${hookName} must be used within TernSecureProvider`\n    )\n  }\n\n  return context\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAA0C;AAC1C,yBAA+B;AAIxB,MAAM,iBAAiB,MAAmB;AAC/C,SAAO,kCAAe;AACxB;AAOO,MAAM,oBAAgB,4BAAyC,IAAI;AAE1E,cAAc,cAAc;AAErB,MAAM,gBAAgB,CAAC,aAAqB;AACjD,QAAM,cAAU,yBAAW,aAAa;AAExC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI;AAAA,MACR,GAAG,QAAQ;AAAA,IACb;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../../src/boundary/TernSecureCtx.tsx"],"sourcesContent":["\"use client\"\n\nimport { createContext, useContext } from 'react'\nimport { ternSecureAuth } from '../utils/client-init';\nimport { User } from 'firebase/auth';\nimport type { TernSecureState, SignInResponse } from '../types';\n\nexport const TernSecureUser = (): User | null => {\n  return ternSecureAuth.currentUser;\n}\n\nexport interface TernSecureCtxValue extends TernSecureState {\n signOut: () => Promise<void>\n setEmail: (email: string) => void\n getAuthError: () => SignInResponse\n redirectToLogin: () => void\n}\n\nexport const TernSecureCtx = createContext<TernSecureCtxValue | null>(null)\n\nTernSecureCtx.displayName = 'TernSecureCtx'\n\nexport const useTernSecure = (hookName: string) => {\n  const context = useContext(TernSecureCtx)\n  \n  if (!context) {\n    throw new Error(\n      `${hookName} must be used within TernSecureProvider`\n    )\n  }\n\n  return context\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAA0C;AAC1C,yBAA+B;AAIxB,MAAM,iBAAiB,MAAmB;AAC/C,SAAO,kCAAe;AACxB;AASO,MAAM,oBAAgB,4BAAyC,IAAI;AAE1E,cAAc,cAAc;AAErB,MAAM,gBAAgB,CAAC,aAAqB;AACjD,QAAM,cAAU,yBAAW,aAAa;AAExC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI;AAAA,MACR,GAAG,QAAQ;AAAA,IACb;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}

package/dist/cjs/boundary/hooks/useAuth.js

@@ -33,21 +33,18 @@ function useAuth() {
     isVerified,
     isAuthenticated,
     token,
+    getAuthError,
+    status,
+    requiresVerification,
     signOut
   } = (0, import_TernSecureCtx.useTernSecure)("useAuth");
   const user = (0, import_TernSecureCtx2.TernSecureUser)();
-  const getAuthError = () => {
-    if (error) return error;
-    if (isValid && !isVerified) {
-      return new Error("Email verification required");
-    }
-    return null;
-  };
+  const authResponse = getAuthError();
   return {
     user,
     userId,
     isLoaded,
-    error: getAuthError(),
+    error: authResponse.success ? null : authResponse,
     isValid,
     // User is signed in
     isVerified,
@@ -55,6 +52,8 @@ function useAuth() {
     isAuthenticated,
     // User is both signed in and verified
     token,
+    status,
+    requiresVerification,
     signOut
   };
 }

package/dist/cjs/boundary/hooks/useAuth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/boundary/hooks/useAuth.ts"],"sourcesContent":["\"use client\"\n\nimport { useTernSecure } from '../TernSecureCtx'\nimport {  User } from 'firebase/auth'\nimport { TernSecureUser } from '../TernSecureCtx'\n\nexport function useAuth() {\n  const {\n    userId,\n    isLoaded,\n    error,\n    isValid,\n    isVerified,\n    isAuthenticated,\n    token,\n    signOut\n  } = useTernSecure('useAuth')\n\n  const user: User | null = TernSecureUser()\n\n  const getAuthError = () => {\n    if (error) return error\n    if (isValid && !isVerified) {\n      return new Error('Email verification required')\n    }\n    return null\n  }\n\n  return {\n    user,\n    userId,\n    isLoaded,\n    error: getAuthError(),\n    isValid,         // User is signed in\n    isVerified,      // Email is verified\n    isAuthenticated, // User is both signed in and verified\n    token,\n    signOut\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,2BAA8B;AAE9B,IAAAA,wBAA+B;AAExB,SAAS,UAAU;AACxB,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,QAAI,oCAAc,SAAS;AAE3B,QAAM,WAAoB,sCAAe;AAEzC,QAAM,eAAe,MAAM;AACzB,QAAI,MAAO,QAAO;AAClB,QAAI,WAAW,CAAC,YAAY;AAC1B,aAAO,IAAI,MAAM,6BAA6B;AAAA,IAChD;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO,aAAa;AAAA,IACpB;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["import_TernSecureCtx"]}
+{"version":3,"sources":["../../../../src/boundary/hooks/useAuth.ts"],"sourcesContent":["\"use client\"\n\nimport { useTernSecure } from '../TernSecureCtx'\nimport {  User } from 'firebase/auth'\nimport { TernSecureUser } from '../TernSecureCtx'\nimport type { SignInResponse } from '../../types'\n\n\nexport function useAuth() {\n  const {\n    userId,\n    isLoaded,\n    error,\n    isValid,\n    isVerified,\n    isAuthenticated,\n    token,\n    getAuthError,\n    status,\n    requiresVerification,\n    signOut\n  } = useTernSecure('useAuth')\n\n  const user: User | null = TernSecureUser()\n  const authResponse: SignInResponse = getAuthError()\n\n\n  return {\n    user,\n    userId,\n    isLoaded,\n    error: authResponse.success ? null : authResponse,\n    isValid,         // User is signed in\n    isVerified,      // Email is verified\n    isAuthenticated, // User is both signed in and verified\n    token,\n    status,\n    requiresVerification,\n    signOut\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,2BAA8B;AAE9B,IAAAA,wBAA+B;AAIxB,SAAS,UAAU;AACxB,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,QAAI,oCAAc,SAAS;AAE3B,QAAM,WAAoB,sCAAe;AACzC,QAAM,eAA+B,aAAa;AAGlD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO,aAAa,UAAU,OAAO;AAAA,IACrC;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["import_TernSecureCtx"]}

package/dist/cjs/components/sign-in.js

@@ -39,32 +39,79 @@ var import_client_init = require("../utils/client-init");
 var import_sessionTernSecure = require("../app-router/server/sessionTernSecure");
 var import_background = require("./background");
 var import_construct = require("../utils/construct");
-var import_errors = require("../errors");
 var import_internal_route = require("../app-router/route-handler/internal-route");
+var import_useAuth = require("../boundary/hooks/useAuth");
+var import_errors = require("../errors");
 const authDomain = process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN;
 const appName = process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || "TernSecure";
 function SignIn({
   redirectUrl,
   onError,
   onSuccess,
-  requiresVerification = true,
   className,
   customStyles = {}
 }) {
   const [loading, setLoading] = (0, import_react.useState)(false);
   const [checkingRedirect, setCheckingRedirect] = (0, import_react.useState)(true);
+  const [formError, setFormError] = (0, import_react.useState)(null);
   const [error, setError] = (0, import_react.useState)("");
   const [email, setEmail] = (0, import_react.useState)("");
   const [password, setPassword] = (0, import_react.useState)("");
+  const [showPassword, setShowPassword] = (0, import_react.useState)(false);
+  const [passwordFocused, setPasswordFocused] = (0, import_react.useState)(false);
   const [authResponse, setAuthResponse] = (0, import_react.useState)(null);
+  const [authErrorMessage, setAuthErrorMessage] = (0, import_react.useState)(null);
   const searchParams = (0, import_navigation.useSearchParams)();
   const isRedirectSignIn = searchParams.get("signInRedirect") === "true";
   const router = (0, import_navigation.useRouter)();
   const pathname = (0, import_navigation.usePathname)();
-  const InternalComponent = (0, import_internal_route.handleInternalRoute)(pathname);
+  const InternalComponent = (0, import_internal_route.handleInternalRoute)(pathname || "");
+  const { requiresVerification, error: authError, status } = (0, import_useAuth.useAuth)();
+  const validRedirectUrl = (0, import_construct.getValidRedirectUrl)(searchParams, redirectUrl);
   if (InternalComponent) {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(InternalComponent, {});
   }
+  (0, import_react.useEffect)(() => {
+    if (authError && status !== "loading" && status !== "unauthenticated") {
+      const message = authError.message || "Authentication failed";
+      setAuthErrorMessage(message);
+      if (!authResponse || authResponse.message !== message) {
+        setAuthResponse(authError);
+      }
+    } else {
+      setAuthErrorMessage(null);
+    }
+  }, [authError, status, authResponse]);
+  const handleSuccessfulAuth = (0, import_react.useCallback)(
+    async (user) => {
+      try {
+        const idToken = await user.getIdToken();
+        const sessionResult = await (0, import_sessionTernSecure.createSessionCookie)(idToken);
+        if (!sessionResult.success) {
+          setFormError({
+            success: false,
+            message: sessionResult.message || "Failed to create session",
+            error: "INTERNAL_ERROR",
+            user: null
+          });
+        }
+        onSuccess == null ? void 0 : onSuccess();
+        if (process.env.NODE_ENV === "production") {
+          window.location.href = validRedirectUrl;
+        } else {
+          router.push(validRedirectUrl);
+        }
+      } catch (err) {
+        setFormError({
+          success: false,
+          message: "Failed to complete authentication",
+          error: "INTERNAL_ERROR",
+          user: null
+        });
+      }
+    },
+    [validRedirectUrl, router, onSuccess]
+  );
   const handleRedirectResult = (0, import_react.useCallback)(async () => {
     if (!isRedirectSignIn) return false;
     setCheckingRedirect(true);
@@ -85,15 +132,16 @@ function SignIn({
         const storedRedirectUrl = sessionStorage.getItem("auth_return_url");
         sessionStorage.removeItem("auth_redirect_url");
         onSuccess == null ? void 0 : onSuccess();
-        window.location.href = storedRedirectUrl || (0, import_construct.getValidRedirectUrl)(redirectUrl, searchParams);
+        window.location.href = storedRedirectUrl || (0, import_construct.getValidRedirectUrl)(searchParams, redirectUrl);
         return true;
       }
       setCheckingRedirect(false);
     } catch (err) {
-      console.error("Redirect result error:", err);
-      const errorMessage = err instanceof Error ? err.message : "Authentication failed";
-      setError(errorMessage);
-      onError == null ? void 0 : onError(err instanceof Error ? err : new Error(errorMessage));
+      const errorMessage = err;
+      setFormError(errorMessage);
+      if (onError && err instanceof Error) {
+        onError(err);
+      }
       sessionStorage.removeItem("auth_redirect_url");
       return false;
     }
@@ -102,32 +150,42 @@ function SignIn({
     if (isRedirectSignIn) {
       handleRedirectResult();
     }
-    ;
   }, [handleRedirectResult, isRedirectSignIn]);
   const handleSubmit = async (e) => {
     e.preventDefault();
     setLoading(true);
+    setFormError(null);
     setAuthResponse(null);
     try {
       const response = await (0, import_actions.signInWithEmail)(email, password);
       setAuthResponse(response);
+      if (!response.success) {
+        setFormError({
+          success: false,
+          message: response.message,
+          error: response.error,
+          user: null
+        });
+        return;
+      }
       if (response.user) {
         if (requiresVerification && !response.user.emailVerified) {
-          setError("Email verification required");
+          setFormError({
+            success: false,
+            message: "Email verification required",
+            error: "REQUIRES_VERIFICATION",
+            user: response.user
+          });
           return;
         }
-        const idToken = await response.user.getIdToken();
-        const sessionResult = await (0, import_sessionTernSecure.createSessionCookie)(idToken);
-        if (!sessionResult.success) {
-          throw new Error(sessionResult.message || "Failed to create session");
-        }
-        onSuccess == null ? void 0 : onSuccess();
-        window.location.href = (0, import_construct.getValidRedirectUrl)(redirectUrl, searchParams);
+        await handleSuccessfulAuth(response.user);
       }
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : "Failed to sign in";
-      setError(errorMessage);
-      onError == null ? void 0 : onError(err instanceof Error ? err : new Error("Failed to sign in"));
+      const errorMessage = err;
+      setFormError(errorMessage);
+      if (onError && err instanceof Error) {
+        onError(err);
+      }
     } finally {
       setLoading(false);
     }
@@ -135,8 +193,8 @@ function SignIn({
   const handleSocialSignIn = async (provider) => {
     setLoading(true);
     try {
-      const validRedirectUrl = (0, import_construct.getValidRedirectUrl)(redirectUrl, searchParams);
-      sessionStorage.setItem("auth_redirect_url", validRedirectUrl);
+      const validRedirectUrl2 = (0, import_construct.getValidRedirectUrl)(searchParams, redirectUrl);
+      sessionStorage.setItem("auth_redirect_url", validRedirectUrl2);
       const currentUrl = new URL(window.location.href);
       currentUrl.searchParams.set("signInRedirect", "true");
       window.history.replaceState({}, "", currentUrl.toString());
@@ -145,36 +203,46 @@ function SignIn({
         throw new Error(result.error);
       }
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : `Failed to sign in with ${provider}`;
-      setError(errorMessage);
-      onError == null ? void 0 : onError(err instanceof Error ? err : new Error(`Failed to sign in with ${provider}`));
+      const errorMessage = err;
+      setFormError(errorMessage);
+      if (onError && err instanceof Error) {
+        onError(err);
+      }
       setLoading(false);
       sessionStorage.removeItem("auth_redirect_url");
     }
   };
+  const handleVerificationRedirect = (e) => {
+    e.preventDefault();
+    router.push("/sign-in/verify");
+  };
   if (checkingRedirect && isRedirectSignIn) {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "flex min-h-screen items-center justify-center", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "text-center space-y-4", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto" }) }) });
   }
+  const activeError = formError || authResponse;
+  const showEmailVerificationButton = (activeError == null ? void 0 : activeError.error) === "EMAIL_NOT_VERIFIED" || (activeError == null ? void 0 : activeError.error) === "REQUIRES_VERIFICATION";
   return /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "relative flex items-center justify-center", children: [
     /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_background.AuthBackground, {}),
     /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.Card, { className: (0, import_utils.cn)("w-full max-w-md mx-auto mt-8", className, customStyles.card), children: [
       /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.CardHeader, { className: "space-y-1 text-center", children: [
         /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.CardTitle, { className: (0, import_utils.cn)("font-bold", customStyles.title), children: [
           "Sign in to ",
-          `${appName}`
+          `${appName}`,
+          " "
         ] }),
         /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_card.CardDescription, { className: (0, import_utils.cn)("text-muted-foreground", customStyles.description), children: "Please sign in to continue" })
       ] }),
       /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.CardContent, { className: "space-y-4", children: [
         /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("form", { onSubmit: handleSubmit, className: "space-y-4", children: [
-          error && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_alert.Alert, { variant: (authResponse == null ? void 0 : authResponse.error) === import_errors.ERRORS.REQUIRES_VERIFICATION ? "destructive" : "destructive", children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_alert.AlertDescription, { children: [
-            /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { children: error }),
-            (authResponse == null ? void 0 : authResponse.error) === import_errors.ERRORS.REQUIRES_VERIFICATION && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+          activeError && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_alert.Alert, { variant: (0, import_errors.getErrorAlertVariant)(activeError), className: "animate-in fade-in-50", children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_alert.AlertDescription, { children: [
+            /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { children: activeError.message }),
+            showEmailVerificationButton && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
               import_button.Button,
               {
+                type: "button",
                 variant: "link",
                 className: "p-0 h-auto font-normal text-sm hover:underline",
-                onClick: () => router.push(`/sign-in/verify`),
+                onClick: handleVerificationRedirect,
                 children: "Request new verification email \u2192"
               }
             )
@@ -191,24 +259,47 @@ function SignIn({
                 onChange: (e) => setEmail(e.target.value),
                 disabled: loading,
                 className: (0, import_utils.cn)(customStyles.input),
-                required: true
+                required: true,
+                "aria-invalid": (activeError == null ? void 0 : activeError.error) === "INVALID_EMAIL",
+                "aria-describedby": activeError ? "error-message" : void 0
               }
             )
           ] }),
           /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "space-y-2", children: [
             /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_label.Label, { htmlFor: "password", className: (0, import_utils.cn)(customStyles.label), children: "Password" }),
-            /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
-              import_input.Input,
-              {
-                id: "password",
-                type: "password",
-                value: password,
-                onChange: (e) => setPassword(e.target.value),
-                disabled: loading,
-                className: (0, import_utils.cn)(customStyles.input),
-                required: true
-              }
-            )
+            /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "relative", children: [
+              /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+                import_input.Input,
+                {
+                  id: "password",
+                  name: "password",
+                  type: showPassword ? "text" : "password",
+                  value: password,
+                  onChange: (e) => setPassword(e.target.value),
+                  onFocus: () => setPasswordFocused(true),
+                  onBlur: () => setPasswordFocused(false),
+                  disabled: loading,
+                  className: (0, import_utils.cn)(customStyles.input),
+                  required: true,
+                  "aria-invalid": (activeError == null ? void 0 : activeError.error) === "INVALID_CREDENTIALS",
+                  "aria-describedby": activeError ? "error-message" : void 0
+                }
+              ),
+              /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(
+                import_button.Button,
+                {
+                  type: "button",
+                  variant: "ghost",
+                  size: "icon",
+                  className: "absolute right-2 top-1/2 -translate-y-1/2 h-8 w-8 hover:bg-transparent",
+                  onClick: () => setShowPassword(!showPassword),
+                  children: [
+                    showPassword ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_lucide_react.EyeOff, { className: "h-4 w-4 text-muted-foreground hover:text-foreground" }) : /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_lucide_react.Eye, { className: "h-4 w-4 text-muted-foreground hover:text-foreground" }),
+                    /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { className: "sr-only", children: showPassword ? "Hide password" : "Show password" })
+                  ]
+                }
+              )
+            ] })
           ] }),
           /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_button.Button, { type: "submit", disabled: loading, className: (0, import_utils.cn)("w-full", customStyles.button), children: loading ? /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_jsx_runtime.Fragment, { children: [
             /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_lucide_react.Loader2, { className: "mr-2 h-4 w-4 animate-spin" }),
@@ -216,8 +307,8 @@ function SignIn({
           ] }) : "Sign in" })
         ] }),
         /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "relative", children: [
-          /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "absolute inset-0 flex items-center", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_separator.Separator, { className: (0, import_utils.cn)(customStyles.separator) }) }),
-          /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "relative flex justify-center text-xs uppercase", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { className: "bg-background px-2 text-muted-foreground", children: "Or continue with" }) })
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_separator.Separator, { className: (0, import_utils.cn)(customStyles.separator) }),
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "absolute inset-0 flex items-center justify-center", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { className: "bg-background px-2 text-muted-foreground text-sm", children: "Or continue with" }) })
         ] }),
         /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "grid grid-cols-2 gap-4", children: [
           /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(