Mk
/
supersam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: prevent session restore after signOut with signedOutRef flag

This commit is contained in:
root 2026-05-26 14:43:43 +00:00
parent 844f052462
commit 8a8446bfec
1 changed files with 37 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/context/AuthContext.jsx
View File

@ -1,4 +1,4 @@
import React, { createContext, useContext, useEffect, useState } from "react"; import React, { createContext, useContext, useEffect, useRef, useState } from "react";
import { demoUsers } from "../data/mockAppData"; import { demoUsers } from "../data/mockAppData";
import { supabase, hasSupabaseConfig } from "../supabaseClient"; import { supabase, hasSupabaseConfig } from "../supabaseClient";
@ -130,9 +130,9 @@ const clearAllAuthStorage = () => {
}; };
export const AuthProvider = ({ children }) => { export const AuthProvider = ({ children }) => {
// Supabase mode: always start null, session restore via onAuthStateChange
// Demo mode: restore from localStorage
const [user, setUser] = useState(() => { const [user, setUser] = useState(() => {
// Demo mode reads from localStorage; Supabase mode always starts null
// (session restore happens via onAuthStateChange/getSession)
if (hasSupabaseConfig) return null; if (hasSupabaseConfig) return null;
const stored = localStorage.getItem(STORAGE_KEY); const stored = localStorage.getItem(STORAGE_KEY);
return stored ? decodeLocalAuth(stored) : null; return stored ? decodeLocalAuth(stored) : null;
@ -142,6 +142,9 @@ export const AuthProvider = ({ children }) => {
const [isLoading, setIsLoading] = useState(false); const [isLoading, setIsLoading] = useState(false);
const [authError, setAuthError] = useState(""); const [authError, setAuthError] = useState("");
// Ref to prevent getSession from restoring session after explicit signOut
const signedOutRef = useRef(false);
useEffect(() => { useEffect(() => {
if (!hasSupabaseConfig || !supabase) { if (!hasSupabaseConfig || !supabase) {
return undefined; return undefined;
@ -156,6 +159,11 @@ export const AuthProvider = ({ children }) => {
return; return;
} }
// If user explicitly signed out, don't auto-restore session
if (signedOutRef.current) {
return;
}
const baseUser = mapSessionUserToAuthUser(session.user); const baseUser = mapSessionUserToAuthUser(session.user);
if (baseUser) { if (baseUser) {
fetchUserProfile(session.user.id).then((profile) => { fetchUserProfile(session.user.id).then((profile) => {
@ -180,6 +188,11 @@ export const AuthProvider = ({ children }) => {
return; return;
} }
// Don't restore session if user explicitly signed out
if (signedOutRef.current) {
return;
}
if (data.session?.user) { if (data.session?.user) {
const baseUser = mapSessionUserToAuthUser(data.session.user); const baseUser = mapSessionUserToAuthUser(data.session.user);
if (baseUser) { if (baseUser) {
@ -266,6 +279,9 @@ export const AuthProvider = ({ children }) => {
throw normalizeOtpError(new Error(edgeErrorMessage || (error instanceof Error ? error.message : String(error)) || PROFILE_LOAD_ERROR)); throw normalizeOtpError(new Error(edgeErrorMessage || (error instanceof Error ? error.message : String(error)) || PROFILE_LOAD_ERROR));
} }
// Clear signedOut flag user is logging in
signedOutRef.current = false;
if (data?.session?.access_token && data?.session?.refresh_token) { if (data?.session?.access_token && data?.session?.refresh_token) {
const { data: sessionData, error: sessionError } = await supabase.auth.setSession({ const { data: sessionData, error: sessionError } = await supabase.auth.setSession({
access_token: data.session.access_token, access_token: data.session.access_token,
@ -277,14 +293,14 @@ export const AuthProvider = ({ children }) => {
} }
const baseUser = mapSessionUserToAuthUser(sessionData.session?.user || data.session.user); const baseUser = mapSessionUserToAuthUser(sessionData.session?.user || data.session.user);
if (baseUser) { if (baseUser) {
const profile = await fetchUserProfile(baseUser.id); const profile = await fetchUserProfile(baseUser.id);
if (profile) { if (profile) {
setUser(mapProfileToAuthUser(profile)); setUser(mapProfileToAuthUser(profile));
} else { } else {
setUser({ ...baseUser, role: baseUser.role || "manager" }); setUser({ ...baseUser, role: baseUser.role || "manager" });
}
} }
}
} else { } else {
setUser(mapSessionUserToAuthUser(data?.user || null)); setUser(mapSessionUserToAuthUser(data?.user || null));
} }
@ -310,11 +326,20 @@ export const AuthProvider = ({ children }) => {
}; };
const signOut = async () => { const signOut = async () => {
// Set flag BEFORE signOut to prevent onAuthStateChange/getSession from restoring session
signedOutRef.current = true;
if (hasSupabaseConfig && supabase) { if (hasSupabaseConfig && supabase) {
await supabase.auth.signOut({ scope: "local" }); try {
await supabase.auth.signOut({ scope: "local" });
} catch (e) {
// Ignore session may already be invalid
}
} }
// Hard clear all auth storage so auto-login is impossible after logout
// Hard clear all auth storage so auto-login is impossible
clearAllAuthStorage(); clearAllAuthStorage();
setUser(null); setUser(null);
setPendingEmail(""); setPendingEmail("");
setIsOtpSent(false); setIsOtpSent(false);