Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 elpatron
|
51f6a1b291 | ||
|
elpatron
|
0b07d8b3d3 | ||
|
elpatron
|
a07e033e62 | ||
|
elpatron
|
bbe63dfb47 | ||
|
elpatron
|
57f63ad486 | ||
|
elpatron
|
728c40f936 | ||
|
elpatron
|
72cbad8d5e | ||
|
elpatron
|
15f2172a38 |
+7
-6
@@ -16,10 +16,10 @@ import AppTourOverlay from './components/AppTourOverlay.tsx'
|
||||
import { AppTourProvider, useAppTour, type AppTab } from './context/AppTourContext.tsx'
|
||||
import { UnsavedChangesProvider, useUnsavedChangesContext } from './context/UnsavedChangesContext.tsx'
|
||||
import {
|
||||
getActiveMasterKey,
|
||||
logoutUser,
|
||||
checkServerSession,
|
||||
hasUnlockedLocalSession
|
||||
hasUnlockedLocalSession,
|
||||
persistSessionUserId
|
||||
} from './services/auth.js'
|
||||
import AppErrorBoundary from './components/AppErrorBoundary.tsx'
|
||||
import { PlausibleEvents, trackPlausibleEvent } from './services/analytics.js'
|
||||
@@ -226,6 +226,7 @@ function App() {
|
||||
/** After PWA/bfcache resume, React state may still say "logged in" while the master key is gone. */
|
||||
const enforceUnlockedSession = useCallback(() => {
|
||||
if (isViewerMode || isDemoMode || isAcceptingInvite) return
|
||||
// Require full local session (incl. userId) so API calls are not left headless.
|
||||
if (isAuthenticated && !hasUnlockedLocalSession()) {
|
||||
clearAuthenticatedAppState()
|
||||
}
|
||||
@@ -268,10 +269,11 @@ function App() {
|
||||
const session = await checkServerSession()
|
||||
if (cancelled) return
|
||||
|
||||
if (session.authenticated && session.userId) {
|
||||
localStorage.setItem('active_userid', session.userId)
|
||||
if (session.authenticated) {
|
||||
persistSessionUserId(session.userId)
|
||||
}
|
||||
|
||||
// Cookie alone is insufficient — need in-memory master key, username, and userId for API.
|
||||
if (session.authenticated && hasUnlockedLocalSession()) {
|
||||
setIsAuthenticated(true)
|
||||
const savedLogbookId = localStorage.getItem('active_logbook_id')
|
||||
@@ -280,9 +282,8 @@ function App() {
|
||||
setActiveLogbookId(savedLogbookId)
|
||||
setActiveLogbookTitle(savedLogbookTitle)
|
||||
}
|
||||
} else if (session.authenticated) {
|
||||
clearAuthenticatedAppState()
|
||||
}
|
||||
// authenticated + crypto but no userId: stay on login (enforceUnlockedSession guards active UI)
|
||||
} catch (err) {
|
||||
if (!cancelled) {
|
||||
console.warn('Session restore failed:', err)
|
||||
|
||||
@@ -13,6 +13,7 @@ import {
|
||||
} from '../services/auth.js'
|
||||
import { KeyRound, ShieldAlert, Languages, HelpCircle, UserRound, X } from 'lucide-react'
|
||||
import RegistrationDisclaimer from './RegistrationDisclaimer.tsx'
|
||||
import DisclaimerModal from './DisclaimerModal.tsx'
|
||||
import BetaBadge from './BetaBadge.tsx'
|
||||
|
||||
interface AuthOnboardingProps {
|
||||
@@ -50,6 +51,7 @@ export default function AuthOnboarding({ onAuthenticated, onOpenDemo }: AuthOnbo
|
||||
|
||||
const [isNewRegistration, setIsNewRegistration] = useState(false)
|
||||
const [showDisclaimer, setShowDisclaimer] = useState(false)
|
||||
const [showHelp, setShowHelp] = useState(false)
|
||||
|
||||
const finishAuth = () => {
|
||||
if (isNewRegistration) {
|
||||
@@ -410,6 +412,7 @@ export default function AuthOnboarding({ onAuthenticated, onOpenDemo }: AuthOnbo
|
||||
|
||||
// Render 3: Standard Login / Registration options form
|
||||
return (
|
||||
<>
|
||||
<div className="auth-card glass">
|
||||
<div className="auth-brand">
|
||||
<img src="/logo.png" alt="Kapteins Daagbok" className="auth-logo-img" />
|
||||
@@ -570,15 +573,23 @@ export default function AuthOnboarding({ onAuthenticated, onOpenDemo }: AuthOnbo
|
||||
</div>
|
||||
|
||||
<div className="auth-footer">
|
||||
<button className="btn-icon-text" onClick={toggleLanguage}>
|
||||
<button type="button" className="btn-icon-text" onClick={toggleLanguage}>
|
||||
<Languages size={18} />
|
||||
{i18n.language.startsWith('de') ? 'English' : 'Deutsch'}
|
||||
</button>
|
||||
<a href="#help" className="btn-icon-text link-sec">
|
||||
<button
|
||||
type="button"
|
||||
className="btn-icon-text link-sec"
|
||||
onClick={() => setShowHelp(true)}
|
||||
title={t('disclaimer.button_title')}
|
||||
aria-label={t('disclaimer.button_title')}
|
||||
>
|
||||
<HelpCircle size={18} />
|
||||
{t('auth.help')}
|
||||
</a>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<DisclaimerModal open={showHelp} onClose={() => setShowHelp(false)} />
|
||||
</>
|
||||
)
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
},
|
||||
"auth": {
|
||||
"welcome": "Willkommen bei Kapteins Daagbok",
|
||||
"tagline": "Sicheres, E2E-verschlüsseltes maritimes Logbuch.",
|
||||
"tagline": "Dein sicheres, E2E-verschlüsseltes maritimes Logbuch.",
|
||||
"register": "Mit Passkey registrieren",
|
||||
"login": "Mit Passkey anmelden",
|
||||
"login_as": "Anmelden als {{name}}",
|
||||
|
||||
@@ -46,13 +46,21 @@ export async function checkServerSession(): Promise<{ authenticated: boolean; us
|
||||
}
|
||||
}
|
||||
|
||||
/** Master key is memory-only; after process kill the HTTP session may outlive local crypto state. */
|
||||
/** Master key + username in memory/storage — enough to stay in the unlocked UI. */
|
||||
export function hasUnlockedLocalCrypto(): boolean {
|
||||
return !!(getActiveMasterKey() && localStorage.getItem('active_username'))
|
||||
}
|
||||
|
||||
/** Crypto unlock plus user id for authenticated API calls (userId may already be in localStorage). */
|
||||
export function hasUnlockedLocalSession(): boolean {
|
||||
return !!(
|
||||
getActiveMasterKey() &&
|
||||
localStorage.getItem('active_username') &&
|
||||
localStorage.getItem('active_userid')
|
||||
)
|
||||
return hasUnlockedLocalCrypto() && !!localStorage.getItem('active_userid')
|
||||
}
|
||||
|
||||
/** Persist server session user id when the /session response includes it. */
|
||||
export function persistSessionUserId(userId: string | undefined): void {
|
||||
if (userId) {
|
||||
localStorage.setItem('active_userid', userId)
|
||||
}
|
||||
}
|
||||
|
||||
export async function reauthWithPasskey(): Promise<boolean> {
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
import { beforeEach, describe, expect, it } from 'vitest'
|
||||
import {
|
||||
hasUnlockedLocalCrypto,
|
||||
hasUnlockedLocalSession,
|
||||
setActiveMasterKey
|
||||
} from './auth.js'
|
||||
|
||||
describe('local session unlock checks', () => {
|
||||
beforeEach(() => {
|
||||
localStorage.clear()
|
||||
setActiveMasterKey(null)
|
||||
})
|
||||
|
||||
it('hasUnlockedLocalCrypto with master key and username only', () => {
|
||||
setActiveMasterKey(new ArrayBuffer(32))
|
||||
localStorage.setItem('active_username', 'skipper')
|
||||
expect(hasUnlockedLocalCrypto()).toBe(true)
|
||||
expect(hasUnlockedLocalSession()).toBe(false)
|
||||
})
|
||||
|
||||
it('hasUnlockedLocalSession when userId is present', () => {
|
||||
setActiveMasterKey(new ArrayBuffer(32))
|
||||
localStorage.setItem('active_username', 'skipper')
|
||||
localStorage.setItem('active_userid', 'user-1')
|
||||
expect(hasUnlockedLocalCrypto()).toBe(true)
|
||||
expect(hasUnlockedLocalSession()).toBe(true)
|
||||
})
|
||||
|
||||
it('hasUnlockedLocalCrypto false without master key', () => {
|
||||
localStorage.setItem('active_username', 'skipper')
|
||||
localStorage.setItem('active_userid', 'user-1')
|
||||
expect(hasUnlockedLocalCrypto()).toBe(false)
|
||||
})
|
||||
})
|
||||
|
||||
describe('persistSessionUserId', () => {
|
||||
beforeEach(() => {
|
||||
localStorage.clear()
|
||||
})
|
||||
|
||||
it('stores userId when provided', async () => {
|
||||
const { persistSessionUserId } = await import('./auth.js')
|
||||
persistSessionUserId('user-42')
|
||||
expect(localStorage.getItem('active_userid')).toBe('user-42')
|
||||
})
|
||||
|
||||
it('does not clear existing userId when omitted', async () => {
|
||||
const { persistSessionUserId } = await import('./auth.js')
|
||||
localStorage.setItem('active_userid', 'user-1')
|
||||
persistSessionUserId(undefined)
|
||||
expect(localStorage.getItem('active_userid')).toBe('user-1')
|
||||
})
|
||||
})
|
||||
Reference in New Issue
Block a user