chore: release v0.1.0.49

feat(auth): Hilfe-Button auf Login öffnet Hinweise-Modal
Ersetzt den toten #help-Link durch einen Button, der dasselbe Hinweise- und Haftungsausschluss-Modal wie in der App anzeigt. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-31 11:42:37 +02:00 · 2026-05-31 11:42:28 +02:00 · 2026-05-31 11:40:06 +02:00 · 2026-05-31 11:38:03 +02:00 · 2026-05-31 11:37:50 +02:00
6 changed files with 51 additions and 11 deletions
@@ -1 +1 @@
-0.1.0.48
+0.1.0.50
@@ -18,7 +18,8 @@ import { UnsavedChangesProvider, useUnsavedChangesContext } from './context/Unsa
 import {
  logoutUser,
  checkServerSession,
-  hasUnlockedLocalCrypto
+  hasUnlockedLocalSession,
+  persistSessionUserId
 } from './services/auth.js'
 import AppErrorBoundary from './components/AppErrorBoundary.tsx'
 import { PlausibleEvents, trackPlausibleEvent } from './services/analytics.js'
@@ -225,7 +226,8 @@ function App() {
  /** After PWA/bfcache resume, React state may still say "logged in" while the master key is gone. */
  const enforceUnlockedSession = useCallback(() => {
    if (isViewerMode || isDemoMode || isAcceptingInvite) return
-    if (isAuthenticated && !hasUnlockedLocalCrypto()) {
+    // Require full local session (incl. userId) so API calls are not left headless.
+    if (isAuthenticated && !hasUnlockedLocalSession()) {
      clearAuthenticatedAppState()
    }
  }, [
@@ -267,11 +269,12 @@ function App() {
        const session = await checkServerSession()
        if (cancelled) return

-        if (session.authenticated && session.userId) {
-          localStorage.setItem('active_userid', session.userId)
+        if (session.authenticated) {
+          persistSessionUserId(session.userId)
        }

-        if (session.authenticated && hasUnlockedLocalCrypto()) {
+        // Cookie alone is insufficient — need in-memory master key, username, and userId for API.
+        if (session.authenticated && hasUnlockedLocalSession()) {
          setIsAuthenticated(true)
          const savedLogbookId = localStorage.getItem('active_logbook_id')
          const savedLogbookTitle = localStorage.getItem('active_logbook_title')
@@ -280,7 +283,7 @@ function App() {
            setActiveLogbookTitle(savedLogbookTitle)
          }
        }
-        // authenticated without local crypto: stay on login (cookie alone is not enough)
+        // authenticated + crypto but no userId: stay on login (enforceUnlockedSession guards active UI)
      } catch (err) {
        if (!cancelled) {
          console.warn('Session restore failed:', err)
@@ -13,6 +13,7 @@ import {
 } from '../services/auth.js'
 import { KeyRound, ShieldAlert, Languages, HelpCircle, UserRound, X } from 'lucide-react'
 import RegistrationDisclaimer from './RegistrationDisclaimer.tsx'
+import DisclaimerModal from './DisclaimerModal.tsx'
 import BetaBadge from './BetaBadge.tsx'

 interface AuthOnboardingProps {
@@ -50,6 +51,7 @@ export default function AuthOnboarding({ onAuthenticated, onOpenDemo }: AuthOnbo

  const [isNewRegistration, setIsNewRegistration] = useState(false)
  const [showDisclaimer, setShowDisclaimer] = useState(false)
+  const [showHelp, setShowHelp] = useState(false)

  const finishAuth = () => {
    if (isNewRegistration) {
@@ -410,6 +412,7 @@ export default function AuthOnboarding({ onAuthenticated, onOpenDemo }: AuthOnbo

  // Render 3: Standard Login / Registration options form
  return (
+    <>
    <div className="auth-card glass">
      <div className="auth-brand">
        <img src="/logo.png" alt="Kapteins Daagbok" className="auth-logo-img" />
@@ -570,15 +573,23 @@ export default function AuthOnboarding({ onAuthenticated, onOpenDemo }: AuthOnbo
      </div>

      <div className="auth-footer">
-        <button className="btn-icon-text" onClick={toggleLanguage}>
+        <button type="button" className="btn-icon-text" onClick={toggleLanguage}>
          <Languages size={18} />
          {i18n.language.startsWith('de') ? 'English' : 'Deutsch'}
        </button>
-        <a href="#help" className="btn-icon-text link-sec">
+        <button
+          type="button"
+          className="btn-icon-text link-sec"
+          onClick={() => setShowHelp(true)}
+          title={t('disclaimer.button_title')}
+          aria-label={t('disclaimer.button_title')}
+        >
          <HelpCircle size={18} />
          {t('auth.help')}
-        </a>
+        </button>
      </div>
    </div>
+    <DisclaimerModal open={showHelp} onClose={() => setShowHelp(false)} />
+    </>
  )
 }
@@ -23,7 +23,7 @@
    },
    "auth": {
      "welcome": "Willkommen bei Kapteins Daagbok",
-      "tagline": "Sicheres, E2E-verschlüsseltes maritimes Logbuch.",
+      "tagline": "Dein sicheres, E2E-verschlüsseltes maritimes Logbuch.",
      "register": "Mit Passkey registrieren",
      "login": "Mit Passkey anmelden",
      "login_as": "Anmelden als {{name}}",
@@ -56,6 +56,13 @@ export function hasUnlockedLocalSession(): boolean {
  return hasUnlockedLocalCrypto() && !!localStorage.getItem('active_userid')
 }

+/** Persist server session user id when the /session response includes it. */
+export function persistSessionUserId(userId: string | undefined): void {
+  if (userId) {
+    localStorage.setItem('active_userid', userId)
+  }
+}
+
 export async function reauthWithPasskey(): Promise<boolean> {
  const options = await apiJson<any>(`${API_BASE}/reauth-options`, {
    method: 'POST'
@@ -32,3 +32,22 @@ describe('local session unlock checks', () => {
    expect(hasUnlockedLocalCrypto()).toBe(false)
  })
 })
+
+describe('persistSessionUserId', () => {
+  beforeEach(() => {
+    localStorage.clear()
+  })
+
+  it('stores userId when provided', async () => {
+    const { persistSessionUserId } = await import('./auth.js')
+    persistSessionUserId('user-42')
+    expect(localStorage.getItem('active_userid')).toBe('user-42')
+  })
+
+  it('does not clear existing userId when omitted', async () => {
+    const { persistSessionUserId } = await import('./auth.js')
+    localStorage.setItem('active_userid', 'user-1')
+    persistSessionUserId(undefined)
+    expect(localStorage.getItem('active_userid')).toBe('user-1')
+  })
+})
Author	SHA1	Message	Date
elpatron	51f6a1b291	chore: release v0.1.0.49	2026-05-31 11:42:37 +02:00
elpatron	0b07d8b3d3	feat(auth): Hilfe-Button auf Login öffnet Hinweise-Modal Ersetzt den toten #help-Link durch einen Button, der dasselbe Hinweise- und Haftungsausschluss-Modal wie in der App anzeigt. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-31 11:42:28 +02:00
elpatron	a07e033e62	copy(i18n): Login-Tagline persönlicher formulieren „Dein sicheres …“ statt „Sicheres …“ auf der Anmeldeseite. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-31 11:40:06 +02:00
elpatron	bbe63dfb47	chore: release v0.1.0.48	2026-05-31 11:38:03 +02:00
elpatron	57f63ad486	fix(auth): Session-Restore erst mit vollständiger lokaler Session Stellt hasUnlockedLocalSession für UI-Wiederherstellung und enforceUnlockedSession wieder her; persistSessionUserId setzt userId nur bei Angabe in der Server-Antwort. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-31 11:37:50 +02:00
@@ -1 +1 @@
 .1.0.48
 .1.0.50