Refactoring reset and session tokens, currently broken.

2025-07-14 16:10:02 -06:00
parent 19bcddca30
commit 225d7b7542
11 changed files with 786 additions and 330 deletions
--- a/frontend/src/App.vue
+++ b/frontend/src/App.vue
@@ -5,39 +5,36 @@
    <RegisterView v-if="store.currentView === 'register'" />
    <ProfileView v-if="store.currentView === 'profile'" />
    <DeviceLinkView v-if="store.currentView === 'device-link'" />
-    <AddDeviceCredentialView v-if="store.currentView === 'add-device-credential'" />
+    <AddCredentialView v-if="store.currentView === 'add-credential'" />
  </div>
 </template>

 <script setup>
-import { onMounted, ref } from 'vue'
+import { onMounted } from 'vue'
 import { useAuthStore } from '@/stores/auth'
 import StatusMessage from '@/components/StatusMessage.vue'
 import LoginView from '@/components/LoginView.vue'
 import RegisterView from '@/components/RegisterView.vue'
 import ProfileView from '@/components/ProfileView.vue'
 import DeviceLinkView from '@/components/DeviceLinkView.vue'
-import AddDeviceCredentialView from '@/components/AddDeviceCredentialView.vue'
-import { getCookie } from './utils/helpers'
+import AddCredentialView from '@/components/AddCredentialView.vue'

 const store = useAuthStore()
-let isLoggedIn

 onMounted(async () => {
-  if (getCookie('auth-token')) {
-    store.currentView = 'add-device-credential'
-    return
+  // Check for device addition session first
+  try {
+    await store.loadUserInfo()
+  } catch (error) {
+    console.log('Failed to load user info:', error)
+    store.currentView = 'login'
  }
-  isLoggedIn = await store.validateStoredToken()
-  if (isLoggedIn) {
-    // User is logged in, load their data and go to profile
-    try {
-      await store.loadUserInfo()
+  if (store.currentCredentials.length) {
+    // User is logged in, go to profile
      store.currentView = 'profile'
-    } catch (error) {
-      console.error('Failed to load user info:', error)
-      store.currentView = 'login'
-    }
+  } else if (store.currentUser) {
+    // User is logged in via reset link, allow adding a credential
+    store.currentView = 'add-credential'
  } else {
    // User is not logged in, show login
    store.currentView = 'login'
--- a/frontend/src/components/AddDeviceCredentialView.vue
+++ b/frontend/src/components/AddDeviceCredentialView.vue
@@ -15,30 +15,42 @@

 <script setup>
 import { useAuthStore } from '@/stores/auth'
-import { registerWithToken } from '@/utils/passkey'
+import { registerWithSession } from '@/utils/passkey'
 import { ref, onMounted } from 'vue'
-import { getCookie } from '@/utils/helpers'

 const authStore = useAuthStore()
-const token = ref(null)
+const hasDeviceSession = ref(false)

 // Check existing session on app load
-onMounted(() => {
-  // Check for 'auth-token' cookie
-  token.value = getCookie('auth-token')
-  if (!token.value) {
-    authStore.showMessage('No registration token cookie found.', 'error')
+onMounted(async () => {
+  try {
+    // Check if we have a device addition session
+    const response = await fetch('/auth/device-session-check', {
+      credentials: 'include'
+    })
+    const data = await response.json()
+
+    if (data.device_addition_session) {
+      hasDeviceSession.value = true
+    } else {
+      authStore.showMessage('No device addition session found.', 'error')
+      authStore.currentView = 'login'
+    }
+  } catch (error) {
+    authStore.showMessage('Failed to check device addition session.', 'error')
    authStore.currentView = 'login'
-    return
  }
-  // Delete the cookie
-  document.cookie = 'auth-token=; Max-Age=0; path=/'
 })

 function register() {
+  if (!hasDeviceSession.value) {
+    authStore.showMessage('No valid device addition session', 'error')
+    return
+  }
+
  authStore.isLoading = true
  authStore.showMessage('Starting registration...', 'info')
-  registerWithToken(token.value).finally(() => {
+  registerWithSession().finally(() => {
    authStore.isLoading = false
  }).then(() => {
    authStore.showMessage('Passkey registered successfully!', 'success', 2000)
--- a/frontend/src/stores/auth.js
+++ b/frontend/src/stores/auth.js
@@ -30,15 +30,6 @@ export const useAuthStore = defineStore('auth', {
        }, duration)
      }
    },
-    async validateStoredToken() {
-      try {
-        const response = await fetch('/auth/validate-token')
-        const result = await response.json()
-        return result.status === 'success'
-      } catch (error) {
-        return false
-      }
-    },
    async setSessionCookie(sessionToken) {
      const response = await fetch('/auth/set-session', {
        method: 'POST',
@@ -84,7 +75,7 @@ export const useAuthStore = defineStore('auth', {
      }
    },
    async loadUserInfo() {
-      const response = await fetch('/auth/user-info')
+      const response = await fetch('/auth/user-info', {method: 'POST'})
      const result = await response.json()
      if (result.error) throw new Error(`Server: ${result.error}`)

--- a/frontend/src/utils/passkey.js
+++ b/frontend/src/utils/passkey.js
@@ -24,6 +24,9 @@ export async function registerCredential() {
 export async function registerWithToken(token) {
  return register('/auth/ws/add_device_credential', { token })
 }
+export async function registerWithSession() {
+  return register('/auth/ws/add_device_credential_session')
+}

 export async function authenticateUser() {
  const ws = await aWebSocket('/auth/ws/authenticate')