bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: MFA verify succeeds but user stuck on challenge screen

Browse Source 
After successful MFA code verification, onMfaVerified() called
authStore.initialize() which returned immediately (isInitialized
was already true from the initial page load). The auth store was
never populated with user data, so the router guard saw
isAuthenticated === false and redirected back to /login — leaving
the user stuck on the MFA challenge screen with a consumed session.

Fix: use authStore.refreshUser() instead of initialize(). This
always calls GET /auth/me (using the new auth cookie from the MFA
verify response), populates the store, and then navigation to the
dashboard succeeds.

The portal login already uses authStore.fetchUser() which has no
isInitialized guard, so it was not affected.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-16 01:49:01 +02:00
parent f1a8591d17
commit 50e2c31dd9
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/app/src/pages/login.vue
View File

@@ -116,7 +116,10 @@ async function handleLogin() {
} }
function onMfaVerified() { function onMfaVerified() {
authStore.initialize().then(() => { // After MFA verify, the response sets the auth cookie. Use refreshUser()
// (not initialize() — that's guarded by isInitialized and returns immediately)
// to call GET /auth/me with the new cookie, populating the store.
authStore.refreshUser().then(() => {
const rawTo = route.query.to ? String(route.query.to) : '' const rawTo = route.query.to ? String(route.query.to) : ''
const redirectTo = rawTo.startsWith('/') ? rawTo : '/dashboard' const redirectTo = rawTo.startsWith('/') ? rawTo : '/dashboard'