d25d482dc2
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
488 lines
16 KiB
TypeScript
488 lines
16 KiB
TypeScript
'use client'
|
|
|
|
import { useEffect, useRef, useState } from 'react'
|
|
import {
|
|
ChipModal,
|
|
ChipModalBody,
|
|
ChipModalError,
|
|
ChipModalField,
|
|
ChipModalFooter,
|
|
ChipModalHeader,
|
|
} from '@sim/emcn'
|
|
import { createLogger } from '@sim/logger'
|
|
import { getErrorMessage } from '@sim/utils/errors'
|
|
import { normalizeEmail } from '@sim/utils/string'
|
|
import { useRouter, useSearchParams } from 'next/navigation'
|
|
import { requestJson } from '@/lib/api/client/request'
|
|
import { forgetPasswordContract } from '@/lib/api/contracts'
|
|
import { client } from '@/lib/auth/auth-client'
|
|
import { getEnv, isFalsy, isTruthy } from '@/lib/core/config/env'
|
|
import { validateCallbackUrl } from '@/lib/core/security/input-validation'
|
|
import { getBaseUrl } from '@/lib/core/utils/urls'
|
|
import { quickValidateEmail } from '@/lib/messaging/email/validation'
|
|
import { captureClientEvent } from '@/lib/posthog/client'
|
|
import {
|
|
AuthDivider,
|
|
AuthField,
|
|
AuthFormMessage,
|
|
AuthHeader,
|
|
AuthInput,
|
|
AuthLegalFooter,
|
|
AuthNavPrompt,
|
|
AuthSubmitButton,
|
|
AuthTextLink,
|
|
PasswordInput,
|
|
SocialLoginButtons,
|
|
SSOLoginButton,
|
|
} from '@/app/(auth)/components'
|
|
|
|
const logger = createLogger('LoginForm')
|
|
|
|
const validateEmailField = (emailValue: string): string[] => {
|
|
const errors: string[] = []
|
|
|
|
if (!emailValue || !emailValue.trim()) {
|
|
errors.push('Email is required.')
|
|
return errors
|
|
}
|
|
|
|
const validation = quickValidateEmail(normalizeEmail(emailValue))
|
|
if (!validation.isValid) {
|
|
errors.push(validation.reason || 'Please enter a valid email address.')
|
|
}
|
|
|
|
return errors
|
|
}
|
|
|
|
const PASSWORD_VALIDATIONS = {
|
|
required: {
|
|
test: (value: string) => Boolean(value && typeof value === 'string'),
|
|
message: 'Password is required.',
|
|
},
|
|
notEmpty: {
|
|
test: (value: string) => value.trim().length > 0,
|
|
message: 'Password cannot be empty.',
|
|
},
|
|
}
|
|
|
|
const validatePassword = (passwordValue: string): string[] => {
|
|
const errors: string[] = []
|
|
|
|
if (!PASSWORD_VALIDATIONS.required.test(passwordValue)) {
|
|
errors.push(PASSWORD_VALIDATIONS.required.message)
|
|
return errors
|
|
}
|
|
|
|
if (!PASSWORD_VALIDATIONS.notEmpty.test(passwordValue)) {
|
|
errors.push(PASSWORD_VALIDATIONS.notEmpty.message)
|
|
return errors
|
|
}
|
|
|
|
return errors
|
|
}
|
|
|
|
export default function LoginPage({
|
|
githubAvailable,
|
|
googleAvailable,
|
|
microsoftAvailable,
|
|
isProduction,
|
|
}: {
|
|
githubAvailable: boolean
|
|
googleAvailable: boolean
|
|
microsoftAvailable: boolean
|
|
isProduction: boolean
|
|
}) {
|
|
const router = useRouter()
|
|
const searchParams = useSearchParams()
|
|
const [isLoading, setIsLoading] = useState(false)
|
|
const [password, setPassword] = useState('')
|
|
const [passwordErrors, setPasswordErrors] = useState<string[]>([])
|
|
const [showValidationError, setShowValidationError] = useState(false)
|
|
const callbackUrlParam = searchParams?.get('callbackUrl')
|
|
const isValidCallbackUrl = callbackUrlParam ? validateCallbackUrl(callbackUrlParam) : false
|
|
const invalidCallbackRef = useRef(false)
|
|
if (callbackUrlParam && !isValidCallbackUrl && !invalidCallbackRef.current) {
|
|
invalidCallbackRef.current = true
|
|
logger.warn('Invalid callback URL detected and blocked:', { url: callbackUrlParam })
|
|
}
|
|
const callbackUrl = isValidCallbackUrl ? callbackUrlParam! : '/workspace'
|
|
const isInviteFlow = searchParams?.get('invite_flow') === 'true'
|
|
|
|
const [forgotPasswordOpen, setForgotPasswordOpen] = useState(false)
|
|
const [forgotPasswordEmail, setForgotPasswordEmail] = useState('')
|
|
const [isSubmittingReset, setIsSubmittingReset] = useState(false)
|
|
const [resetStatus, setResetStatus] = useState<{
|
|
type: 'success' | 'error' | null
|
|
message: string
|
|
}>({ type: null, message: '' })
|
|
|
|
const [email, setEmail] = useState('')
|
|
const [emailErrors, setEmailErrors] = useState<string[]>([])
|
|
const [showEmailValidationError, setShowEmailValidationError] = useState(false)
|
|
const [resetSuccessMessage, setResetSuccessMessage] = useState<string | null>(() =>
|
|
searchParams?.get('resetSuccess') === 'true'
|
|
? 'Password reset successful. Please sign in with your new password.'
|
|
: null
|
|
)
|
|
|
|
useEffect(() => {
|
|
captureClientEvent('login_page_viewed', {})
|
|
}, [])
|
|
|
|
const handleEmailChange = (e: React.ChangeEvent<HTMLInputElement>) => {
|
|
const newEmail = e.target.value
|
|
setEmail(newEmail)
|
|
|
|
const errors = validateEmailField(newEmail)
|
|
setEmailErrors(errors)
|
|
setShowEmailValidationError(false)
|
|
}
|
|
|
|
const handlePasswordChange = (e: React.ChangeEvent<HTMLInputElement>) => {
|
|
const newPassword = e.target.value
|
|
setPassword(newPassword)
|
|
|
|
const errors = validatePassword(newPassword)
|
|
setPasswordErrors(errors)
|
|
setShowValidationError(false)
|
|
}
|
|
|
|
async function onSubmit(e: React.FormEvent<HTMLFormElement>) {
|
|
e.preventDefault()
|
|
setIsLoading(true)
|
|
|
|
const redirectToVerify = (emailToVerify: string) => {
|
|
if (typeof window !== 'undefined') {
|
|
sessionStorage.setItem('verificationEmail', emailToVerify)
|
|
}
|
|
router.push('/verify')
|
|
}
|
|
|
|
const formData = new FormData(e.currentTarget)
|
|
const emailRaw = formData.get('email') as string
|
|
const email = normalizeEmail(emailRaw)
|
|
|
|
const emailValidationErrors = validateEmailField(email)
|
|
setEmailErrors(emailValidationErrors)
|
|
setShowEmailValidationError(emailValidationErrors.length > 0)
|
|
|
|
const passwordValidationErrors = validatePassword(password)
|
|
setPasswordErrors(passwordValidationErrors)
|
|
setShowValidationError(passwordValidationErrors.length > 0)
|
|
|
|
if (emailValidationErrors.length > 0 || passwordValidationErrors.length > 0) {
|
|
setIsLoading(false)
|
|
return
|
|
}
|
|
|
|
try {
|
|
const safeCallbackUrl = callbackUrl
|
|
let errorHandled = false
|
|
|
|
const result = await client.signIn.email(
|
|
{
|
|
email,
|
|
password,
|
|
callbackURL: safeCallbackUrl,
|
|
},
|
|
{
|
|
onError: (ctx: any) => {
|
|
logger.error('Login error:', ctx.error)
|
|
|
|
if (ctx.error.code?.includes('EMAIL_NOT_VERIFIED')) {
|
|
errorHandled = true
|
|
redirectToVerify(email)
|
|
return
|
|
}
|
|
|
|
errorHandled = true
|
|
const errorMessage: string[] = ['Invalid email or password']
|
|
|
|
if (
|
|
ctx.error.code?.includes('BAD_REQUEST') ||
|
|
ctx.error.message?.includes('Email and password sign in is not enabled')
|
|
) {
|
|
errorMessage.push('Email sign in is currently disabled.')
|
|
} else if (
|
|
ctx.error.code?.includes('INVALID_CREDENTIALS') ||
|
|
ctx.error.message?.includes('invalid password')
|
|
) {
|
|
errorMessage.push('Invalid email or password. Please try again.')
|
|
} else if (
|
|
ctx.error.code?.includes('USER_NOT_FOUND') ||
|
|
ctx.error.message?.includes('not found')
|
|
) {
|
|
errorMessage.push('No account found with this email. Please sign up first.')
|
|
} else if (ctx.error.code?.includes('MISSING_CREDENTIALS')) {
|
|
errorMessage.push('Please enter both email and password.')
|
|
} else if (ctx.error.code?.includes('EMAIL_PASSWORD_DISABLED')) {
|
|
errorMessage.push('Email and password login is disabled.')
|
|
} else if (ctx.error.code?.includes('FAILED_TO_CREATE_SESSION')) {
|
|
errorMessage.push('Failed to create session. Please try again later.')
|
|
} else if (ctx.error.code?.includes('too many attempts')) {
|
|
errorMessage.push(
|
|
'Too many login attempts. Please try again later or reset your password.'
|
|
)
|
|
} else if (ctx.error.code?.includes('account locked')) {
|
|
errorMessage.push(
|
|
'Your account has been locked for security. Please reset your password.'
|
|
)
|
|
} else if (ctx.error.code?.includes('network')) {
|
|
errorMessage.push('Network error. Please check your connection and try again.')
|
|
} else if (ctx.error.message?.includes('rate limit')) {
|
|
errorMessage.push('Too many requests. Please wait a moment before trying again.')
|
|
}
|
|
|
|
setResetSuccessMessage(null)
|
|
setPasswordErrors(errorMessage)
|
|
setShowValidationError(true)
|
|
},
|
|
}
|
|
)
|
|
|
|
if (!result || result.error) {
|
|
// Show error if not already handled by onError callback
|
|
if (!errorHandled) {
|
|
setResetSuccessMessage(null)
|
|
const errorMessage = result?.error?.message || 'Login failed. Please try again.'
|
|
setPasswordErrors([errorMessage])
|
|
setShowValidationError(true)
|
|
}
|
|
setIsLoading(false)
|
|
return
|
|
}
|
|
|
|
// Clear reset success message on successful login
|
|
setResetSuccessMessage(null)
|
|
|
|
// Explicit redirect fallback if better-auth doesn't redirect
|
|
router.push(safeCallbackUrl)
|
|
} catch (err: any) {
|
|
if (err.message?.includes('not verified') || err.code?.includes('EMAIL_NOT_VERIFIED')) {
|
|
redirectToVerify(email)
|
|
return
|
|
}
|
|
|
|
logger.error('Uncaught login error:', err)
|
|
} finally {
|
|
setIsLoading(false)
|
|
}
|
|
}
|
|
|
|
const handleForgotPassword = async () => {
|
|
if (!forgotPasswordEmail) {
|
|
setResetStatus({
|
|
type: 'error',
|
|
message: 'Please enter your email address',
|
|
})
|
|
return
|
|
}
|
|
|
|
const emailValidation = quickValidateEmail(normalizeEmail(forgotPasswordEmail))
|
|
if (!emailValidation.isValid) {
|
|
setResetStatus({
|
|
type: 'error',
|
|
message: 'Please enter a valid email address',
|
|
})
|
|
return
|
|
}
|
|
|
|
try {
|
|
setIsSubmittingReset(true)
|
|
setResetStatus({ type: null, message: '' })
|
|
|
|
try {
|
|
await requestJson(forgetPasswordContract, {
|
|
body: {
|
|
email: forgotPasswordEmail,
|
|
redirectTo: `${getBaseUrl()}/reset-password`,
|
|
},
|
|
})
|
|
} catch (requestError) {
|
|
let errorMessage = getErrorMessage(requestError, 'Failed to request password reset')
|
|
|
|
if (
|
|
errorMessage.includes('Invalid body parameters') ||
|
|
errorMessage.includes('invalid email')
|
|
) {
|
|
errorMessage = 'Please enter a valid email address'
|
|
} else if (errorMessage.includes('Email is required')) {
|
|
errorMessage = 'Please enter your email address'
|
|
} else if (
|
|
errorMessage.includes('user not found') ||
|
|
errorMessage.includes('User not found')
|
|
) {
|
|
errorMessage = 'No account found with this email address'
|
|
}
|
|
|
|
throw new Error(errorMessage)
|
|
}
|
|
|
|
setResetStatus({
|
|
type: 'success',
|
|
message: 'Password reset link sent to your email',
|
|
})
|
|
|
|
setTimeout(() => {
|
|
setForgotPasswordOpen(false)
|
|
setResetStatus({ type: null, message: '' })
|
|
}, 2000)
|
|
} catch (error) {
|
|
logger.error('Error requesting password reset:', { error })
|
|
setResetStatus({
|
|
type: 'error',
|
|
message: getErrorMessage(error, 'Failed to request password reset'),
|
|
})
|
|
} finally {
|
|
setIsSubmittingReset(false)
|
|
}
|
|
}
|
|
|
|
const ssoEnabled = isTruthy(getEnv('NEXT_PUBLIC_SSO_ENABLED'))
|
|
const emailEnabled = !isFalsy(getEnv('NEXT_PUBLIC_EMAIL_PASSWORD_SIGNUP_ENABLED'))
|
|
const hasSocial = githubAvailable || googleAvailable || microsoftAvailable
|
|
const hasOnlySSO = ssoEnabled && !emailEnabled && !hasSocial
|
|
const showTopSSO = hasOnlySSO
|
|
const showBottomSection = hasSocial || (ssoEnabled && !hasOnlySSO)
|
|
const showDivider = (emailEnabled || showTopSSO) && showBottomSection
|
|
|
|
const emailFieldErrors = showEmailValidationError && emailErrors.length > 0 ? emailErrors : []
|
|
const passwordFieldErrors = showValidationError && passwordErrors.length > 0 ? passwordErrors : []
|
|
const canSubmit = email.trim().length > 0 && password.length > 0
|
|
|
|
return (
|
|
<>
|
|
<div className='space-y-6'>
|
|
<AuthHeader title='Sign in' description='Enter your details' />
|
|
|
|
{showTopSSO && <SSOLoginButton callbackURL={callbackUrl} variant='primary' />}
|
|
|
|
{emailEnabled && (
|
|
<form onSubmit={onSubmit} className='space-y-6'>
|
|
<div className='space-y-5'>
|
|
<AuthField htmlFor='email' label='Email' errors={emailFieldErrors}>
|
|
<AuthInput
|
|
id='email'
|
|
name='email'
|
|
placeholder='Enter your email'
|
|
required
|
|
autoCapitalize='none'
|
|
autoComplete='email'
|
|
autoCorrect='off'
|
|
value={email}
|
|
onChange={handleEmailChange}
|
|
error={emailFieldErrors.length > 0}
|
|
/>
|
|
</AuthField>
|
|
<AuthField
|
|
htmlFor='password'
|
|
label='Password'
|
|
errors={passwordFieldErrors}
|
|
action={
|
|
<AuthTextLink
|
|
onClick={() => setForgotPasswordOpen(true)}
|
|
className='text-caption'
|
|
>
|
|
Forgot password?
|
|
</AuthTextLink>
|
|
}
|
|
>
|
|
<PasswordInput
|
|
id='password'
|
|
name='password'
|
|
required
|
|
autoCapitalize='none'
|
|
autoComplete='current-password'
|
|
autoCorrect='off'
|
|
placeholder='Enter your password'
|
|
value={password}
|
|
onChange={handlePasswordChange}
|
|
error={passwordFieldErrors.length > 0}
|
|
/>
|
|
</AuthField>
|
|
</div>
|
|
|
|
{resetSuccessMessage && (
|
|
<AuthFormMessage type='success'>
|
|
<p>{resetSuccessMessage}</p>
|
|
</AuthFormMessage>
|
|
)}
|
|
|
|
<AuthSubmitButton loading={isLoading} loadingLabel='Signing in…' disabled={!canSubmit}>
|
|
Sign in
|
|
</AuthSubmitButton>
|
|
</form>
|
|
)}
|
|
|
|
{showDivider && <AuthDivider label='Or continue with' />}
|
|
|
|
{showBottomSection && (
|
|
<SocialLoginButtons
|
|
googleAvailable={googleAvailable}
|
|
githubAvailable={githubAvailable}
|
|
microsoftAvailable={microsoftAvailable}
|
|
isProduction={isProduction}
|
|
callbackURL={callbackUrl}
|
|
>
|
|
{ssoEnabled && !hasOnlySSO && (
|
|
<SSOLoginButton callbackURL={callbackUrl} variant='outline' />
|
|
)}
|
|
</SocialLoginButtons>
|
|
)}
|
|
|
|
{emailEnabled && (
|
|
<AuthNavPrompt
|
|
prompt="Don't have an account?"
|
|
href={isInviteFlow ? `/signup?invite_flow=true&callbackUrl=${callbackUrl}` : '/signup'}
|
|
linkLabel='Sign up'
|
|
/>
|
|
)}
|
|
|
|
<AuthLegalFooter action='signing in' />
|
|
</div>
|
|
|
|
<ChipModal
|
|
open={forgotPasswordOpen}
|
|
onOpenChange={setForgotPasswordOpen}
|
|
srTitle='Reset Password'
|
|
>
|
|
<ChipModalHeader onClose={() => setForgotPasswordOpen(false)}>
|
|
Reset Password
|
|
</ChipModalHeader>
|
|
<ChipModalBody>
|
|
<p className='px-2 text-[var(--text-secondary)] text-sm'>
|
|
Enter your email address and we'll send you a link to reset your password if your
|
|
account exists.
|
|
</p>
|
|
<ChipModalField
|
|
type='email'
|
|
title='Email'
|
|
value={forgotPasswordEmail}
|
|
onChange={(value) => setForgotPasswordEmail(value)}
|
|
onSubmit={() => {
|
|
if (!isSubmittingReset) void handleForgotPassword()
|
|
}}
|
|
required
|
|
placeholder='you@example.com'
|
|
/>
|
|
{resetStatus.type === 'success' && (
|
|
<p className='px-2 text-[var(--text-secondary)] text-sm'>{resetStatus.message}</p>
|
|
)}
|
|
<ChipModalError>
|
|
{resetStatus.type === 'error' ? resetStatus.message : null}
|
|
</ChipModalError>
|
|
</ChipModalBody>
|
|
<ChipModalFooter
|
|
onCancel={() => setForgotPasswordOpen(false)}
|
|
cancelDisabled={isSubmittingReset}
|
|
primaryAction={{
|
|
label: isSubmittingReset ? 'Sending…' : 'Send Reset Link',
|
|
onClick: handleForgotPassword,
|
|
disabled: !forgotPasswordEmail || isSubmittingReset,
|
|
}}
|
|
/>
|
|
</ChipModal>
|
|
</>
|
|
)
|
|
}
|