Skip to content

Fix auth redirect on landing page and inconsistent auth state#19

Merged
emares17 merged 1 commit into
mainfrom
fix/auth-redirect-and-status-consistency
Apr 29, 2026
Merged

Fix auth redirect on landing page and inconsistent auth state#19
emares17 merged 1 commit into
mainfrom
fix/auth-redirect-and-status-consistency

Conversation

@emares17

@emares17 emares17 commented Apr 29, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

  • Authenticated users returning to / are now redirected to /dashboard instead of seeing the marketing landing page
  • get_current_user() now validates token expiry and attempts a refresh before returning the user, making /auth/status consistent with what verify_session_auth enforces on upload/preview endpoints

Root causes

Bug 1: The / route rendered <LandingPage /> unconditionally — only /login had an auth check redirect. Returning users with a valid session saw the marketing page with the nav showing them as logged in, but had to navigate to dashboard manually.

Bug 2: get_current_user() (used by /auth/status) only checked user_id in session with no token validation. verify_session_auth (on /upload and /preview) checked token expiry and tried to refresh. If a session's access token expired (15 min) and the refresh token was also expired (7 days), the nav and ProtectedRoute showed the user as authenticated while uploads returned 401. Observed via PostHog: users reaching the upload page with no label_generation_completed events.

Changes

  • backend/auth/decorators.pyget_current_user() now checks access_token_expires, calls refresh_access_token() if expired, and returns None if refresh fails
  • frontend-vite/react-ts/src/pages/LandingPage.tsx — added auth check useEffect on mount, redirects to /dashboard if authenticated, shows spinner while checking (mirrors existing pattern in login.tsx)

Test plan

  • Log in, navigate to / — should redirect to /dashboard
  • Log out, navigate to / — should show landing page normally
  • Simulate expired tokens (shorten TTLs temporarily) — navigating to a protected route after both tokens expire should redirect to /login, not let through and fail on upload
  • All existing backend integration tests pass
  • All existing Playwright e2e tests pass

Closes #18

@emares17
Fix auth redirect on landing page and inconsistent auth state
366c3b1 
Returning authenticated users hitting / were served the marketing
landing page instead of being redirected to dashboard. Separately,
get_current_user() only checked user_id in session without validating
token expiry, causing /auth/status to report authenticated while
upload endpoints returned 401 for sessions with expired tokens.

Closes #18
@railway-app

railway-app Bot commented Apr 29, 2026
edited
Loading

Copy link
Copy Markdown

🚅 Deployed to the BarcodeGenerator-pr-19 environment in LabelGenius

Service Status Web Updated (UTC)
LabelGenius-Frontend ✅ Success (View Logs) Web Apr 29, 2026 at 10:29 pm
LabelGenius-Backend ✅ Success (View Logs) Web Apr 29, 2026 at 10:18 pm

@railway-app railway-app Bot temporarily deployed to LabelGenius / BarcodeGenerator-pr-19 April 29, 2026 22:17 Destroyed
@emares17 emares17 merged commit 1478c30 into main Apr 29, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix: Auth redirect on landing page + inconsistent auth state causing silent 401 on upload

1 participant

@emares17