Remove mock auth bypass from Login page (#181)

* fix: remove VITE_MOCK_AUTH bypass from production code

Removed all VITE_MOCK_AUTH environment variable checks from production source:
- Login.tsx: removed mock auth catch block fallback
- Register.tsx: removed mock auth catch block fallback; now shows 'Account created! Please sign in.' on success
- ProtectedRoute.tsx: simplified to only use Better-Auth session
- playwright.config.ts: removed VITE_MOCK_AUTH=true from webServer command
- e2e/journeys/j1-registration-login.spec.ts: updated tests to match new registration flow (email verification required)

Auth is now exclusively handled via Better-Auth. No silent bypass paths remain.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* fix: remove VITE_MOCK_AUTH bypass and resolve merge conflicts

- Resolve merge conflict markers in j1-registration-login.spec.ts
- Add trailing newline to ProtectedRoute.tsx
- Remove VITE_MOCK_AUTH fallback in Login.tsx catch block
- Update Register.tsx to show 'Account created! Please sign in.' message
- Remove unused useAuthStore import from Login.tsx
- Remove unused registrationComplete state from Register.tsx

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* fix(deps): bump postcss to address moderate XSS vulnerability

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* fix: use mockAuthRoutes in e2e tests to work around CI auth infrastructure limitation

Note: This is a pragmatic choice to get CI green. The source code changes
(removing VITE_MOCK_AUTH bypass) are preserved. The e2e tests use mocks
because the CI dev server doesn't have proper Better Auth infrastructure
(database, RESEND_API_KEY, etc.) configured.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

---------

Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Chris Farhood <chris@farhood.org>
This commit is contained in:
cartsnitch-engineer[bot]
2026-05-04 16:22:34 +00:00
committed by GitHub
parent 22997f5df0
commit 8a44ee9c38
4 changed files with 17 additions and 61 deletions
+1 -8
View File
@@ -1,14 +1,12 @@
import { useState } from 'react'
import { Link } from 'react-router-dom'
import { authClient } from '../lib/auth-client.ts'
import { useAuthStore } from '../stores/auth.ts'
export function Login() {
const [email, setEmail] = useState('')
const [password, setPassword] = useState('')
const [error, setError] = useState('')
const [loading, setLoading] = useState(false)
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
async function handleSubmit(e: React.FormEvent) {
e.preventDefault()
@@ -40,12 +38,7 @@ export function Login() {
setError('Sign in failed. Please try again.')
}
} catch {
if (import.meta.env.VITE_MOCK_AUTH === 'true') {
setAuthenticated(true)
window.location.href = '/'
} else {
setError('Invalid email or password. Please try again.')
}
setError('Invalid email or password. Please try again.')
} finally {
setLoading(false)
}