fix(gro-56): guard dev login page behind import.meta.env.DEV
The DevLoginSelector page (including the "Continue as default dev user" button) was rendering in production when AUTH_DISABLED=true. This guards the /login route so the page only renders in Vite development mode (import.meta.env.DEV). Also removes the skip-login button entirely since it bypassed user selection without any identity assertion. - Guard /login route with import.meta.env.DEV in App.tsx - Remove skipLogin button from DevLoginSelector.tsx - Add vite/client types to web tsconfig - Remove corresponding e2e test Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Flea Flicker
@@ -55,14 +55,6 @@ test.describe("DevLoginSelector", () => {
|
||||
expect(JSON.parse(devUser!)).toMatchObject({ type: "client", id: "client-1", name: "Carol Client" });
|
||||
});
|
||||
|
||||
test("skip login removes dev-user and navigates to /admin", async ({ page }) => {
|
||||
await page.goto("/login");
|
||||
await page.getByText("Continue as default dev user").click();
|
||||
await expect(page).toHaveURL("/admin");
|
||||
const devUser = await page.evaluate(() => localStorage.getItem("dev-user"));
|
||||
expect(devUser).toBeNull();
|
||||
});
|
||||
|
||||
test("no users available shows empty sections", async ({ page }) => {
|
||||
await page.route("**/api/dev/users", (route) =>
|
||||
route.fulfill({ json: { staff: [], clients: [] } })
|
||||
|
||||
@@ -141,8 +141,8 @@ export function App() {
|
||||
.catch(() => setAuthDisabled(false));
|
||||
}, []);
|
||||
|
||||
// Show login selector page
|
||||
if (location.pathname === "/login") {
|
||||
// Show login selector page (only in development)
|
||||
if (import.meta.env.DEV && location.pathname === "/login") {
|
||||
return <DevLoginSelector />;
|
||||
}
|
||||
|
||||
|
||||
@@ -36,11 +36,6 @@ export function DevLoginSelector() {
|
||||
navigate(type === "staff" ? "/admin" : "/");
|
||||
}
|
||||
|
||||
function skipLogin() {
|
||||
localStorage.removeItem("dev-user");
|
||||
navigate("/admin");
|
||||
}
|
||||
|
||||
if (loading) {
|
||||
return (
|
||||
<div style={containerStyle}>
|
||||
@@ -94,11 +89,6 @@ export function DevLoginSelector() {
|
||||
))}
|
||||
</div>
|
||||
|
||||
<div style={{ marginTop: "1.5rem", textAlign: "center" }}>
|
||||
<button onClick={skipLogin} style={skipButtonStyle}>
|
||||
Continue as default dev user
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
@@ -157,13 +147,3 @@ const userButtonStyle: React.CSSProperties = {
|
||||
textAlign: "left",
|
||||
transition: "border-color 0.15s, background 0.15s",
|
||||
};
|
||||
|
||||
const skipButtonStyle: React.CSSProperties = {
|
||||
padding: "0.5rem 1.25rem",
|
||||
border: "1px solid #d1d5db",
|
||||
borderRadius: 6,
|
||||
background: "transparent",
|
||||
cursor: "pointer",
|
||||
fontSize: 13,
|
||||
color: "#6b7280",
|
||||
};
|
||||
|
||||
@@ -7,7 +7,8 @@
|
||||
"jsx": "react-jsx",
|
||||
"strict": true,
|
||||
"noUncheckedIndexedAccess": true,
|
||||
"skipLibCheck": true
|
||||
"skipLibCheck": true,
|
||||
"types": ["vite/client"]
|
||||
},
|
||||
"include": ["src"]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user