feat(GRO-2359): route Authentik new-SSO users into OOBE (web)
The post-auth handler in CustomerPortal previously rendered the
"Portal access not configured" card when the SSO bridge returned 404
(no client row for the user's email). That trapped first-time SSO
users on a dead-end screen with no path to portal creation.
This change routes the 404 to a new OOBE component (src/portal/OOBE.tsx)
that drives portal creation:
* Mounts inline inside CustomerPortal so the post-auth flow stays
inside the portal render tree (no App-level router needed).
* Also reachable as a direct deep-link via the new /onboarding route
in App.tsx (for grooming admins or recovery flows).
* Submits to a new POST /api/portal/clients-from-auth endpoint in
groombook-api (companion commit) that creates a fresh client row
bound to the Better Auth email. 409 means the email already has a
portal record — the OOBE shows a portal-selection message.
* Uses the canonical shared signOut() from lib/auth-client (GRO-2358
invariant) for the Sign out button.
* Full window.location.href reload on submit success to reset the
bridge's cached state and land the user in their portal.
The no-access card itself is preserved for the deep-link deleted-portal
case (a customer whose portal was disabled/deleted), signalled via
?noAccess=deleted-portal on a portal sub-route. The OOBE handles the
first-time-creation case; the no-access card handles the "had a portal
but lost it" case.
Test coverage:
* "routes to /onboarding when session-from-auth returns 404 (GRO-2359)"
— proves the post-auth 404 mounts the OOBE inline, not the legacy
no-access card.
* 6 new OOBE tests: render from direct link, name prefill, form
submission, 409 portal-selection, required-name validation, shared
signOut(), redirect on no-session.
* P1 no-access tests reworked to use ?noAccess=deleted-portal so the
GRO-2358 signOut invariant is still verified on the only surviving
path to the no-access card.
UAT_PLAYBOOK §5.25.5–6e rewritten to cover the OOBE flow (form submit,
409, deep-link mount, deleted-portal no-access card).
Paired with the api PR on feature/2357-p2-portal-clients-from-auth.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -13,6 +13,7 @@ import { Communication } from "./sections/Communication.js";
|
||||
import { AccountSettings } from "./sections/AccountSettings.js";
|
||||
import { ImpersonationBanner } from "./ImpersonationBanner.js";
|
||||
import { AuditLogViewer } from "./AuditLogViewer.js";
|
||||
import { OOBE } from "./OOBE.js";
|
||||
import { useBranding } from "../BrandingContext.js";
|
||||
import { getDevUser } from "../pages/DevLoginSelector.js";
|
||||
import { signOut } from "../lib/auth-client.js";
|
||||
@@ -53,6 +54,13 @@ export function CustomerPortal() {
|
||||
// (e.g. authenticated user with no matching client row). Rendered in place
|
||||
// of the portal chrome instead of bouncing back to /login.
|
||||
const [authError, setAuthError] = useState<string | null>(null);
|
||||
// GRO-2359 — the SSO bridge 404 (no client row for the user's email)
|
||||
// routes the user into the OOBE. We mount the OOBE inline rather than
|
||||
// navigating to /onboarding so the post-auth flow stays inside the
|
||||
// CustomerPortal render tree (test-isolated, no App-level router needed
|
||||
// for the integration to work). The /onboarding route in App.tsx is
|
||||
// still the mount point for direct deep-links to the same component.
|
||||
const [showOOBE, setShowOOBE] = useState(false);
|
||||
const { branding } = useBranding();
|
||||
const [searchParams, setSearchParams] = useSearchParams();
|
||||
|
||||
@@ -63,6 +71,18 @@ export function CustomerPortal() {
|
||||
initDone.current = true;
|
||||
|
||||
const sessionId = searchParams.get("sessionId");
|
||||
// GRO-2359: a deep-link to a portal sub-route with ?noAccess=deleted-portal
|
||||
// is the only path that still shows the no-access card. The post-auth
|
||||
// 404-from-bridge path now navigates to /onboarding (OOBE) so the new
|
||||
// user can create a portal. The deleted-portal case is set explicitly
|
||||
// (e.g. a groomer who disabled a client) and uses the same no-access
|
||||
// UI with the shared signOut() — that was the GRO-2358 invariant.
|
||||
const noAccess = searchParams.get("noAccess");
|
||||
if (noAccess === "deleted-portal") {
|
||||
setAuthError(
|
||||
"Your portal access has been removed. Please contact your groomer if you think this is a mistake.",
|
||||
);
|
||||
}
|
||||
|
||||
if (sessionId) {
|
||||
setIsImpersonating(true);
|
||||
@@ -153,11 +173,13 @@ export function CustomerPortal() {
|
||||
setPortalSessionId(data.sessionId);
|
||||
setClientName(data.clientName);
|
||||
} else if (bridgeResp.status === 404) {
|
||||
// Authenticated but no matching client row — show a friendly message
|
||||
// instead of bouncing back to /login (which would loop indefinitely).
|
||||
setAuthError(
|
||||
"Your account is not linked to a customer record. Please contact your groomer to set up portal access."
|
||||
);
|
||||
// Authenticated but no matching client row — mount the OOBE
|
||||
// (GRO-2359) so the user can create their portal record instead
|
||||
// of landing on the no-access card. The no-access card itself is
|
||||
// still reachable for the deleted-portal case (see GRO-2358) via
|
||||
// the ?noAccess=deleted-portal deep-link, but is no longer in
|
||||
// the new-user path.
|
||||
setShowOOBE(true);
|
||||
}
|
||||
// 401/other: fall through; App.tsx render guard will redirect to /login.
|
||||
} catch {
|
||||
@@ -280,6 +302,15 @@ export function CustomerPortal() {
|
||||
// session state. Dev users are verified via localStorage and the dev-session flow.
|
||||
// SSO customers are recognised by portalSessionId (set by the Better Auth bridge).
|
||||
if (!session && !portalSessionId) {
|
||||
// GRO-2359 — new-user path: mount the OOBE inline so the SSO bridge's
|
||||
// 404 hands the user a portal-creation form instead of the no-access
|
||||
// card. onCompleted triggers a full page reload to /, which re-runs
|
||||
// the bridge (now with a matching client row) and lands the user in
|
||||
// the portal. A full reload (not React Router navigate) is the
|
||||
// safest reset of the bridge's cached state.
|
||||
if (showOOBE) {
|
||||
return <OOBE onCompleted={() => { window.location.href = "/"; }} />;
|
||||
}
|
||||
if (authError) {
|
||||
// GRO-1867: graceful 404 fallback — authenticated user has no client row.
|
||||
return (
|
||||
|
||||
Reference in New Issue
Block a user