Merge pull request 'Promote dev -> uat: GRO-2011 login-blank fix (+ GRO-1867)' (#37 ) from dev into uat

fix(GRO-2011): /login renders blank — always fetch setup/status for unauth users (#36 )
Co-authored-by: Lint Roller <23+gb_lint@noreply.git.farh.net> Co-committed-by: Lint Roller <23+gb_lint@noreply.git.farh.net>
2026-06-01 16:38:14 +00:00 · 2026-06-01 16:36:44 +00:00 · 2026-05-27 02:27:32 +00:00 · 2026-05-26 13:23:52 +00:00 · 2026-05-26 13:16:39 +00:00 · 2026-05-26 13:02:16 +00:00
3 changed files with 68 additions and 3 deletions
@@ -53,6 +53,7 @@ export const { signIn, signOut, useSession, changePassword } = authClient;
 | TC-WEB-5.1.2 | OIDC redirect | Click OIDC login button | Redirected to OIDC provider, then back to app with session established |
 | TC-WEB-5.1.3 | Logout | Click logout button | Session cleared, redirected to login page |
 | TC-WEB-5.1.4 | Session indicator | After successful login | User info/initials visible in UI indicating active session |
+| TC-WEB-5.1.5 | Unauthenticated `/login` renders the form (GRO-2011) | In a private/incognito window with no session cookie, navigate to UAT `/login` | React root mounts; the GroomBook sign-in card with the OIDC button is visible. Network tab shows `/api/auth/get-session` 200, `/api/setup/status` 200, and the login form is rendered (NOT a blank white viewport). |

 ### 5.2 Authentication — VITE_API_URL Set

@@ -327,11 +327,16 @@ export function App() {
      .catch(() => setAuthDisabled(false));
  }, []);

-  // After session is confirmed, check if setup is needed
+  // After session is confirmed, check if setup is needed.
+  // Always run the setup/status fetch as soon as the auth state is known — even for
+  // unauthenticated users, so the `needsSetup` value is in place if they sign in
+  // mid-session. The unauth branch in the render below is handled before
+  // `needsSetup` is consulted, so this is safe and avoids a stuck-`null` state.
+  // See GRO-2011.
  useEffect(() => {
    if (authDisabled === null || sessionLoading) return;
-    // Skip if no authenticated session (will redirect to login or dev selector)
-    if (!authDisabled && !session) return;
+    // In dev mode, only fetch when a dev user has been selected — otherwise the
+    // user is mid-redirect to the dev login selector and we don't need setup state.
    if (authDisabled && !getDevUser()) return;

    fetch("/api/setup/status")
@@ -121,6 +121,65 @@ describe("App navigation", () => {
  });
 });

+describe("GRO-2011 — setup/status fetch for unauthenticated users", () => {
+  it("calls /api/setup/status for unauthenticated users so needsSetup is never stuck null", async () => {
+    const setupStatusCalls: string[] = [];
+
+    global.fetch = vi.fn((url: string) => {
+      if (url === "/api/dev/config") {
+        return Promise.resolve({
+          ok: true,
+          json: async () => ({ authDisabled: false }),
+        } as Response);
+      }
+      if (url === "/api/auth/get-session") {
+        // Better Auth returns 200 with null session for unauthenticated users.
+        return Promise.resolve({
+          ok: true,
+          json: async () => null,
+        } as unknown as Response);
+      }
+      if (url === "/api/setup/status") {
+        setupStatusCalls.push(url);
+        return Promise.resolve({
+          ok: true,
+          json: async () => ({ needsSetup: false }),
+        } as Response);
+      }
+      if (url === "/api/branding") {
+        return Promise.resolve({
+          ok: true,
+          json: async () => ({
+            businessName: "GroomBook",
+            primaryColor: "#4f8a6f",
+            accentColor: "#8b7355",
+            logoBase64: null,
+            logoMimeType: null,
+          }),
+        } as Response);
+      }
+      return Promise.resolve({ ok: true, json: async () => [] } as Response);
+    }) as unknown as typeof fetch;
+
+    render(
+      <MemoryRouter initialEntries={["/login"]}>
+        <App />
+      </MemoryRouter>
+    );
+
+    // The login page should be rendered for the unauthenticated user.
+    await screen.findByText("Sign in to continue");
+
+    // Crucially, /api/setup/status must be called even when the user is unauthenticated —
+    // otherwise `needsSetup` stays null and a later code path can short-circuit to a
+    // blank page (GRO-2011).
+    await waitFor(() => {
+      expect(setupStatusCalls.length).toBeGreaterThanOrEqual(1);
+    });
+    expect(setupStatusCalls[0]).toBe("/api/setup/status");
+  });
+});
+
 describe("Dev login selector", () => {
  it("redirects to /login when auth is disabled and no user selected", async () => {
    global.fetch = vi.fn((url: string) => {
Author	SHA1	Message	Date
The Dogfather	bd2a0d9516	Merge pull request 'Promote dev -> uat: GRO-2011 login-blank fix (+ GRO-1867)' (#37 ) from dev into uat CI / Test (push) Successful in 19s Details CI / Lint & Typecheck (push) Successful in 23s Details CI / Build & Push Docker Image (push) Successful in 10s Details	2026-06-01 16:38:14 +00:00
Lint Roller	3d7b247562	fix(GRO-2011): /login renders blank — always fetch setup/status for unauth users (#36 ) CI / Test (push) Successful in 21s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Image (push) Successful in 12s Details CI / Test (pull_request) Successful in 20s Details CI / Lint & Typecheck (pull_request) Successful in 26s Details CI / Build & Push Docker Image (pull_request) Successful in 11s Details Co-authored-by: Lint Roller <23+gb_lint@noreply.git.farh.net> Co-committed-by: Lint Roller <23+gb_lint@noreply.git.farh.net>	2026-06-01 16:36:44 +00:00
The Dogfather	0e5e9d1f16	Merge pull request 'chore: promote dev → uat (GRO-1829 SW fix)' (#32 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 23s Details CI / Build & Push Docker Image (push) Successful in 15s Details Merge: promote dev → uat (GRO-1829 SW fix)	2026-05-27 02:27:32 +00:00
The Dogfather	3b4d0f15f6	Merge pull request 'chore: promote dev → uat (GRO-1795 StatusBadge)' (#28 ) from dev into uat CI / Lint & Typecheck (push) Successful in 17s Details CI / Test (push) Successful in 13s Details CI / Build & Push Docker Image (push) Successful in 34s Details Merge PR #28: promote dev → uat (GRO-1795 StatusBadge)	2026-05-26 13:23:52 +00:00
The Dogfather	87939e5413	Merge pull request 'chore: promote dev → uat (GRO-1794 booking analytics)' (#27 ) from dev into uat CI / Test (push) Successful in 19s Details CI / Lint & Typecheck (push) Successful in 22s Details CI / Build & Push Docker Image (push) Successful in 12s Details Merge dev → uat: GRO-1794 booking funnel analytics events	2026-05-26 13:16:39 +00:00
The Dogfather	4e3a038bf3	Merge pull request 'Promote dev → uat (GRO-1793: dynamic time slots)' (#25 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Failing after 6s Details Promote dev → uat: GRO-1793 dynamic portal time slots (#25)	2026-05-26 13:02:16 +00:00
Lint Roller	8349ea00de	Merge pull request 'promote: dev → uat (GRO-1757 SSO auto-provision fix)' (#19 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 33s Details CI / Build & Push Docker Image (push) Successful in 14s Details CI / Test (pull_request) Successful in 19s Details CI / Lint & Typecheck (pull_request) Successful in 24s Details CI / Build & Push Docker Image (pull_request) Successful in 15s Details promote: dev → uat (GRO-1757 SSO auto-provision fix)	2026-05-25 23:48:10 +00:00
The Dogfather	0306c7fbd9	Merge pull request 'chore(GRO-1592): promote dev→uat SSO session cookie fix' (#16 ) from promote-uat-gro1592 into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Image (push) Failing after 39s Details	2026-05-23 14:13:43 +00:00
Chris Farhood	93da2f1dd8	chore: promote dev→uat for GRO-1592 SSO session cookie fix CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Test (pull_request) Successful in 18s Details CI / Build & Push Docker Image (pull_request) Failing after 41s Details - Fixed frontend auth client baseURL fallback to use window.location.origin - Added UAT test coverage (TC-AUTH-5.3.4) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:13:12 +00:00
The Dogfather	62cbfe4e43	Merge pull request 'promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence)' (#14 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Image (push) Successful in 9s Details promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence) (#14) Merged-By: The Dogfather (CTO) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:46:41 +00:00
The Dogfather	db6a2a1bbf	Merge pull request 'promote: dev → uat (Renovate config, GRO-1081)' (#11 ) from dev into uat promote: dev → uat (Renovate config, GRO-1081) Merge PR #11: dev → uat promotion Includes: chore: add Renovate config (GRO-1081)	2026-05-20 12:42:04 +00:00
The Dogfather	032a3796ba	Merge pull request 'chore: promote dev to uat (CI Docker registry fix)' (#10 ) from dev into uat chore: promote dev to uat (CI Docker registry fix) (#10) Promotes GRO-1348 CI registry fix to UAT.	2026-05-20 11:17:21 +00:00
the-dogfather-cto[bot]	cac8fc947e	chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md	2026-05-14 21:13:56 +00:00
the-dogfather-cto[bot]	592be1301c	chore: promote dev to uat (#3 ) chore: promote dev to uat	2026-05-11 13:19:33 +00:00