fix(GRO-2358): wire signOut() at higher layer for no-access screen #72

Merged

Flea Flicker merged 1 commits from feature/2357-p1-logout-on-no-access into dev

2026-06-11 14:24:46 +00:00

Author	SHA1	Message	Date
Flea Flicker	e55fbed8c1	fix(GRO-2358): wire signOut() at higher layer for no-access screen CI / Test (pull_request) Successful in 21s Details CI / Lint & Typecheck (pull_request) Successful in 27s Details CI / Build & Push Docker Image (pull_request) Successful in 44s Details The 'Portal access not configured' screen (rendered when an Authentik SSO user has no matching client row) used an inline fetch to /api/auth/sign-out instead of the shared signOut() exported by lib/auth-client. AdminLayout already uses the shared handler, so the no-access screen was a divergence that could trap the user on an authenticated surface with a broken exit. Wire handleSignOut at the CustomerPortal level and use it from the no-access card. The handler: - calls the canonical signOut() from lib/auth-client (same one AdminLayout uses, so 'same logout handler reachable from any authenticated route' is satisfied without adding a new chrome element) - always navigates to /login, even on transient auth-server failure, so a network hiccup never leaves the user trapped Tests cover the home no-access path AND a deep-link no-access path (/appointments) — the latter guards the AC requirement that the escape hatch works on at least one other authenticated surface that does not have a route guard. UAT_PLAYBOOK §5.25.6 updated; new §5.25.6b documents the deep-link case. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-11 14:22:37 +00:00

Author

SHA1

Message

Date

Flea Flicker

e55fbed8c1

fix(GRO-2358): wire signOut() at higher layer for no-access screen

CI / Test (pull_request) Successful in 21s

Details

CI / Lint & Typecheck (pull_request) Successful in 27s

Details

CI / Build & Push Docker Image (pull_request) Successful in 44s

Details

The 'Portal access not configured' screen (rendered when an Authentik SSO
user has no matching client row) used an inline fetch to /api/auth/sign-out
instead of the shared signOut() exported by lib/auth-client. AdminLayout
already uses the shared handler, so the no-access screen was a divergence
that could trap the user on an authenticated surface with a broken exit.

Wire handleSignOut at the CustomerPortal level and use it from the no-access
card. The handler:

- calls the canonical signOut() from lib/auth-client (same one AdminLayout
  uses, so 'same logout handler reachable from any authenticated route' is
  satisfied without adding a new chrome element)
- always navigates to /login, even on transient auth-server failure, so a
  network hiccup never leaves the user trapped

Tests cover the home no-access path AND a deep-link no-access path
(/appointments) — the latter guards the AC requirement that the escape
hatch works on at least one other authenticated surface that does not have
a route guard. UAT_PLAYBOOK §5.25.6 updated; new §5.25.6b documents the
deep-link case.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-06-11 14:22:37 +00:00

fix(GRO-2358): wire signOut() at higher layer for no-access screen #72

1 Commits