Fix login flow to properly authenticate with Firebase

sirjamesgray · sirjamesgray · commit 72af548c1bab · 2025-07-07T07:27:05.000-05:00
- Add Firebase signInWithCustomToken to login form after API success
- Update SessionAuthInitializer to handle login redirects properly
- Set authRedirectPending flag before Firebase authentication
- Add redirect logic for both existing and new session creation
- Ensure proper session management flow compliance

This fixes the issue where users were kicked back to logged out page
after login by ensuring Firebase auth state changes are properly handled.
diff --git a/app/components/auth/SessionAuthInitializer.tsx b/app/components/auth/SessionAuthInitializer.tsx
@@ -212,12 +212,30 @@ function SessionAuthInitializer({ children }: SessionAuthInitializerProps) {
               console.warn('SessionAuthInitializer: Failed to transfer logged-out token allocations for existing user:', transferError);
               // Don't fail the login process if token transfer fails
             }
+
+            // Handle redirect after successful login
+            if (isOnLoginPage && authRedirectPending) {
+              console.log('SessionAuthInitializer: Login successful, redirecting to home page');
+              localStorage.removeItem('authRedirectPending');
+              setTimeout(() => {
+                window.location.href = "/";
+              }, 500);
+            }
           } catch (sessionError) {
             // If no session exists for this user, create a new one
             console.log('SessionAuthInitializer: No session found for user, creating new session:', firebaseUser.uid);
             console.log('SessionAuthInitializer: Session error details:', sessionError);
             try {
               await createSessionFromFirebaseUser(firebaseUser);
+
+              // Handle redirect after successful new session creation
+              if (isOnLoginPage && authRedirectPending) {
+                console.log('SessionAuthInitializer: New session created, redirecting to home page');
+                localStorage.removeItem('authRedirectPending');
+                setTimeout(() => {
+                  window.location.href = "/";
+                }, 500);
+              }
             } catch (createError) {
               console.error('SessionAuthInitializer: Failed to create session for user:', firebaseUser.uid, createError);
               // If session creation fails, clear any active account
diff --git a/app/components/forms/modern-login-form.tsx b/app/components/forms/modern-login-form.tsx
@@ -38,7 +38,8 @@ import { Button } from "../ui/button"
 import { Input } from "../ui/input"
 import { Label } from "../ui/label"
 import { useState, useEffect } from "react"
-// Removed direct Firebase imports - now using API endpoints
+import { signInWithCustomToken } from "firebase/auth"
+import { auth } from "../../firebase/config"
 import { Loader2, AlertCircle } from "lucide-react"
 import { Separator } from "../ui/separator"
 // reCAPTCHA functionality removed
@@ -105,29 +106,25 @@ export function ModernLoginForm({
       const result = await response.json()
 
       if (response.ok && result.success) {
-        // Successful login
+        // Successful login - now sign into Firebase with the custom token
         console.log("Login successful:", result.data)
 
-        // The API already sets the session cookies, so we can proceed directly
-        console.log("Session cookies set by API")
+        try {
+          // Sign into Firebase with the custom token from the API
+          console.log("Signing into Firebase with custom token...")
+          localStorage.setItem('authRedirectPending', 'true')
 
-        // Check if we're adding a new account to the account switcher
-        const previousUserSession = localStorage.getItem('previousUserSession') ||
-                                   sessionStorage.getItem('wewrite_previous_user')
+          const userCredential = await signInWithCustomToken(auth, result.data.customToken)
+          console.log("Firebase sign-in successful:", userCredential.user.uid)
 
-        if (previousUserSession) {
-          console.log("Adding new account to account switcher...")
-          // This is handled by the MultiAccountProvider
-        }
-
-        // Increase timeout to allow auth state to fully propagate
-        // and ensure cookies are properly set
-        localStorage.setItem('authRedirectPending', 'true')
+          // The Firebase auth state change will trigger the session management
+          // and handle the redirect automatically through SessionAuthInitializer
 
-        setTimeout(() => {
+        } catch (firebaseError: any) {
+          console.error("Firebase sign-in error:", firebaseError)
           localStorage.removeItem('authRedirectPending')
-          window.location.href = "/"; // Use direct navigation for better compatibility
-        }, 1500)
+          setError("Authentication failed. Please try again.")
+        }
       } else {
         // Handle API error response
         let errorMessage = result.error || "Failed to sign in. Please try again."
