switch to anon on auth sync signup to allow the creation of a new account; stop login page from redirecting to callbackUrl on auth sync signup if there's already a session

Soxasora · Soxasora · commit e65e8a57210b · 2025-05-31T14:21:26.000-05:00
diff --git a/components/login.js b/components/login.js
@@ -11,8 +11,9 @@ import { emailSchema } from '@/lib/validate'
 import { OverlayTrigger, Tooltip } from 'react-bootstrap'
 import { datePivot } from '@/lib/time'
 import * as cookie from 'cookie'
-import { cookieOptions } from '@/lib/auth'
+import { cookieOptions, MULTI_AUTH_ANON, MULTI_AUTH_POINTER } from '@/lib/auth'
 import Link from 'next/link'
+import useCookie from './use-cookie'
 
 export function EmailLoginForm ({ text, callbackUrl, multiAuth }) {
   const disabled = multiAuth
@@ -71,9 +72,18 @@ export function authErrorMessage (error, signin) {
   return message
 }
 
-export default function Login ({ providers, callbackUrl, multiAuth, error, text, Header, Footer, signin }) {
+export default function Login ({ providers, callbackUrl, multiAuth, error, text, Header, Footer, signin, syncSignup }) {
   const [errorMessage, setErrorMessage] = useState(authErrorMessage(error, signin))
   const router = useRouter()
+  const [, setPointerCookie] = useCookie(MULTI_AUTH_POINTER)
+
+  // we can't signup if we're already logged in to another account
+  // for signups with auth sync, we first need to switch to anon.
+  useEffect(() => {
+    if (syncSignup) {
+      setPointerCookie(MULTI_AUTH_ANON, cookieOptions({ httpOnly: false }))
+    }
+  }, [syncSignup, setPointerCookie])
 
   // signup/signin awareness cookie
   useEffect(() => {
diff --git a/pages/api/auth/sync.js b/pages/api/auth/sync.js
@@ -107,6 +107,7 @@ function handleNoSession (res, domainName, redirectUri, signup = false) {
 
   // create SN login URL and add our sync callback URL
   const loginRedirectUrl = new URL(signup ? '/signup' : '/login', SN_MAIN_DOMAIN)
+  if (signup) loginRedirectUrl.searchParams.set('syncSignup', 'true')
   loginRedirectUrl.searchParams.set('callbackUrl', syncUrl.href)
 
   // redirect user to login page
diff --git a/pages/login.js b/pages/login.js
@@ -7,7 +7,7 @@ import Login from '@/components/login'
 import { isExternal } from '@/lib/url'
 import { MULTI_AUTH_ANON, MULTI_AUTH_POINTER } from '@/lib/auth'
 
-export async function getServerSideProps ({ req, res, query: { callbackUrl, multiAuth = false, error = null } }) {
+export async function getServerSideProps ({ req, res, query: { callbackUrl, multiAuth = false, syncSignup = null, error = null } }) {
   let session = await getServerSession(req, res, getAuthOptions(req))
 
   // required to prevent infinite redirect loops if we switch to anon
@@ -30,9 +30,9 @@ export async function getServerSideProps ({ req, res, query: { callbackUrl, mult
     callbackUrl = '/'
   }
 
-  if (session && callbackUrl && !multiAuth) {
+  if (session && callbackUrl && !multiAuth && !syncSignup) {
     // in the case of auth linking we want to pass the error back to settings
-    // in the case of multi auth, don't redirect if there is already a session
+    // in the case of multi auth or auth sync signup, don't redirect if there is already a session
     if (error) {
       const url = new URL(callbackUrl, process.env.NEXT_PUBLIC_URL)
       url.searchParams.set('error', error)
@@ -54,7 +54,8 @@ export async function getServerSideProps ({ req, res, query: { callbackUrl, mult
       providers,
       callbackUrl,
       error,
-      multiAuth
+      multiAuth,
+      syncSignup
     }
   }
 }
