Francy51/Neon-Desk
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

Stabilize sign-up session creation and post-auth redirect flow #3

New Issue
Closed
opened 2026-03-14 22:16:24 +00:00 by Francy51 · 2 comments
Francy51 commented 2026-03-14 22:16:24 +00:00
Owner
Copy Link

Summary

Auth confidence is too low: multiple e2e flows reached Secure Sign In immediately after a supposed successful sign-up instead of landing in Command Center.

Evidence

  • Full run on 2026-03-14: bun run test:e2e
  • Failed specs:
    • e2e/financials.spec.ts (shows not meaningful expense breakdown rows for bank pack filings)
    • e2e/graphing.spec.ts (supports graphing compare controls and partial failures)
    • e2e/graphing.spec.ts (distinguishes not meaningful metrics from missing data in the latest values table)
  • In each case the browser ended on the sign-in screen instead of the authenticated app shell.

Expected

  • A successful sign-up should result in a stable authenticated session and deterministic redirect into the app.

Acceptance Criteria

  • Post-signup redirect consistently lands in the authenticated shell.
  • Session cookies persist reliably across the first navigation after sign-up.
  • Financials and Graphing auth entry flows pass in e2e without redirecting back to sign-in.
  • A targeted auth regression test covers this path under realistic parallel test load.

Related Issues

  • Follow-up investigation after the core redirect-race fix: #12
## Summary Auth confidence is too low: multiple e2e flows reached Secure Sign In immediately after a supposed successful sign-up instead of landing in Command Center. ## Evidence - Full run on 2026-03-14: `bun run test:e2e` - Failed specs: - `e2e/financials.spec.ts` (`shows not meaningful expense breakdown rows for bank pack filings`) - `e2e/graphing.spec.ts` (`supports graphing compare controls and partial failures`) - `e2e/graphing.spec.ts` (`distinguishes not meaningful metrics from missing data in the latest values table`) - In each case the browser ended on the sign-in screen instead of the authenticated app shell. ## Expected - A successful sign-up should result in a stable authenticated session and deterministic redirect into the app. ## Acceptance Criteria - Post-signup redirect consistently lands in the authenticated shell. - Session cookies persist reliably across the first navigation after sign-up. - Financials and Graphing auth entry flows pass in e2e without redirecting back to sign-in. - A targeted auth regression test covers this path under realistic parallel test load. ## Related Issues - Follow-up investigation after the core redirect-race fix: #12
Francy51 added the P0 label 2026-03-14 22:16:24 +00:00
Francy51 commented 2026-03-14 23:12:26 +00:00
Author
Owner
Copy Link

Implemented the task-3 auth handoff fix locally and validated the core behavior.

What changed:

  • Added a shared use-auth-handoff hook so auth pages wait for authClient.useSession() to expose a real user before navigating.
  • Replaced optimistic router.replace(...) redirects with session-confirmed window.location.replace(...).
  • Added explicit Finishing sign-in... UI state plus a 10s timeout recovery message.
  • Added targeted Playwright coverage for signup success, signin success, preserved next, redirecting authenticated users away from auth pages, delayed session visibility, and timeout recovery.

Verification:

  • bun x tsc --noEmit
  • bun x playwright test e2e/auth.spec.ts 10 passed

Latest findings from downstream specs:

  • analysis.spec.ts auth setup now reaches the app shell in serial runs.
  • financials.spec.ts no longer shows the original auth bounce; the remaining failure there is a separate strict-locator assertion on Unmapped / Residual.
  • graphing.spec.ts still has an intermittent signup stall where the page stays on Create Account with Creating account..., meaning the signup request never completed and the new handoff logic never started.
  • A multi-worker run made that signup stall more obvious across multiple setup helpers.

Assessment:

  • The original post-auth redirect race is fixed by this change set.
  • There is still a separate signup-completion instability under e2e load, so I opened a follow-up issue to track that independently.
Implemented the task-3 auth handoff fix locally and validated the core behavior. What changed: - Added a shared `use-auth-handoff` hook so auth pages wait for `authClient.useSession()` to expose a real user before navigating. - Replaced optimistic `router.replace(...)` redirects with session-confirmed `window.location.replace(...)`. - Added explicit `Finishing sign-in...` UI state plus a 10s timeout recovery message. - Added targeted Playwright coverage for signup success, signin success, preserved `next`, redirecting authenticated users away from auth pages, delayed session visibility, and timeout recovery. Verification: - `bun x tsc --noEmit` ✅ - `bun x playwright test e2e/auth.spec.ts` ✅ 10 passed Latest findings from downstream specs: - `analysis.spec.ts` auth setup now reaches the app shell in serial runs. - `financials.spec.ts` no longer shows the original auth bounce; the remaining failure there is a separate strict-locator assertion on `Unmapped / Residual`. - `graphing.spec.ts` still has an intermittent signup stall where the page stays on `Create Account` with `Creating account...`, meaning the signup request never completed and the new handoff logic never started. - A multi-worker run made that signup stall more obvious across multiple setup helpers. Assessment: - The original post-auth redirect race is fixed by this change set. - There is still a separate signup-completion instability under e2e load, so I opened a follow-up issue to track that independently.
Francy51 commented 2026-03-15 21:13:00 +00:00
Author
Owner
Copy Link

Fixed in ac3b036 - post-auth handoff now waits for session. Remaining signup stall under e2e load tracked in #12.

Fixed in ac3b036 - post-auth handoff now waits for session. Remaining signup stall under e2e load tracked in #12.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P0
Critical priority
 P1
High priority
 P2
Medium priority
 P3
Low priority
No Label P0
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
coolify_deployment Francy51
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Francy51/Neon-Desk#3
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?