fix csrf and login redirect to dashboard

ocadotechnology · Jun 13, 2024 · 6dc4434 · 6dc4434
1 parent 030cf2d
commit 6dc4434
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 4 deletions.
diff --git a/src/api/index.ts b/src/api/index.ts
@@ -24,7 +24,11 @@ const api = createApi({
   baseQuery: async (args, api, extraOptions) => {
     if (api.type === "mutation" && getCsrfCookie() === undefined) {
       // Get the CSRF token.
-      const { error } = await fetch({ url: "", method: "GET" }, api, {})
+      const { error } = await fetch(
+        { url: "/csrf/cookie", method: "GET" },
+        api,
+        {},
+      )
 
       // Validate we got the CSRF token.
       if (error !== undefined) {

diff --git a/src/pages/login/Login.tsx b/src/pages/login/Login.tsx
@@ -1,10 +1,15 @@
-import type { FC } from "react"
+import { useEffect, type FC } from "react"
 import * as yup from "yup"
 
 import * as page from "codeforlife/components/page"
-import { useSearchParamEntries } from "codeforlife/hooks"
+import {
+  useNavigate,
+  useSearchParamEntries,
+  useSessionMetadata,
+} from "codeforlife/hooks"
 import { tryValidateSync } from "codeforlife/utils/schema"
 
+import { paths } from "../../router"
 import IndyForm from "./IndyForm"
 import * as studentForms from "./studentForms"
 import * as teacherForms from "./teacherForms"
@@ -20,13 +25,29 @@ export interface LoginProps {
 }
 
 const Login: FC<LoginProps> = ({ form }) => {
+  const sessionMetadata = useSessionMetadata()
+  const navigate = useNavigate()
+
   const searchParams = tryValidateSync(
     useSearchParamEntries(),
     yup.object({
       verifyEmail: yup.boolean().default(false),
     }),
   )
 
+  useEffect(() => {
+    if (sessionMetadata && !sessionMetadata.auth_factors.length) {
+      navigate(
+        {
+          teacher: paths.teacher.dashboard.school._,
+          student: paths.student.dashboard._,
+          indy: paths.indy.dashboard._,
+        }[sessionMetadata.user_type],
+        { replace: true },
+      )
+    }
+  }, [sessionMetadata, navigate])
+
   return (
     <page.Page>
       {searchParams?.verifyEmail && (

diff --git a/yarn.lock b/yarn.lock
@@ -2576,7 +2576,7 @@ clsx@^2.1.0:
 
 "codeforlife@github:ocadotechnology/codeforlife-package-javascript#auth_flow":
   version "2.0.0"
-  resolved "https://codeload.github.com/ocadotechnology/codeforlife-package-javascript/tar.gz/182d467560528a7d64108e8a7d04ac76efedb2ba"
+  resolved "https://codeload.github.com/ocadotechnology/codeforlife-package-javascript/tar.gz/73814fa45fd15f8ea8f92a063163a8166980c549"
   dependencies:
     "@emotion/react" "^11.10.6"
     "@emotion/styled" "^11.10.6"