fix: complete wechat pending auth callback flows
This commit is contained in:
IanShaw027
@@ -15,7 +15,16 @@
|
||||
</div>
|
||||
|
||||
<transition name="fade">
|
||||
<div v-if="needsInvitation || needsAdoptionConfirmation" class="space-y-4">
|
||||
<div
|
||||
v-if="
|
||||
needsInvitation ||
|
||||
needsAdoptionConfirmation ||
|
||||
needsCreateAccount ||
|
||||
needsBindLogin ||
|
||||
needsTotpChallenge
|
||||
"
|
||||
class="space-y-4"
|
||||
>
|
||||
<div
|
||||
v-if="adoptionRequired && (suggestedDisplayName || suggestedAvatarUrl)"
|
||||
class="rounded-xl border border-gray-200 bg-gray-50 p-4 dark:border-dark-600 dark:bg-dark-800/60"
|
||||
@@ -141,6 +150,124 @@
|
||||
{{ isSubmitting ? t('common.processing') : 'Continue' }}
|
||||
</button>
|
||||
</template>
|
||||
|
||||
<template v-else-if="needsCreateAccount">
|
||||
<p class="text-sm text-gray-700 dark:text-gray-300">
|
||||
Enter an email address to create your account and continue.
|
||||
</p>
|
||||
<div class="space-y-3">
|
||||
<input
|
||||
v-model="pendingAccountEmail"
|
||||
data-testid="wechat-create-account-email"
|
||||
type="email"
|
||||
class="input w-full"
|
||||
placeholder="you@example.com"
|
||||
:disabled="isSubmitting"
|
||||
@keyup.enter="handleCreateAccount"
|
||||
/>
|
||||
<button
|
||||
data-testid="wechat-create-account-submit"
|
||||
class="btn btn-primary w-full"
|
||||
:disabled="isSubmitting || !pendingAccountEmail.trim()"
|
||||
@click="handleCreateAccount"
|
||||
>
|
||||
{{ isSubmitting ? t('common.processing') : 'Create account' }}
|
||||
</button>
|
||||
<button
|
||||
class="btn btn-secondary w-full"
|
||||
:disabled="isSubmitting"
|
||||
@click="switchToBindLoginMode"
|
||||
>
|
||||
I already have an account
|
||||
</button>
|
||||
</div>
|
||||
<transition name="fade">
|
||||
<p v-if="accountActionError" class="text-sm text-red-600 dark:text-red-400">
|
||||
{{ accountActionError }}
|
||||
</p>
|
||||
</transition>
|
||||
</template>
|
||||
|
||||
<template v-else-if="needsBindLogin">
|
||||
<p class="text-sm text-gray-700 dark:text-gray-300">
|
||||
Log in to an existing account to bind this {{ providerName }} sign-in.
|
||||
</p>
|
||||
<div class="space-y-3">
|
||||
<input
|
||||
v-model="bindLoginEmail"
|
||||
data-testid="wechat-bind-login-email"
|
||||
type="email"
|
||||
class="input w-full"
|
||||
placeholder="you@example.com"
|
||||
:disabled="isSubmitting"
|
||||
@keyup.enter="handleBindLogin"
|
||||
/>
|
||||
<input
|
||||
v-model="bindLoginPassword"
|
||||
data-testid="wechat-bind-login-password"
|
||||
type="password"
|
||||
class="input w-full"
|
||||
placeholder="Password"
|
||||
:disabled="isSubmitting"
|
||||
@keyup.enter="handleBindLogin"
|
||||
/>
|
||||
<button
|
||||
data-testid="wechat-bind-login-submit"
|
||||
class="btn btn-primary w-full"
|
||||
:disabled="isSubmitting || !bindLoginEmail.trim() || !bindLoginPassword"
|
||||
@click="handleBindLogin"
|
||||
>
|
||||
{{ isSubmitting ? t('common.processing') : 'Log in and bind' }}
|
||||
</button>
|
||||
<button
|
||||
v-if="canReturnToCreateAccount"
|
||||
class="btn btn-secondary w-full"
|
||||
:disabled="isSubmitting"
|
||||
@click="switchToCreateAccountMode"
|
||||
>
|
||||
Use a different email
|
||||
</button>
|
||||
</div>
|
||||
<transition name="fade">
|
||||
<p v-if="accountActionError" class="text-sm text-red-600 dark:text-red-400">
|
||||
{{ accountActionError }}
|
||||
</p>
|
||||
</transition>
|
||||
</template>
|
||||
|
||||
<template v-else-if="needsTotpChallenge">
|
||||
<p class="text-sm text-gray-700 dark:text-gray-300">
|
||||
Enter the 6-digit verification code for
|
||||
<span class="font-medium">{{ totpUserEmailMasked || 'your account' }}</span>
|
||||
to finish binding this {{ providerName }} sign-in.
|
||||
</p>
|
||||
<div class="space-y-3">
|
||||
<input
|
||||
v-model="totpCode"
|
||||
data-testid="wechat-bind-login-totp"
|
||||
type="text"
|
||||
inputmode="numeric"
|
||||
maxlength="6"
|
||||
class="input w-full"
|
||||
placeholder="123456"
|
||||
:disabled="isSubmitting"
|
||||
@keyup.enter="handleSubmitTotpChallenge"
|
||||
/>
|
||||
<button
|
||||
data-testid="wechat-bind-login-totp-submit"
|
||||
class="btn btn-primary w-full"
|
||||
:disabled="isSubmitting || totpCode.trim().length !== 6"
|
||||
@click="handleSubmitTotpChallenge"
|
||||
>
|
||||
{{ isSubmitting ? t('common.processing') : 'Verify and continue' }}
|
||||
</button>
|
||||
</div>
|
||||
<transition name="fade">
|
||||
<p v-if="totpError" class="text-sm text-red-600 dark:text-red-400">
|
||||
{{ totpError }}
|
||||
</p>
|
||||
</transition>
|
||||
</template>
|
||||
</div>
|
||||
</transition>
|
||||
|
||||
@@ -169,11 +296,12 @@
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import { onMounted, ref } from 'vue'
|
||||
import { computed, onMounted, ref } from 'vue'
|
||||
import { useRoute, useRouter } from 'vue-router'
|
||||
import { useI18n } from 'vue-i18n'
|
||||
import { AuthLayout } from '@/components/layout'
|
||||
import Icon from '@/components/icons/Icon.vue'
|
||||
import { apiClient } from '@/api/client'
|
||||
import { useAuthStore, useAppStore } from '@/stores'
|
||||
import {
|
||||
completeWeChatOAuthRegistration,
|
||||
@@ -181,6 +309,7 @@ import {
|
||||
getAuthToken,
|
||||
getOAuthCompletionKind,
|
||||
isOAuthLoginCompletion,
|
||||
login2FA,
|
||||
prepareOAuthBindAccessTokenCookie,
|
||||
persistOAuthTokenContext,
|
||||
type OAuthAdoptionDecision,
|
||||
@@ -208,9 +337,34 @@ const existingAccountEmail = ref('')
|
||||
const adoptDisplayName = ref(true)
|
||||
const adoptAvatar = ref(true)
|
||||
const needsAdoptionConfirmation = ref(false)
|
||||
const pendingAccountAction = ref<'none' | 'create_account' | 'bind_login'>('none')
|
||||
const pendingAccountEmail = ref('')
|
||||
const bindLoginEmail = ref('')
|
||||
const bindLoginPassword = ref('')
|
||||
const accountActionError = ref('')
|
||||
const canReturnToCreateAccount = ref(false)
|
||||
const needsTotpChallenge = ref(false)
|
||||
const totpTempToken = ref('')
|
||||
const totpCode = ref('')
|
||||
const totpError = ref('')
|
||||
const totpUserEmailMasked = ref('')
|
||||
const bindSuccessMessage = t('profile.authBindings.bindSuccess')
|
||||
|
||||
const providerName = 'WeChat'
|
||||
const needsCreateAccount = computed(() => pendingAccountAction.value === 'create_account')
|
||||
const needsBindLogin = computed(() => pendingAccountAction.value === 'bind_login')
|
||||
|
||||
type PendingWeChatCompletion = PendingOAuthExchangeResponse & {
|
||||
step?: string
|
||||
pending_email?: string
|
||||
resolved_email?: string
|
||||
existing_account_email?: string
|
||||
email?: string
|
||||
intent?: string
|
||||
requires_2fa?: boolean
|
||||
temp_token?: string
|
||||
user_email_masked?: string
|
||||
}
|
||||
|
||||
function parseFragmentParams(): URLSearchParams {
|
||||
const raw = typeof window !== 'undefined' ? window.location.hash : ''
|
||||
@@ -278,6 +432,21 @@ function currentAdoptionDecision(): OAuthAdoptionDecision {
|
||||
}
|
||||
}
|
||||
|
||||
function resolveResumeEmail(): string {
|
||||
return typeof route.query.email === 'string' ? route.query.email.trim() : ''
|
||||
}
|
||||
|
||||
function serializeAdoptionDecision(decision: OAuthAdoptionDecision): Record<string, boolean> {
|
||||
const payload: Record<string, boolean> = {}
|
||||
if (typeof decision.adoptDisplayName === 'boolean') {
|
||||
payload.adopt_display_name = decision.adoptDisplayName
|
||||
}
|
||||
if (typeof decision.adoptAvatar === 'boolean') {
|
||||
payload.adopt_avatar = decision.adoptAvatar
|
||||
}
|
||||
return payload
|
||||
}
|
||||
|
||||
async function handleExistingAccountBinding() {
|
||||
if (getAuthToken()) {
|
||||
prepareOAuthBindAccessTokenCookie()
|
||||
@@ -312,6 +481,103 @@ function hasSuggestedProfile(completion: PendingOAuthExchangeResponse): boolean
|
||||
return Boolean(completion.suggested_display_name || completion.suggested_avatar_url)
|
||||
}
|
||||
|
||||
function normalizedPendingState(value: string | null | undefined): string {
|
||||
return value?.trim().toLowerCase() || ''
|
||||
}
|
||||
|
||||
function extractPendingAccountEmail(completion: PendingWeChatCompletion): string {
|
||||
return (
|
||||
completion.pending_email ||
|
||||
completion.existing_account_email ||
|
||||
completion.resolved_email ||
|
||||
completion.email ||
|
||||
resolveResumeEmail() ||
|
||||
''
|
||||
).trim()
|
||||
}
|
||||
|
||||
function resolvePendingAccountAction(
|
||||
completion: PendingWeChatCompletion
|
||||
): 'none' | 'create_account' | 'bind_login' {
|
||||
const raw = normalizedPendingState(completion.step || completion.error || completion.intent)
|
||||
if (raw === 'email_required' || raw === 'create_account_required' || raw === 'create_account') {
|
||||
return 'create_account'
|
||||
}
|
||||
if (
|
||||
raw === 'bind_login_required' ||
|
||||
raw === 'bind_login' ||
|
||||
raw === 'existing_account_binding_required' ||
|
||||
raw === 'existing_account_required' ||
|
||||
raw === 'adopt_existing_user_by_email'
|
||||
) {
|
||||
return 'bind_login'
|
||||
}
|
||||
return 'none'
|
||||
}
|
||||
|
||||
function applyPendingAccountAction(completion: PendingWeChatCompletion) {
|
||||
const action = resolvePendingAccountAction(completion)
|
||||
pendingAccountAction.value = action
|
||||
accountActionError.value = ''
|
||||
needsTotpChallenge.value = false
|
||||
totpTempToken.value = ''
|
||||
totpCode.value = ''
|
||||
totpError.value = ''
|
||||
totpUserEmailMasked.value = ''
|
||||
|
||||
const email = extractPendingAccountEmail(completion)
|
||||
if (action === 'create_account') {
|
||||
pendingAccountEmail.value = email
|
||||
canReturnToCreateAccount.value = true
|
||||
return
|
||||
}
|
||||
|
||||
if (action === 'bind_login') {
|
||||
bindLoginEmail.value = email
|
||||
bindLoginPassword.value = ''
|
||||
canReturnToCreateAccount.value = true
|
||||
return
|
||||
}
|
||||
|
||||
canReturnToCreateAccount.value = false
|
||||
}
|
||||
|
||||
function applyTotpChallenge(completion: PendingWeChatCompletion): boolean {
|
||||
if (completion.requires_2fa !== true || !completion.temp_token) {
|
||||
return false
|
||||
}
|
||||
|
||||
pendingAccountAction.value = 'none'
|
||||
needsInvitation.value = false
|
||||
needsAdoptionConfirmation.value = false
|
||||
needsTotpChallenge.value = true
|
||||
totpTempToken.value = completion.temp_token
|
||||
totpCode.value = ''
|
||||
totpError.value = ''
|
||||
totpUserEmailMasked.value = completion.user_email_masked || ''
|
||||
isProcessing.value = false
|
||||
return true
|
||||
}
|
||||
|
||||
function switchToBindLoginMode() {
|
||||
pendingAccountAction.value = 'bind_login'
|
||||
bindLoginEmail.value = bindLoginEmail.value.trim() || pendingAccountEmail.value.trim()
|
||||
bindLoginPassword.value = ''
|
||||
accountActionError.value = ''
|
||||
canReturnToCreateAccount.value = true
|
||||
}
|
||||
|
||||
function switchToCreateAccountMode() {
|
||||
pendingAccountAction.value = 'create_account'
|
||||
pendingAccountEmail.value = pendingAccountEmail.value.trim() || bindLoginEmail.value.trim()
|
||||
accountActionError.value = ''
|
||||
}
|
||||
|
||||
function getRequestErrorMessage(error: unknown, fallback: string): string {
|
||||
const err = error as { message?: string; response?: { data?: { detail?: string; message?: string } } }
|
||||
return err.response?.data?.detail || err.response?.data?.message || err.message || fallback
|
||||
}
|
||||
|
||||
async function finalizeCompletion(completion: PendingOAuthExchangeResponse, redirect: string) {
|
||||
if (getOAuthCompletionKind(completion) === 'bind') {
|
||||
const bindRedirect = sanitizeRedirectPath(completion.redirect || '/profile')
|
||||
@@ -330,6 +596,33 @@ async function finalizeCompletion(completion: PendingOAuthExchangeResponse, redi
|
||||
await router.replace(redirect)
|
||||
}
|
||||
|
||||
async function finalizePendingAccountResponse(completion: PendingWeChatCompletion) {
|
||||
applyAdoptionSuggestionState(completion)
|
||||
|
||||
if (completion.error === 'invitation_required') {
|
||||
pendingAccountAction.value = 'none'
|
||||
needsInvitation.value = true
|
||||
needsAdoptionConfirmation.value = false
|
||||
isProcessing.value = false
|
||||
return
|
||||
}
|
||||
|
||||
if (applyTotpChallenge(completion)) {
|
||||
return
|
||||
}
|
||||
|
||||
applyPendingAccountAction(completion)
|
||||
if (pendingAccountAction.value !== 'none') {
|
||||
needsInvitation.value = false
|
||||
needsAdoptionConfirmation.value = false
|
||||
isProcessing.value = false
|
||||
return
|
||||
}
|
||||
|
||||
const redirect = sanitizeRedirectPath(completion.redirect || redirectTo.value)
|
||||
await finalizeCompletion(completion, redirect)
|
||||
}
|
||||
|
||||
async function handleSubmitInvitation() {
|
||||
invitationError.value = ''
|
||||
if (!invitationCode.value.trim()) return
|
||||
@@ -356,15 +649,10 @@ async function handleSubmitInvitation() {
|
||||
async function handleContinueLogin() {
|
||||
isSubmitting.value = true
|
||||
try {
|
||||
const completion = await exchangePendingOAuthCompletion(currentAdoptionDecision())
|
||||
await finalizeCompletion(completion, redirectTo.value)
|
||||
const completion = await exchangePendingOAuthCompletion(currentAdoptionDecision()) as PendingWeChatCompletion
|
||||
await finalizePendingAccountResponse(completion)
|
||||
} catch (e: unknown) {
|
||||
const err = e as { message?: string; response?: { data?: { detail?: string; message?: string } } }
|
||||
errorMessage.value =
|
||||
err.response?.data?.detail ||
|
||||
err.response?.data?.message ||
|
||||
err.message ||
|
||||
t('auth.loginFailed')
|
||||
errorMessage.value = getRequestErrorMessage(e, t('auth.loginFailed'))
|
||||
appStore.showError(errorMessage.value)
|
||||
needsAdoptionConfirmation.value = false
|
||||
} finally {
|
||||
@@ -372,6 +660,68 @@ async function handleContinueLogin() {
|
||||
}
|
||||
}
|
||||
|
||||
async function handleCreateAccount() {
|
||||
accountActionError.value = ''
|
||||
const email = pendingAccountEmail.value.trim()
|
||||
if (!email) return
|
||||
|
||||
isSubmitting.value = true
|
||||
try {
|
||||
const { data } = await apiClient.post<PendingWeChatCompletion>('/auth/oauth/pending/create-account', {
|
||||
email,
|
||||
...serializeAdoptionDecision(currentAdoptionDecision())
|
||||
})
|
||||
await finalizePendingAccountResponse(data)
|
||||
} catch (e: unknown) {
|
||||
accountActionError.value = getRequestErrorMessage(e, t('auth.loginFailed'))
|
||||
} finally {
|
||||
isSubmitting.value = false
|
||||
}
|
||||
}
|
||||
|
||||
async function handleBindLogin() {
|
||||
accountActionError.value = ''
|
||||
const email = bindLoginEmail.value.trim()
|
||||
const password = bindLoginPassword.value
|
||||
if (!email || !password) return
|
||||
|
||||
isSubmitting.value = true
|
||||
try {
|
||||
const { data } = await apiClient.post<PendingWeChatCompletion>('/auth/oauth/pending/bind-login', {
|
||||
email,
|
||||
password,
|
||||
...serializeAdoptionDecision(currentAdoptionDecision())
|
||||
})
|
||||
await finalizePendingAccountResponse(data)
|
||||
} catch (e: unknown) {
|
||||
accountActionError.value = getRequestErrorMessage(e, t('auth.loginFailed'))
|
||||
} finally {
|
||||
isSubmitting.value = false
|
||||
}
|
||||
}
|
||||
|
||||
async function handleSubmitTotpChallenge() {
|
||||
totpError.value = ''
|
||||
const code = totpCode.value.trim()
|
||||
if (!totpTempToken.value || code.length !== 6) return
|
||||
|
||||
isSubmitting.value = true
|
||||
try {
|
||||
const completion = await login2FA({
|
||||
temp_token: totpTempToken.value,
|
||||
totp_code: code
|
||||
})
|
||||
persistOAuthTokenContext(completion)
|
||||
await authStore.setToken(completion.access_token)
|
||||
appStore.showSuccess(t('auth.loginSuccess'))
|
||||
await router.replace(redirectTo.value)
|
||||
} catch (e: unknown) {
|
||||
totpError.value = getRequestErrorMessage(e, t('auth.loginFailed'))
|
||||
} finally {
|
||||
isSubmitting.value = false
|
||||
}
|
||||
}
|
||||
|
||||
onMounted(async () => {
|
||||
if (typeof route.query.email === 'string') {
|
||||
existingAccountEmail.value = route.query.email
|
||||
@@ -395,7 +745,7 @@ onMounted(async () => {
|
||||
}
|
||||
|
||||
try {
|
||||
const completion = await exchangePendingOAuthCompletion()
|
||||
const completion = await exchangePendingOAuthCompletion() as PendingWeChatCompletion
|
||||
const redirect = sanitizeRedirectPath(
|
||||
completion.redirect || (route.query.redirect as string | undefined) || '/dashboard'
|
||||
)
|
||||
@@ -408,6 +758,16 @@ onMounted(async () => {
|
||||
return
|
||||
}
|
||||
|
||||
if (applyTotpChallenge(completion)) {
|
||||
return
|
||||
}
|
||||
|
||||
applyPendingAccountAction(completion)
|
||||
if (pendingAccountAction.value !== 'none') {
|
||||
isProcessing.value = false
|
||||
return
|
||||
}
|
||||
|
||||
if (adoptionRequired.value && hasSuggestedProfile(completion)) {
|
||||
needsAdoptionConfirmation.value = true
|
||||
isProcessing.value = false
|
||||
@@ -416,12 +776,7 @@ onMounted(async () => {
|
||||
|
||||
await finalizeCompletion(completion, redirect)
|
||||
} catch (e: unknown) {
|
||||
const err = e as { message?: string; response?: { data?: { detail?: string; message?: string } } }
|
||||
errorMessage.value =
|
||||
err.response?.data?.detail ||
|
||||
err.response?.data?.message ||
|
||||
err.message ||
|
||||
t('auth.loginFailed')
|
||||
errorMessage.value = getRequestErrorMessage(e, t('auth.loginFailed'))
|
||||
appStore.showError(errorMessage.value)
|
||||
isProcessing.value = false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user