Fix bug that causes user redirect to login after email update

chriscarrollsmith · chriscarrollsmith · commit 52dbf8dd945a · 2024-12-27T10:50:47.000-05:00
diff --git a/main.py b/main.py
@@ -259,15 +259,17 @@ async def read_dashboard(
 @app.get("/profile")
 async def read_profile(
     params: dict = Depends(common_authenticated_parameters),
-    email_update_requested: Optional[str] = "false"
+    email_update_requested: Optional[str] = "false",
+    email_updated: Optional[str] = "false"
 ):
     # Add image constraints to the template context
     params.update({
         "max_file_size_mb": MAX_FILE_SIZE / (1024 * 1024),  # Convert bytes to MB
         "min_dimension": MIN_DIMENSION,
         "max_dimension": MAX_DIMENSION,
         "allowed_formats": list(ALLOWED_CONTENT_TYPES.keys()),
-        "email_update_requested": email_update_requested
+        "email_update_requested": email_update_requested,
+        "email_updated": email_updated
     })
     return templates.TemplateResponse(params["request"], "users/profile.html", params)
 
diff --git a/routers/authentication.py b/routers/authentication.py
@@ -195,9 +195,20 @@ async def register(
     refresh_token = create_refresh_token(data={"sub": db_user.email})
     # Set cookie
     response = RedirectResponse(url="/", status_code=303)
-    response.set_cookie(key="access_token", value=access_token, httponly=True)
-    response.set_cookie(key="refresh_token",
-                        value=refresh_token, httponly=True)
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        httponly=True,
+        secure=True,
+        samesite="strict"
+    )
+    response.set_cookie(
+        key="refresh_token",
+        value=refresh_token,
+        httponly=True,
+        secure=True,
+        samesite="strict"
+    )
 
     return response
 
@@ -390,25 +401,28 @@ async def confirm_email_update(
     session.commit()
 
     # Create new tokens with the updated email
-    access_token = create_access_token(data={"sub": new_email})
+    access_token = create_access_token(data={"sub": new_email, "fresh": True})
     refresh_token = create_refresh_token(data={"sub": new_email})
 
+    # Set cookies before redirecting
     response = RedirectResponse(
         url="/profile?email_updated=true",
         status_code=303
     )
+
+    # Add secure cookie attributes
     response.set_cookie(
         key="access_token",
         value=access_token,
         httponly=True,
         secure=True,
-        samesite="strict"
+        samesite="lax"
     )
     response.set_cookie(
         key="refresh_token",
         value=refresh_token,
         httponly=True,
         secure=True,
-        samesite="strict"
+        samesite="lax"
     )
     return response
