Skip to content

chore: Auth flow improvements#117

Merged
anantmittal merged 4 commits intoSSDALab:mainfrom
natalierobbins:chore/auth-workflow-cleanup
Nov 15, 2025
Merged

chore: Auth flow improvements#117
anantmittal merged 4 commits intoSSDALab:mainfrom
natalierobbins:chore/auth-workflow-cleanup

Conversation

@natalierobbins
Copy link
Copy Markdown
Collaborator

@natalierobbins natalierobbins commented Nov 14, 2025
edited
Loading

📄 Description

Sign-up improvements

  • Now have auth.validator.ts to constrain sign up form inputs (require valid phone/email, required name/role/location. These schema extendbaseUserSchema requirements.
    • Previously, users could enter invalid or empty fields and still move onto the OTP verification phase. Once verified, the client would try to create a new user with invalid fields, which would return a "failure to verify" error despite it actually being a database error
  • Added client-side required constraints on form fields to reinforce server-side Zod requirements as well. These were not being truly enforced in our components
  • Updated Zod error messages to be more user-friendly when exposed on UI:
Screenshot 2025-11-14 at 3 20 59 PM
  • Sign up redirects:
    • Because it's never the case the a newly signed up user will be approved, removed redirect to dashboard. Intead, users now will see an informative widget:
Screenshot 2025-11-14 at 3 14 48 PM
  • If there truly is a server error, the alert remains the same:
Screenshot 2025-11-14 at 3 16 38 PM

Log-in improvements

  • Log in has remained functionally the same, with minor improvements:
    • Use Zod validation provided by auth.validator.ts for phone/email input (email optional at this point, but still supported if we ever change back to old format)
    • Use MUI Alert components for error/success messages on UI

Auth session improvements

  • Moved auth store to sessionStorage instead of localStorage. This allows the browser to handle high-level auth token persistence by deleting auth token information once a user closes the tab/window. It also forces a user to log in again any time they are opening a fresh tab/window
    • Auth store is still cleared manually when a user logs out
    • Couldn't work out an elegant solution for if a user navigates away from our domain specifically, then tries to come back within the same tab (i.e. they are still logged in if navigate away) -- may want to consider a tighter JWT expiration?

Misc

  • Removed old auth routes; will do full v1/v2 flattening migration in a future PR

✅ Checklist

  • Tests added/updated where needed
  • Docs added/updated if applicable
  • I have linked the issue this PR closes (if any)

🔗 Related Issues

Resolves #<issue-number>

💡 Type of change

Type Checked?
🐞 Bug fix [x]
✨ New feature [ ]
📝 Documentation [ ]
♻️ Refactor [ ]
🛠️ Build/CI [ ]
Other (explain) [ ]

🧪 How to test

📝 Notes to reviewers

@natalierobbins natalierobbins marked this pull request as ready for review November 14, 2025 23:41
@anantmittal anantmittal merged commit a973968 into SSDALab:main Nov 15, 2025
0 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@natalierobbins @anantmittal