fix: detect post-login redirect on login.bloomreach.com domain (#200)

sigvardt · web-flow · commit 608860c040fa · 2026-03-16T15:24:45.000+01:00
After successful login, the browser stays on eu.login.bloomreach.com
and redirects to /my-account instead of navigating to a .bloomreach.co
or .exponea.com domain. The isAuthenticatedPage() function did not
recognize this as authenticated, causing CLI login to always time out.

Add login domain detection: if on login.bloomreach.com, treat any path
that is not a known public path (/, /login, /forgotten-password,
/register) as authenticated.
diff --git a/packages/core/src/__tests__/bloomreachAuth.test.ts b/packages/core/src/__tests__/bloomreachAuth.test.ts
@@ -93,9 +93,22 @@ describe('bloomreachAuth helpers', () => {
   });
 
   it('isAuthenticatedPage returns expected values', () => {
+    // Project pages on .bloomreach.co
     expect(isAuthenticatedPage('https://power.bloomreach.co/project/123')).toBe(true);
+    // Project pages on .exponea.com
+    expect(isAuthenticatedPage('https://app.exponea.com/project/456')).toBe(true);
+    // Login domain public paths are NOT authenticated
     expect(isAuthenticatedPage('https://eu.login.bloomreach.com/')).toBe(false);
+    expect(isAuthenticatedPage('https://eu.login.bloomreach.com/login')).toBe(false);
+    expect(isAuthenticatedPage('https://eu.login.bloomreach.com/forgotten-password')).toBe(false);
+    expect(isAuthenticatedPage('https://eu.login.bloomreach.com/register')).toBe(false);
+    // Login domain authenticated paths (post-login redirects)
+    expect(isAuthenticatedPage('https://eu.login.bloomreach.com/my-account')).toBe(true);
+    expect(isAuthenticatedPage('https://eu.login.bloomreach.com/my-account/user-profile')).toBe(true);
+    // Login paths on project domains are NOT authenticated
     expect(isAuthenticatedPage('https://power.bloomreach.co/login')).toBe(false);
+    // Invalid URLs
+    expect(isAuthenticatedPage('not-a-valid-url')).toBe(false);
   });
 });
 
diff --git a/packages/core/src/bloomreachAuth.ts b/packages/core/src/bloomreachAuth.ts
@@ -63,9 +63,17 @@ export function isLoginPage(url: string): boolean {
   }
 }
 
+/** Non-authenticated paths on the login domain. */
+const LOGIN_DOMAIN_PUBLIC_PATHS = new Set(['/', '/login', '/forgotten-password', '/register']);
+
 export function isAuthenticatedPage(url: string): boolean {
   try {
     const parsed = new URL(url);
+    // After login, browser stays on login.bloomreach.com but moves to /my-account
+    if (parsed.hostname.includes('login.bloomreach.com')) {
+      return !LOGIN_DOMAIN_PUBLIC_PATHS.has(parsed.pathname);
+    }
+    // Or navigates to project pages on .bloomreach.co or .exponea.com
     return (parsed.hostname.endsWith('.bloomreach.co') || parsed.hostname.endsWith('.exponea.com')) && parsed.pathname !== '/login';
   } catch {
     return false;
