diff --git a/app/common/src/main/java/stirling/software/common/service/LicenseServiceInterface.java b/app/common/src/main/java/stirling/software/common/service/LicenseServiceInterface.java new file mode 100644 index 000000000..19387a741 --- /dev/null +++ b/app/common/src/main/java/stirling/software/common/service/LicenseServiceInterface.java @@ -0,0 +1,29 @@ +package stirling.software.common.service; + +/** + * Interface for checking license status dynamically. Implementation provided by proprietary module + * when available. + */ +public interface LicenseServiceInterface { + + /** + * Get the license type as a string. + * + * @return "NORMAL", "SERVER", or "ENTERPRISE" + */ + String getLicenseTypeName(); + + /** + * Check if running Pro or higher (SERVER or ENTERPRISE license). + * + * @return true if SERVER or ENTERPRISE license is active + */ + boolean isRunningProOrHigher(); + + /** + * Check if running Enterprise edition. + * + * @return true if ENTERPRISE license is active + */ + boolean isRunningEE(); +} diff --git a/app/core/build.gradle b/app/core/build.gradle index 298bf88f4..9a89d5b0c 100644 --- a/app/core/build.gradle +++ b/app/core/build.gradle @@ -168,6 +168,7 @@ def generatedFrontendPaths = [ ] tasks.register('npmInstall', Exec) { + doNotTrackState("node_modules contains symlinks that Gradle cannot snapshot on Windows/WSL") enabled = buildWithFrontend group = 'frontend' description = 'Install frontend dependencies' @@ -214,6 +215,7 @@ tasks.register('npmInstall', Exec) { } tasks.register('npmBuild', Exec) { + doNotTrackState("Frontend build depends on untracked npmInstall task") enabled = buildWithFrontend group = 'frontend' description = 'Build frontend application' diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/ConfigController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/ConfigController.java index 00e89ec2e..b83848d67 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/ConfigController.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/ConfigController.java @@ -35,6 +35,7 @@ public class ConfigController { private final EndpointConfiguration endpointConfiguration; private final ServerCertificateServiceInterface serverCertificateService; private final UserServiceInterface userService; + private final stirling.software.common.service.LicenseServiceInterface licenseService; private final stirling.software.SPDF.config.ExternalAppDepConfig externalAppDepConfig; public ConfigController( @@ -45,15 +46,66 @@ public class ConfigController { ServerCertificateServiceInterface serverCertificateService, @org.springframework.beans.factory.annotation.Autowired(required = false) UserServiceInterface userService, + @org.springframework.beans.factory.annotation.Autowired(required = false) + stirling.software.common.service.LicenseServiceInterface licenseService, stirling.software.SPDF.config.ExternalAppDepConfig externalAppDepConfig) { this.applicationProperties = applicationProperties; this.applicationContext = applicationContext; this.endpointConfiguration = endpointConfiguration; this.serverCertificateService = serverCertificateService; this.userService = userService; + this.licenseService = licenseService; this.externalAppDepConfig = externalAppDepConfig; } + /** + * Get current license type dynamically instead of from cached bean. This ensures the frontend + * sees updated license status after admin changes the license key. + */ + private String getCurrentLicenseType() { + // Use LicenseService for fresh license status if available + if (licenseService != null) { + return licenseService.getLicenseTypeName(); + } + + // Fallback to cached bean if service not available + if (applicationContext.containsBean("license")) { + return applicationContext.getBean("license", String.class); + } + + return null; + } + + /** Check if running Pro or higher (SERVER or ENTERPRISE license) dynamically. */ + private Boolean isRunningProOrHigher() { + // Use LicenseService for fresh license status if available + if (licenseService != null) { + return licenseService.isRunningProOrHigher(); + } + + // Fallback to cached bean + if (applicationContext.containsBean("runningProOrHigher")) { + return applicationContext.getBean("runningProOrHigher", Boolean.class); + } + + return null; + } + + /** Check if running Enterprise edition dynamically. */ + private Boolean isRunningEE() { + // Use LicenseService for fresh license status if available + if (licenseService != null) { + return licenseService.isRunningEE(); + } + + // Fallback to cached bean + if (applicationContext.containsBean("runningEE")) { + return applicationContext.getBean("runningEE", Boolean.class); + } + + return null; + } + @GetMapping("/app-config") public ResponseEntity> getAppConfig() { Map configData = new HashMap<>(); @@ -185,19 +237,23 @@ public class ConfigController { applicationProperties.getLegal().getAccessibilityStatement()); // Try to get EEAppConfig values if available + // Get these dynamically to reflect current license status (not cached at startup) try { - if (applicationContext.containsBean("runningProOrHigher")) { - configData.put( - "runningProOrHigher", - applicationContext.getBean("runningProOrHigher", Boolean.class)); + Boolean runningProOrHigher = isRunningProOrHigher(); + if (runningProOrHigher != null) { + configData.put("runningProOrHigher", runningProOrHigher); } - if (applicationContext.containsBean("runningEE")) { - configData.put( - "runningEE", applicationContext.getBean("runningEE", Boolean.class)); + + Boolean runningEE = isRunningEE(); + if (runningEE != null) { + configData.put("runningEE", runningEE); } - if (applicationContext.containsBean("license")) { - configData.put("license", applicationContext.getBean("license", String.class)); + + String licenseType = getCurrentLicenseType(); + if (licenseType != null) { + configData.put("license", licenseType); } + if (applicationContext.containsBean("SSOAutoLogin")) { configData.put( "SSOAutoLogin", diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/configuration/ee/DynamicLicenseService.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/configuration/ee/DynamicLicenseService.java new file mode 100644 index 000000000..849c15c88 --- /dev/null +++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/configuration/ee/DynamicLicenseService.java @@ -0,0 +1,51 @@ +package stirling.software.proprietary.security.configuration.ee; + +import org.springframework.stereotype.Service; + +import lombok.RequiredArgsConstructor; + +import stirling.software.common.service.LicenseServiceInterface; +import stirling.software.proprietary.security.configuration.ee.KeygenLicenseVerifier.License; + +/** + * Service that provides dynamic license checking instead of cached beans. This ensures that when + * admins update the license key, the changes are immediately reflected in the UI and config + * endpoints without requiring a restart. + * + *

Note: Some components (EnterpriseEndpointAspect, PremiumEndpointAspect, filters) still inject + * cached beans at startup for performance. These will require a restart to reflect license changes. + * This is acceptable because: 1. Most deployments add licenses during initial setup 2. License + * changes in production typically warrant a restart anyway 3. UI reflects changes immediately + * (banner disappears, license status updates) + */ +@Service +@RequiredArgsConstructor +public class DynamicLicenseService implements LicenseServiceInterface { + + private final LicenseKeyChecker licenseKeyChecker; + + /** + * Get the current license type dynamically (not cached). + * + * @return Current license: NORMAL, SERVER, or ENTERPRISE + */ + public License getCurrentLicense() { + return licenseKeyChecker.getPremiumLicenseEnabledResult(); + } + + @Override + public boolean isRunningProOrHigher() { + License license = getCurrentLicense(); + return license == License.SERVER || license == License.ENTERPRISE; + } + + @Override + public boolean isRunningEE() { + return getCurrentLicense() == License.ENTERPRISE; + } + + @Override + public String getLicenseTypeName() { + return getCurrentLicense().name(); + } +} diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java index a2c3381f1..92bbcab89 100644 --- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java +++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java @@ -69,27 +69,28 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { if (!apiKeyExists(request, response)) { String jwtToken = jwtService.extractToken(request); - if (jwtToken == null) { - // Allow auth endpoints to pass through without JWT - if (!isPublicAuthEndpoint(requestURI, contextPath)) { - // For API requests, return 401 JSON - String acceptHeader = request.getHeader("Accept"); - if (requestURI.startsWith(contextPath + "/api/") - || (acceptHeader != null - && acceptHeader.contains("application/json"))) { - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - response.setContentType("application/json"); - response.getWriter().write("{\"error\":\"Authentication required\"}"); - return; - } + // Check if this is a public endpoint BEFORE validating JWT + // This allows public endpoints to work even with expired tokens in the request + if (isPublicAuthEndpoint(requestURI, contextPath)) { + // For public auth endpoints, skip JWT validation and continue + filterChain.doFilter(request, response); + return; + } - // For HTML requests (SPA routes), let React Router handle it (serve - // index.html) - filterChain.doFilter(request, response); + if (jwtToken == null) { + // No JWT token and not a public endpoint + // For API requests, return 401 JSON + String acceptHeader = request.getHeader("Accept"); + if (requestURI.startsWith(contextPath + "/api/") + || (acceptHeader != null && acceptHeader.contains("application/json"))) { + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.setContentType("application/json"); + response.getWriter().write("{\"error\":\"Authentication required\"}"); return; } - // For public auth endpoints without JWT, continue to the endpoint + // For HTML requests (SPA routes), let React Router handle it (serve + // index.html) filterChain.doFilter(request, response); return; } diff --git a/frontend/src/core/components/shared/ErrorBoundary.tsx b/frontend/src/core/components/shared/ErrorBoundary.tsx index bc00d278e..0bab94f0a 100644 --- a/frontend/src/core/components/shared/ErrorBoundary.tsx +++ b/frontend/src/core/components/shared/ErrorBoundary.tsx @@ -37,7 +37,6 @@ export default class ErrorBoundary extends React.Component = ({ // Simulate processing time for smooth transition setTimeout(() => { - i18n.changeLanguage(value); + // Use setUserLanguage to properly set priority (ensures user choice persists across sessions) + setUserLanguage(value); setTimeout(() => { setPendingLanguage(null); diff --git a/frontend/src/core/contexts/AppConfigContext.tsx b/frontend/src/core/contexts/AppConfigContext.tsx index 5bec5b7b2..cf2010e89 100644 --- a/frontend/src/core/contexts/AppConfigContext.tsx +++ b/frontend/src/core/contexts/AppConfigContext.tsx @@ -122,6 +122,7 @@ export const AppConfigProvider: React.FC = ({ } setError(null); + const startTime = performance.now(); for (let attempt = 0; attempt <= maxRetries; attempt++) { try { const testConfig = getSimulatedAppConfig(); @@ -142,6 +143,7 @@ export const AppConfigProvider: React.FC = ({ // apiClient automatically adds JWT header if available via interceptors // Always suppress error toast - we handle 401 errors locally + console.debug('[AppConfig] Fetching app config', { attempt, force, path: window.location.pathname }); const response = await apiClient.get( '/api/v1/config/app-config', { @@ -152,6 +154,7 @@ export const AppConfigProvider: React.FC = ({ const data = response.data; console.debug('[AppConfig] Config fetched successfully:', data); + console.debug('[AppConfig] Fetch duration ms:', (performance.now() - startTime).toFixed(2)); setConfig(data); setHasResolvedConfig(true); setLoading(false); @@ -163,6 +166,7 @@ export const AppConfigProvider: React.FC = ({ // This allows the app to work even without authentication if (status === 401) { console.debug('[AppConfig] 401 error - using default config (login enabled)'); + console.debug('[AppConfig] Fetch duration ms:', (performance.now() - startTime).toFixed(2)); setConfig({ enableLogin: true }); setHasResolvedConfig(true); setLoading(false); @@ -181,6 +185,7 @@ export const AppConfigProvider: React.FC = ({ const errorMessage = err?.response?.data?.message || err?.message || 'Unknown error occurred'; setError(errorMessage); console.error(`[AppConfig] Failed to fetch app config after ${attempt + 1} attempts:`, err); + console.debug('[AppConfig] Fetch duration ms:', (performance.now() - startTime).toFixed(2)); // Preserve existing config (initial default or previous fetch). If nothing is set, assume login enabled. setConfig((current) => current ?? { enableLogin: true }); setHasResolvedConfig(true); @@ -203,7 +208,7 @@ export const AppConfigProvider: React.FC = ({ // On auth pages, always skip the config fetch // The config will be fetched after authentication via jwt-available event if (isAuthPage) { - console.debug('[AppConfig] On auth page - using default config, skipping fetch'); + console.debug('[AppConfig] On auth page - using default config, skipping fetch', { path: currentPath }); setConfig({ enableLogin: true }); setHasResolvedConfig(true); setLoading(false); diff --git a/frontend/src/core/hooks/useEndpointConfig.ts b/frontend/src/core/hooks/useEndpointConfig.ts index 587fb064d..1a1db7f8b 100644 --- a/frontend/src/core/hooks/useEndpointConfig.ts +++ b/frontend/src/core/hooks/useEndpointConfig.ts @@ -30,6 +30,7 @@ export function useEndpointEnabled(endpoint: string): { try { setLoading(true); setError(null); + console.debug('[useEndpointConfig] Fetch endpoint status', { endpoint }); const response = await apiClient.get(`/api/v1/config/endpoint-enabled?endpoint=${encodeURIComponent(endpoint)}`); const isEnabled = response.data; @@ -102,6 +103,7 @@ export function useMultipleEndpointsEnabled(endpoints: string[]): { try { setLoading(true); setError(null); + console.debug('[useEndpointConfig] Fetching endpoint statuses', { count: endpoints.length, force }); // Check which endpoints we haven't fetched yet const newEndpoints = endpoints.filter(ep => !(ep in globalEndpointCache)); diff --git a/frontend/src/core/i18n.ts b/frontend/src/core/i18n.ts index badc72949..0b22a65bb 100644 --- a/frontend/src/core/i18n.ts +++ b/frontend/src/core/i18n.ts @@ -50,6 +50,23 @@ export const supportedLanguages = { // RTL languages (based on your existing language.direction property) export const rtlLanguages = ['ar-AR', 'fa-IR']; +// LocalStorage keys for i18next +export const I18N_STORAGE_KEYS = { + LANGUAGE: 'i18nextLng', + LANGUAGE_SOURCE: 'i18nextLng-source', +} as const; + +/** + * Language selection priority levels + * Higher number = higher priority (cannot be overridden by lower priority) + */ +export enum LanguageSource { + Fallback = 0, + Browser = 1, + ServerDefault = 2, + User = 3, +} + i18n .use(TomlBackend) .use(LanguageDetector) @@ -79,7 +96,7 @@ i18n detection: { order: ['localStorage', 'navigator', 'htmlTag'], - caches: ['localStorage'], + caches: [], // Don't cache auto-detected language - only cache when user manually selects convertDetectedLanguage: (lng: string) => { // Map en and en-US to en-GB if (lng === 'en' || lng === 'en-US') return 'en-GB'; @@ -105,6 +122,18 @@ i18n.on('languageChanged', (lng) => { document.documentElement.lang = lng; }); +// Track browser-detected language on first initialization +i18n.on('initialized', () => { + // If no source is set yet, mark current language as browser-detected + if (!localStorage.getItem(I18N_STORAGE_KEYS.LANGUAGE_SOURCE)) { + const detectedLang = i18n.language; + if (detectedLang) { + localStorage.setItem(I18N_STORAGE_KEYS.LANGUAGE, detectedLang); + localStorage.setItem(I18N_STORAGE_KEYS.LANGUAGE_SOURCE, String(LanguageSource.Browser)); + } + } +}); + export function normalizeLanguageCode(languageCode: string): string { // Replace underscores with hyphens to align with i18next/translation file naming const hyphenated = languageCode.replace(/_/g, '-'); @@ -133,6 +162,42 @@ export function toUnderscoreLanguages(languages: string[]): string[] { return languages.map(toUnderscoreFormat); } + +/** + * Get the current language source priority + */ +function getCurrentSourcePriority(): LanguageSource { + const sourceStr = localStorage.getItem(I18N_STORAGE_KEYS.LANGUAGE_SOURCE); + const sourceNum = sourceStr ? parseInt(sourceStr, 10) : null; + return (sourceNum !== null && !isNaN(sourceNum)) ? sourceNum as LanguageSource : LanguageSource.Fallback; +} + +/** + * Set language with priority tracking + * Only updates if new source has equal or higher priority than current + */ +function setLanguageWithPriority(language: string, source: LanguageSource): boolean { + const currentPriority = getCurrentSourcePriority(); + const newPriority = source; + + // Only apply if new source has higher priority + if (newPriority >= currentPriority) { + i18n.changeLanguage(language); + localStorage.setItem(I18N_STORAGE_KEYS.LANGUAGE, language); + localStorage.setItem(I18N_STORAGE_KEYS.LANGUAGE_SOURCE, String(source)); + return true; + } + return false; +} + +/** + * Set user-selected language (highest priority) + * Call this from the UI language selector + */ +export function setUserLanguage(language: string): void { + setLanguageWithPriority(language, LanguageSource.User); +} + /** * Updates the supported languages list dynamically based on config * If configLanguages is null/empty, all languages remain available @@ -178,22 +243,20 @@ export function updateSupportedLanguages(configLanguages?: string[] | null, defa // If current language is not in the new supported list, switch to fallback const currentLang = normalizeLanguageCode(i18n.language || ''); if (currentLang && !validLanguages.includes(currentLang)) { - i18n.changeLanguage(fallback); - } else if (validDefault && !localStorage.getItem('i18nextLng')) { - // User has no saved preference - apply server default - i18n.changeLanguage(validDefault); + setLanguageWithPriority(fallback, LanguageSource.Fallback); + } else if (validDefault) { + // Apply server default (respects user choice if already set) + setLanguageWithPriority(validDefault, LanguageSource.ServerDefault); } } /** * Apply server default locale when user has no saved language preference - * This respects the priority: localStorage > defaultLocale > browser detection > fallback + * This respects the priority: user-selected language > defaultLocale > browser detection > fallback */ function applyDefaultLocale(defaultLocale: string) { - // Only apply if user has no saved preference - if (!localStorage.getItem('i18nextLng')) { - i18n.changeLanguage(defaultLocale); - } + // Apply server default (respects user choice if already set) + setLanguageWithPriority(defaultLocale, LanguageSource.ServerDefault); } export default i18n; diff --git a/frontend/src/desktop/components/SetupWizard/DesktopOAuthButtons.tsx b/frontend/src/desktop/components/SetupWizard/DesktopOAuthButtons.tsx index df66ab13b..72b78be83 100644 --- a/frontend/src/desktop/components/SetupWizard/DesktopOAuthButtons.tsx +++ b/frontend/src/desktop/components/SetupWizard/DesktopOAuthButtons.tsx @@ -91,7 +91,11 @@ export const DesktopOAuthButtons: React.FC = ({ (id as KnownProviderId) in providerConfig; const GENERIC_PROVIDER_ICON = 'oidc.svg'; + console.log('[DesktopOAuthButtons] Received providers:', providers); + console.log('[DesktopOAuthButtons] Mode:', mode, 'Server URL:', serverUrl); + if (providers.length === 0) { + console.warn('[DesktopOAuthButtons] No providers to display, returning null'); return null; } diff --git a/frontend/src/desktop/components/SetupWizard/SelfHostedLoginScreen.tsx b/frontend/src/desktop/components/SetupWizard/SelfHostedLoginScreen.tsx index 9253a80f5..03e653a77 100644 --- a/frontend/src/desktop/components/SetupWizard/SelfHostedLoginScreen.tsx +++ b/frontend/src/desktop/components/SetupWizard/SelfHostedLoginScreen.tsx @@ -43,6 +43,14 @@ export const SelfHostedLoginScreen: React.FC = ({ // Check if username/password authentication is allowed const isUserPassAllowed = loginMethod === 'all' || loginMethod === 'normal'; + console.log('[SelfHostedLoginScreen] Props:', { + serverUrl, + enabledOAuthProviders, + loginMethod, + isUserPassAllowed, + shouldShowOAuth: !!(enabledOAuthProviders && enabledOAuthProviders.length > 0) + }); + const handleSubmit = async () => { // Validation if (!username.trim()) { diff --git a/frontend/src/desktop/components/SetupWizard/ServerSelection.tsx b/frontend/src/desktop/components/SetupWizard/ServerSelection.tsx index 90ce22f1d..bf53cd05b 100644 --- a/frontend/src/desktop/components/SetupWizard/ServerSelection.tsx +++ b/frontend/src/desktop/components/SetupWizard/ServerSelection.tsx @@ -116,9 +116,12 @@ export const ServerSelection: React.FC = ({ onSelect, load // Extract provider IDs from authorization URLs // Example: "/oauth2/authorization/google" → "google" const providerEntries = Object.entries(data.providerList || {}); + console.log('[ServerSelection] providerList from API:', data.providerList); providerEntries.forEach(([path, label]) => { const id = path.split('/').pop(); + console.log('[ServerSelection] Processing provider path:', path, '→ id:', id); if (!id) { + console.warn('[ServerSelection] Skipping provider with empty id:', path); return; } @@ -130,6 +133,7 @@ export const ServerSelection: React.FC = ({ onSelect, load }); console.log('[ServerSelection] ✅ Detected OAuth providers:', enabledProviders); + console.log('[ServerSelection] Login method:', loginMethod); } catch (err) { console.error('[ServerSelection] ❌ Failed to fetch login configuration:', err); diff --git a/frontend/src/desktop/components/SetupWizard/index.tsx b/frontend/src/desktop/components/SetupWizard/index.tsx index e8b435cc8..ec8f03987 100644 --- a/frontend/src/desktop/components/SetupWizard/index.tsx +++ b/frontend/src/desktop/components/SetupWizard/index.tsx @@ -100,6 +100,9 @@ export const SetupWizard: React.FC = ({ onComplete }) => { }; const handleServerSelection = (config: ServerConfig) => { + console.log('[SetupWizard] Server selected:', config); + console.log('[SetupWizard] OAuth providers:', config.enabledOAuthProviders); + console.log('[SetupWizard] Login method:', config.loginMethod); setServerConfig(config); setError(null); setSelfHostedMfaCode(''); @@ -283,7 +286,44 @@ export const SetupWizard: React.FC = ({ onComplete }) => { const currentConfig = await connectionModeService.getCurrentConfig(); if (currentConfig.lock_connection_mode && currentConfig.server_config?.url) { setLockConnectionMode(true); - setServerConfig(currentConfig.server_config); + + // Re-fetch OAuth providers for the saved server URL + const savedUrl = currentConfig.server_config.url.replace(/\/+$/, ''); // Remove trailing slashes + let updatedConfig = { ...currentConfig.server_config }; + + try { + console.log('[SetupWizard] Re-fetching OAuth providers for saved server:', savedUrl); + const response = await fetch(`${savedUrl}/api/v1/proprietary/ui-data/login`); + + if (response.ok) { + const data = await response.json(); + const enabledProviders: any[] = []; + const providerEntries = Object.entries(data.providerList || {}); + + providerEntries.forEach(([path, label]) => { + const id = path.split('/').pop(); + if (id) { + enabledProviders.push({ + id, + path, + label: typeof label === 'string' ? label : undefined, + }); + } + }); + + updatedConfig = { + ...updatedConfig, + enabledOAuthProviders: enabledProviders.length > 0 ? enabledProviders : undefined, + loginMethod: data.loginMethod || 'all', + }; + + console.log('[SetupWizard] Updated config with OAuth providers:', updatedConfig); + } + } catch (err) { + console.error('[SetupWizard] Failed to re-fetch OAuth providers:', err); + } + + setServerConfig(updatedConfig); setActiveStep(SetupStep.SelfHostedLogin); } }; diff --git a/frontend/src/proprietary/auth/UseSession.tsx b/frontend/src/proprietary/auth/UseSession.tsx index 6ad1618c5..a210ce6fb 100644 --- a/frontend/src/proprietary/auth/UseSession.tsx +++ b/frontend/src/proprietary/auth/UseSession.tsx @@ -54,6 +54,7 @@ export function AuthProvider({ children }: { children: ReactNode }) { try { setLoading(true); setError(null); + console.debug('[Auth] refreshSession: start', { path: window.location.pathname }); console.debug('[Auth] Refreshing session...'); const { data, error } = await springAuth.refreshSession(); @@ -70,6 +71,7 @@ export function AuthProvider({ children }: { children: ReactNode }) { console.error('[Auth] Unexpected error during session refresh:', err); setError(err as AuthError); } finally { + console.debug('[Auth] refreshSession: done', { hasSession: !!session }); setLoading(false); } }, []); @@ -109,6 +111,7 @@ export function AuthProvider({ children }: { children: ReactNode }) { const initializeAuth = async () => { try { console.debug(`[Auth:${mountId}] Initializing auth...`); + console.debug(`[Auth:${mountId}] Path: ${window.location.pathname} Search: ${window.location.search}`); // Clear any platform-specific cached auth on login page init. if (typeof window !== 'undefined' && window.location.pathname.startsWith('/login')) { await clearPlatformAuthOnLoginInit(); @@ -137,6 +140,7 @@ export function AuthProvider({ children }: { children: ReactNode }) { setError(err as AuthError); } } finally { + console.debug(`[Auth:${mountId}] Initialize auth complete. mounted=${mounted}`); if (mounted) { setLoading(false); } diff --git a/frontend/src/proprietary/contexts/LicenseContext.tsx b/frontend/src/proprietary/contexts/LicenseContext.tsx index 0f92e3b68..5c0f7947e 100644 --- a/frontend/src/proprietary/contexts/LicenseContext.tsx +++ b/frontend/src/proprietary/contexts/LicenseContext.tsx @@ -1,4 +1,5 @@ import React, { createContext, useContext, useState, useCallback, useEffect, useMemo, useRef, ReactNode } from 'react'; +import { useLocation } from 'react-router-dom'; import licenseService, { LicenseInfo } from '@app/services/licenseService'; import { useAppConfig } from '@app/contexts/AppConfigContext'; import { getSimulatedLicenseInfo } from '@app/testing/serverExperienceSimulations'; @@ -18,6 +19,7 @@ interface LicenseProviderProps { export const LicenseProvider: React.FC = ({ children }) => { const { config } = useAppConfig(); + const location = useLocation(); const configRef = useRef(config); const [licenseInfo, setLicenseInfo] = useState(null); const [loading, setLoading] = useState(true); @@ -33,8 +35,8 @@ export const LicenseProvider: React.FC = ({ children }) => let currentConfig = configRef.current; if (!currentConfig) { console.log('[LicenseContext] Config not loaded yet, waiting...'); - // Wait up to 5 seconds for config to load - const maxWait = 5000; + // OPTIMIZATION: Reduced from 5s to 1s - config should load quickly + const maxWait = 1000; const startTime = Date.now(); while (!configRef.current && Date.now() - startTime < maxWait) { await new Promise(resolve => setTimeout(resolve, 100)); @@ -82,10 +84,25 @@ export const LicenseProvider: React.FC = ({ children }) => // Fetch license info when config changes (only if user is admin) useEffect(() => { + // CRITICAL FIX: Skip license fetch on auth routes to prevent race conditions + // during SAML/OAuth callback processing. License isn't needed until user + // is authenticated and navigates to main app. + const isAuthRoute = + location.pathname === '/login' || + location.pathname === '/signup' || + location.pathname === '/auth/callback' || + location.pathname.startsWith('/invite/'); + + if (isAuthRoute) { + console.log('[LicenseContext] On auth route, skipping license fetch'); + setLoading(false); + return; + } + if (config) { refetchLicense(); } - }, [config, refetchLicense]); + }, [config, refetchLicense, location.pathname]); const contextValue: LicenseContextValue = useMemo( () => ({ @@ -104,6 +121,10 @@ export const LicenseProvider: React.FC = ({ children }) => ); }; +export const useOptionalLicense = (): LicenseContextValue | undefined => { + return useContext(LicenseContext); +}; + export const useLicense = (): LicenseContextValue => { const context = useContext(LicenseContext); if (!context) { diff --git a/frontend/src/proprietary/contexts/UpdateSeatsContext.tsx b/frontend/src/proprietary/contexts/UpdateSeatsContext.tsx index 7d3550eeb..fdc3f4ca7 100644 --- a/frontend/src/proprietary/contexts/UpdateSeatsContext.tsx +++ b/frontend/src/proprietary/contexts/UpdateSeatsContext.tsx @@ -1,10 +1,11 @@ import React, { createContext, useContext, useState, useCallback, useEffect, ReactNode } from 'react'; +import { useLocation } from 'react-router-dom'; import { useTranslation } from 'react-i18next'; import licenseService, {} from '@app/services/licenseService'; import UpdateSeatsModal from '@app/components/shared/UpdateSeatsModal'; import { userManagementService } from '@app/services/userManagementService'; import { alert } from '@app/components/toast'; -import { useLicense } from '@app/contexts/LicenseContext'; +import { useOptionalLicense } from '@app/contexts/LicenseContext'; import { resyncExistingLicense } from '@app/utils/licenseCheckoutUtils'; export interface UpdateSeatsOptions { @@ -27,7 +28,9 @@ interface UpdateSeatsProviderProps { export const UpdateSeatsProvider: React.FC = ({ children }) => { const { t } = useTranslation(); - const { refetchLicense } = useLicense(); + const location = useLocation(); + // Use optional hook - won't throw during setup wizard when license provider isn't needed + const license = useOptionalLicense(); const [isOpen, setIsOpen] = useState(false); const [isLoading, setIsLoading] = useState(false); const [currentSeats, setCurrentSeats] = useState(1); @@ -36,6 +39,20 @@ export const UpdateSeatsProvider: React.FC = ({ childr // Handle return from Stripe billing portal useEffect(() => { + // CRITICAL FIX: Don't run billing check on auth routes to prevent race conditions + // during SAML/OAuth callback. This check only matters after successful billing + // portal redirects, which never happen on auth routes. + const isAuthRoute = + location.pathname === '/login' || + location.pathname === '/signup' || + location.pathname === '/auth/callback' || + location.pathname.startsWith('/invite/'); + + if (isAuthRoute) { + console.log('[UpdateSeatsContext] On auth route, skipping billing return check'); + return; + } + const handleBillingReturn = async () => { const urlParams = new URLSearchParams(window.location.search); const seatsUpdated = urlParams.get('seats_updated'); @@ -58,7 +75,7 @@ export const UpdateSeatsProvider: React.FC = ({ childr console.log('License synced successfully after seat update'); // Refresh global license context - await refetchLicense(); + await license?.refetchLicense(); // Get updated license info for notification const updatedLicense = await licenseService.getLicenseInfo(); @@ -89,8 +106,12 @@ export const UpdateSeatsProvider: React.FC = ({ childr } }; - handleBillingReturn(); - }, [t, refetchLicense]); + // CRITICAL FIX: Properly handle async function and catch errors + handleBillingReturn().catch((error) => { + console.error('[UpdateSeatsContext] Error in billing return handler:', error); + // Don't throw - this is initialization, should not block rendering + }); + }, [t, location.pathname, license]); const openUpdateSeats = useCallback(async (options: UpdateSeatsOptions = {}) => { try { @@ -143,8 +164,8 @@ export const UpdateSeatsProvider: React.FC = ({ childr setCurrentOptions({}); // Refetch license after modal closes to update UI - refetchLicense(); - }, [refetchLicense]); + license?.refetchLicense(); + }, [license]); const handleUpdateSeats = useCallback( async (newSeatCount: number): Promise => { diff --git a/frontend/src/proprietary/routes/AuthCallback.tsx b/frontend/src/proprietary/routes/AuthCallback.tsx index ce7313237..f7c8fa5a1 100644 --- a/frontend/src/proprietary/routes/AuthCallback.tsx +++ b/frontend/src/proprietary/routes/AuthCallback.tsx @@ -33,6 +33,7 @@ export default function AuthCallback() { console.log(`[AuthCallback:${executionId}] Starting authentication callback`); console.log(`[AuthCallback:${executionId}] URL: ${window.location.href}`); console.log(`[AuthCallback:${executionId}] Hash: ${window.location.hash}`); + console.log(`[AuthCallback:${executionId}] Document readyState: ${document.readyState}`); if (typeof window !== 'undefined' && window.sessionStorage.getItem('stirling_sso_auto_login_logged_out') === '1') { console.warn(`[AuthCallback:${executionId}] ⚠️ Logout block active, skipping token processing`); @@ -79,6 +80,7 @@ export default function AuthCallback() { // Dispatch custom event for other components to react to JWT availability window.dispatchEvent(new CustomEvent('jwt-available')); console.log(`[AuthCallback:${executionId}] ✓ Event dispatched`); + console.log(`[AuthCallback:${executionId}] Elapsed after jwt-available: ${(performance.now() - startTime).toFixed(2)}ms`); console.log(`[AuthCallback:${executionId}] Step 4: Validating token with backend`); // Validate the token and load user info @@ -101,7 +103,14 @@ export default function AuthCallback() { await handleAuthCallbackSuccess(token); console.log(`[AuthCallback:${executionId}] ✓ Callback handlers complete`); - console.log(`[AuthCallback:${executionId}] Step 6: Navigating to home page`); + console.log(`[AuthCallback:${executionId}] Step 6: Waiting for context stabilization`); + + // Wait for all context providers to process jwt-available event + // This prevents infinite render loop when coming from cross-domain SAML redirect + await new Promise(resolve => setTimeout(resolve, 100)); + console.log(`[AuthCallback:${executionId}] Elapsed after stabilization wait: ${(performance.now() - startTime).toFixed(2)}ms`); + + console.log(`[AuthCallback:${executionId}] Step 7: Navigating to home page`); // Clear the hash from URL and redirect to home page navigate('/', { replace: true }); diff --git a/frontend/src/proprietary/routes/Landing.tsx b/frontend/src/proprietary/routes/Landing.tsx index 764eea88f..ab55eff78 100644 --- a/frontend/src/proprietary/routes/Landing.tsx +++ b/frontend/src/proprietary/routes/Landing.tsx @@ -29,10 +29,16 @@ export default function Landing() { useEffect(() => { const mountId = Math.random().toString(36).substring(7); console.log(`[Landing:${mountId}] 🔵 Component mounted at ${location.pathname}`); + console.log(`[Landing:${mountId}] Mount state:`, { + authLoading, + configLoading, + backendLoading: backendProbe.loading, + hasSession: !!session, + }); return () => { console.log(`[Landing:${mountId}] 🔴 Component unmounting`); }; - }, [location.pathname]); + }, [location.pathname, authLoading, configLoading, backendProbe.loading, session]); // Periodically probe while backend isn't up so the screen can auto-advance when it comes online useEffect(() => { diff --git a/frontend/src/proprietary/routes/Login.tsx b/frontend/src/proprietary/routes/Login.tsx index f11b8619d..d6105c565 100644 --- a/frontend/src/proprietary/routes/Login.tsx +++ b/frontend/src/proprietary/routes/Login.tsx @@ -197,6 +197,11 @@ export default function Login() { setLoginMethod(data.loginMethod || 'all'); } catch (err) { console.error('[Login] Failed to fetch enabled providers:', err); + // Set default values on error to ensure UI remains functional + // Login method defaults to 'all' to show both SSO and email/password options + setEnableLogin(true); + setLoginMethod('all'); + setEnabledProviders([]); } };