fix(auth): revoke JWT on logout and harden Google sign-in
Logout now increments sessionVersion so existing JWTs are rejected server-side, deletes orphaned DB sessions, and uses redirectTo for signOut. Google OAuth requests account selection each time; optional AUTH_GOOGLE_PROMPT=login forces Google re-authentication on shared devices. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -44,12 +44,20 @@ function LoginButton() {
|
||||
export function LoginForm({
|
||||
allowRegister = true,
|
||||
googleAuthEnabled = false,
|
||||
authError,
|
||||
}: {
|
||||
allowRegister?: boolean;
|
||||
googleAuthEnabled?: boolean;
|
||||
authError?: string;
|
||||
}) {
|
||||
const [errorMessage, dispatch] = useActionState(authenticate, undefined);
|
||||
const { t } = useLanguage();
|
||||
const oauthError =
|
||||
authError === 'SessionRequired'
|
||||
? t('auth.sessionExpired')
|
||||
: authError === 'OAuthAccountNotLinked'
|
||||
? t('auth.oauthAccountNotLinked')
|
||||
: authError ?? null;
|
||||
|
||||
return (
|
||||
<div className="bg-white dark:bg-[var(--background)]/50 border border-[var(--border)] p-8 md:p-10 rounded-[48px] shadow-2xl">
|
||||
@@ -63,6 +71,12 @@ export function LoginForm({
|
||||
</p>
|
||||
</div>
|
||||
|
||||
{oauthError && (
|
||||
<p className="text-sm text-red-500 text-center px-2" role="alert">
|
||||
{oauthError}
|
||||
</p>
|
||||
)}
|
||||
|
||||
{googleAuthEnabled && (
|
||||
<>
|
||||
<GoogleSignInButton label={t('auth.continueWithGoogle')} />
|
||||
|
||||
Reference in New Issue
Block a user