pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-23 15:11:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Reverted to commit 0091584677

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-11-01 15:22:30 +00:00
parent 26e5753807
commit 133141d474
125 changed files with 2316 additions and 9102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pages/AuthCallback.tsx
View File

@@ -114,15 +114,11 @@ export default function AuthCallback() {
const result = await handlePostAuthFlow(session, authMethod);
if (result.success && result.data?.shouldRedirect) {
// CRITICAL SECURITY FIX: Get factor BEFORE destroying session
// Get factor ID and show modal instead of redirecting
const { data: factors } = await supabase.auth.mfa.listFactors();
const totpFactor = factors?.totp?.find(f => f.status === 'verified');
if (totpFactor) {
// OAuth flow: We can't store the OAuth token, so we keep the AAL1 session
// This is unavoidable for OAuth flows - but RLS blocks sensitive operations
console.log('[AuthCallback] OAuth MFA required - keeping AAL1 session (OAuth limitation)');
setMfaFactorId(totpFactor.id);
setStatus('mfa_required');
return;