Refactor: Implement full authentication overhaul

2025-12-23 16:51:14 -05:00 · 2025-10-14 14:01:17 +00:00
parent ccfa83faee
commit 23f7cbb9de
8 changed files with 525 additions and 122 deletions
--- a/src/pages/AuthCallback.tsx
+++ b/src/pages/AuthCallback.tsx
@@ -4,6 +4,8 @@ import { supabase } from '@/integrations/supabase/client';
 import { useToast } from '@/hooks/use-toast';
 import { Loader2 } from 'lucide-react';
 import { Header } from '@/components/layout/Header';
+import { handlePostAuthFlow } from '@/lib/authService';
+import type { AuthMethod } from '@/types/auth';

 export default function AuthCallback() {
  const navigate = useNavigate();
@@ -71,31 +73,22 @@ export default function AuthCallback() {
          }
        }

-        // Check if MFA step-up is required for OAuth users
+        // Determine authentication method
+        let authMethod: AuthMethod = 'magiclink';
        if (isOAuthUser) {
-          console.log('[AuthCallback] Checking MFA requirements for OAuth user...');
-          
-          try {
-            const { data: factors } = await supabase.auth.mfa.listFactors();
-            const hasMfaEnrolled = factors?.totp?.some(f => f.status === 'verified');
-            
-            const { data: { currentLevel } } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel();
-            
-            console.log('[AuthCallback] MFA status:', {
-              hasMfaEnrolled,
-              currentLevel,
-            });
+          authMethod = 'oauth';
+        }
+        
+        console.log('[AuthCallback] Auth method:', authMethod);

-            if (hasMfaEnrolled && currentLevel === 'aal1') {
-              console.log('[AuthCallback] MFA step-up required, redirecting...');
-              sessionStorage.setItem('mfa_step_up_required', 'true');
-              navigate('/auth/mfa-step-up');
-              return;
-            }
-          } catch (error) {
-            console.error('[AuthCallback] Failed to check MFA status:', error);
-            // Continue anyway - don't block sign-in
-          }
+        // Unified post-authentication flow for ALL methods (OAuth, magic link, etc.)
+        console.log('[AuthCallback] Running post-auth flow...');
+        const result = await handlePostAuthFlow(session, authMethod);
+        
+        if (result.success && result.data?.shouldRedirect) {
+          console.log('[AuthCallback] Redirecting to:', result.data.redirectTo);
+          navigate(result.data.redirectTo);
+          return;
        }

        setStatus('success');