Fix 500 on /login when a Kratos session exists but no app JWT (session_already_available)
Repro: register a new account, then click back from the password/verification step to /login → 500. Registration's `session` hook signs the user in at Kratos but routes to the verification UI, not /auth/complete, so they hold a Kratos session with NO app JWT — ctx.user is null, the "already signed in -> /dashboard" short-circuit can't fire, and initialising a login flow makes Kratos return 400 `session_already_available`. The flow-init catch only handled 403/404/410 and 5xx, so the 400 fell through to `throw` -> catch-all 500. Recover instead: on `session_already_available` (already authenticated at Kratos), 303 to /auth/complete to mint the JWT from the live session, preserving return_to. A genuinely unexpected Kratos 400 still surfaces as 500. Verified live: /login (Kratos session, no JWT) now 303s to /auth/complete, which mints plainpages_jwt and lands on /dashboard. Also default LOG_LEVEL to debug in the dev override (compose.override.yml) for verbose local logs. Tests-first: app.test asserts the session-race recovers to /auth/complete (return_to carried) while an unrelated 400 stays a 500. typecheck + 361 units green.
This commit is contained in:
@@ -12,6 +12,7 @@ services:
|
||||
APP_URL: ${APP_URL:-http://localhost:3000}
|
||||
CACHE_TEMPLATES: "false"
|
||||
LOG_FORMAT: "text" # human-readable logs in dev (base sets json for prod log pipelines)
|
||||
LOG_LEVEL: "debug" # verbose by default while developing (base defaults to info)
|
||||
REQUIRE_SECURE_SECRETS: "false"
|
||||
SECURE_COOKIES: "false" # dev serves http — Secure cookies wouldn't be sent
|
||||
SCHEDULING_UPSTREAM: "http://shifts-upstream:4000" # reference plugin → the dev mock backend
|
||||
|
||||
Reference in New Issue
Block a user