fix(auth): multi-tab logout sync, distinct reset error codes, case discussion i18n parity#46
Merged
Merged
Conversation
…scussion i18n parity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three independent auth/i18n polish items that share the same surface (auth boundary + cases page in non-EN locales).
Multi-tab logout sync. Logging out in tab A used to leave tab B fully authenticated until its next request came back 401. Added
useStorageAuthSynctohooks/useAuth.js— a one-effect hook that subscribes to thestorageevent onwindow, listens for the auth token being removed in another tab, and reacts by clearing the TanStack Query cache and redirecting to/login. Mounted once byAppLayout. Ignores unrelated keys and ignores events that set a new token (a login in another tab shouldn't bounce the current one).Distinct reset password error codes.
POST /auth/password-reset/confirmreturned a single opaque"Invalid or expired token"for every failure mode, so users couldn't tell whether their link was wrong, already used, or just timed out. Refactoredconfirm_password_resetto return aPasswordResetOutcomeenum (OK/UNKNOWN/USED/EXPIRED). The router maps each non-OK outcome to400with a structureddetail = {code, message}payload. New i18n keysauth:reset.errors.reset_token_invalid|used|expiredin all 5 locales (EN/ES/CA/GL/EU);ResetPasswordPagelooks up the code via a smallresetErrorMessagehelper that falls back to the message orauth:reset.failureif anything's missing.Cases discussion i18n parity (CA/GL/EU). The
discussionblock incases.jsonfor the three minority locales only had the 2 confirm-dialog keys; the 6 inline labels (empty,add,edit,delete,save,cancel) were missing, so users in Catalan/Galician/Basque saw rawdiscussion.addkeys in the case comment thread. Backfilled all 6 with native translations to match the EN/ES baseline.Tests:
test_password_reset.pyextended: three existing 400 cases now also assert the specificdetail.code. 11/11 passing.useStorageAuthSync.test.jsxcovers the three event branches — token removed, unrelated key, token replaced — confirming cache clear + redirect only on the real logout case.ResetPasswordPage.test.jsxparametrized over the three error codes, asserts the localized message lands in the alert.AppLayoutMobile.test.jsxmock foruseAuthextended with auseStorageAuthSyncstub so the layout still renders under test.Frontend suite: 375 passing. Backend: 894.