Skip to content

Fix Follow button silent failure for logged-out users#2086

Open
slarson wants to merge 1 commit intocodeforboston:mainfrom
slarson:fix/follow-button-auth-redirect
Open

Fix Follow button silent failure for logged-out users#2086
slarson wants to merge 1 commit intocodeforboston:mainfrom
slarson:fix/follow-button-auth-redirect

Conversation

@slarson
Copy link

@slarson slarson commented Mar 25, 2026

Summary

  • Adds auth guard to Follow button click handlers in FollowButton.tsx and PolicyActions.tsx
  • When a logged-out user clicks Follow, they are now redirected to /login?redirect=currentPath instead of silently failing
  • After login, the user is returned to the page they were on

Problem

On the Testimony Detail page, logged-out visitors can click the "Follow H.xx" button. Because uid is undefined, the Firestore setFollow call fails with "Missing or insufficient permissions" — but the user sees no feedback at all.

Fix

Added a !uid check in handleClick for both BaseFollowButton and PolicyActions. If the user isn't authenticated, router.push(/login?redirect=...) sends them to login with a redirect back to the current page. This matches the existing requireAuth redirect pattern used elsewhere in the app (e.g. auth/service.tsx).

Testing

Tested locally against the shared dev Firebase backend (digital-testimony-dev) using Chrome DevTools Protocol automation:

  1. Reproduced the bug: Navigated to /testimony/JEzCsV1OiC9hwCyrcON5A/1 while logged out, clicked "Follow H.54" — confirmed silent failure with unhandled Firestore permission error and no URL change
  2. Verified the fix: Same steps post-fix — clicking Follow now redirects to /login?redirect=%2Ftestimony%2FJEzCsV1OiC9hwCyrcON5A%2F1
  3. End-to-end redirect flow: Created a throwaway Firebase test user via REST API, filled in the login form, submitted — confirmed redirect back to the original testimony page with the user authenticated and Follow button still present. Test user was deleted after verification.

Closes #2059

Co-authored-with: Claude Code

@slarson
fix: redirect logged-out users to login when clicking Follow button
34b3157 
When a logged-out user clicks the Follow button on the Testimony Detail
page, the action silently fails because uid is undefined and Firestore
rejects the operation with "Missing or insufficient permissions." This
adds an auth guard that redirects to /login?redirect=currentPath, matching
the existing auth redirect pattern used elsewhere in the app.

Closes codeforboston#2059

Co-authored-with: Claude Code
@vercel
Copy link

vercel bot commented Mar 25, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
maple-dev Ready Ready Preview, Comment Mar 25, 2026 0:29am

Request Review

@slarson
Copy link
Author

slarson commented Mar 25, 2026

Hi! I noticed #2063 also addresses this issue. The reviewer there pointed out that the fix only applied to BaseFollowButton in FollowButton.tsx, but the Follow button on the Testimony Detail page (where the bug is most visible) is actually rendered through a separate handleClick in PolicyActions.tsx.

This PR applies the same auth guard pattern to both components:

  • components/shared/FollowButton.tsx (covers bill pages, profile pages, search results)
  • components/testimony/TestimonyDetailPage/PolicyActions.tsx (covers the testimony detail page from the issue repro steps)

I verified the fix end-to-end on the testimony detail page specifically — clicking Follow while logged out now redirects to /login?redirect=..., and after signing in the user lands back on the original testimony page with the Follow button ready to use.

Happy to coordinate with @saschabuehrle if it makes sense to combine efforts or if there's anything I'm missing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sashamaryl sashamaryl Awaiting requested review from sashamaryl sashamaryl is a code owner

@mertbagt mertbagt Awaiting requested review from mertbagt mertbagt is a code owner

@nesanders nesanders Awaiting requested review from nesanders nesanders is a code owner

@mvictor55 mvictor55 Awaiting requested review from mvictor55 mvictor55 is a code owner

@timblais timblais Awaiting requested review from timblais timblais is a code owner

@alexjball alexjball Awaiting requested review from alexjball alexjball is a code owner

@Mephistic Mephistic Awaiting requested review from Mephistic Mephistic is a code owner

@kiminkim724 kiminkim724 Awaiting requested review from kiminkim724 kiminkim724 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Better Error Message for "Follow" Button on Testimony Detail Page

1 participant

@slarson