Skip to content

Commit 0d6f166

Browse files
committed
fix(webapp): show magic link confirmation instead of reloading login
The /login/magic route imported a server-only cookie module whose top-level env access was bundled into the client, throwing a TypeError at module eval. That aborted the client-side navigation to the confirmation page, so the browser hard-reloaded back to an empty /login while the email was still sent. Drop the redundant cookie and read the submitted address from the session (auth:email) that the email-link strategy already sets.
1 parent 1a0198c commit 0d6f166

3 files changed

Lines changed: 21 additions & 36 deletions

File tree

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
---
2+
area: webapp
3+
type: fix
4+
---
5+
6+
Fixed submitting your email on the login page reloading back to an empty form instead of showing the magic link confirmation screen.

apps/webapp/app/routes/login.magic/magicLinkEmailCookie.server.ts

Lines changed: 0 additions & 15 deletions
This file was deleted.

apps/webapp/app/routes/login.magic/route.tsx

Lines changed: 15 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,6 @@ import { ssoRedirectForEmail } from "~/services/ssoAutoDiscovery.server";
3434
import { logger, tryCatch } from "@trigger.dev/core/v3";
3535
import { env } from "~/env.server";
3636
import { extractClientIp } from "~/utils/extractClientIp.server";
37-
import { magicLinkEmailCookie } from "./magicLinkEmailCookie.server";
3837

3938
export const meta: MetaFunction = ({ matches }) => {
4039
const parentMeta = matches
@@ -74,12 +73,14 @@ export async function loader({ request }: LoaderFunctionArgs) {
7473
// confirmation renders the flashed error as magicLinkError below.
7574
const url = new URL(request.url);
7675
const sanitized = sanitizeRedirectPath(url.searchParams.get("redirectTo"));
77-
// The submitted address is carried in a short-lived cookie (not the URL) so
78-
// the confirmation can name it. Validate before echoing it back.
79-
const emailCookie = await magicLinkEmailCookie.parse(request.headers.get("Cookie"));
76+
// The email-link strategy stores the submitted address in the session
77+
// (`auth:email`) alongside the magic-link key, so read it from there to name
78+
// the confirmation — no address in the URL, and no separate cookie to leak
79+
// into the client bundle. Validate before echoing it back.
80+
const emailValue = session.get("auth:email");
8081
const email =
81-
typeof emailCookie === "string" && z.string().email().safeParse(emailCookie).success
82-
? emailCookie
82+
typeof emailValue === "string" && z.string().email().safeParse(emailValue).success
83+
? emailValue
8384
: null;
8485
if (!session.has("triggerdotdev:magiclink")) {
8586
// Throw (not return) so the redirect doesn't widen the loader's return
@@ -215,20 +216,13 @@ export async function action({ request }: ActionFunctionArgs) {
215216
return redirect(ssoRedirect);
216217
}
217218

218-
// authenticator.authenticate throws its redirect Response; attach the
219-
// sent-to email as a short-lived cookie so the confirmation can name it
220-
// without putting the address in the URL.
221-
try {
222-
return await authenticator.authenticate("email-link", request, {
223-
successRedirect: "/login/magic",
224-
failureRedirect: "/login",
225-
});
226-
} catch (thrown) {
227-
if (thrown instanceof Response) {
228-
thrown.headers.append("Set-Cookie", await magicLinkEmailCookie.serialize(email));
229-
}
230-
throw thrown;
231-
}
219+
// The email-link strategy stores the address in the session (`auth:email`)
220+
// and throws its own redirect Response (with the committed session cookie),
221+
// so return it directly — the confirmation reads the email from the session.
222+
return await authenticator.authenticate("email-link", request, {
223+
successRedirect: "/login/magic",
224+
failureRedirect: "/login",
225+
});
232226
}
233227
case "reset":
234228
default: {
@@ -260,7 +254,7 @@ export default function LoginMagicLinkPage() {
260254
</Header1>
261255
<Fieldset className="flex w-full flex-col items-center gap-y-2">
262256
<InboxArrowDownIcon className="mb-4 h-12 w-12 text-indigo-500" />
263-
<Paragraph className="mb-6 text-center [text-wrap:balance]">
257+
<Paragraph className="mb-6 text-center">
264258
{email ? (
265259
<>
266260
We emailed a magic link to <span className="text-text-bright">{email}</span> to

0 commit comments

Comments
 (0)