pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

docs: record auth fixes — login verified end-to-end (admin@test.de)
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Patrick Plate
2026-06-13 10:14:21 +02:00
parent 281adda27c
commit 2347a7a1d9
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/ROO-HANDOVER.md
+29
View File
@@ -6,6 +6,35 @@
--- ---
## ✅ LOGIN WORKING — 2026-06-13 (update 2) — full auth flow verified
After deploy, login showed a client-side "Oops! Something went wrong" error boundary.
Four more root causes, all fixed and verified (`signin → 302 → /dashboard`, session
populated with `role: ADMIN` + `clubId`):
4. **NextAuth `MissingSecret` → "Oops" error boundary** — override env (TrueNAS, not git)
NextAuth v5 (Auth.js) reads **`AUTH_SECRET`**, not `NEXTAUTH_SECRET`. The runtime env had
only `NEXTAUTH_SECRET`, so `signIn` threw `MissingSecret` → the React error boundary fired.
Added `AUTH_SECRET` (+ `AUTH_TRUST_HOST=true`) to the frontend service in the TrueNAS override.
5. **No seed data** — DB had 0 users. Seeded club + admin (`admin@test.de`). The seed comment's
BCrypt hash was for "password", not "test123" — regenerated a correct hash for `test123`.
6. **Backend HTTP 500 after successful auth: `Illegal base64 character: '-'`** — commit `dac884c`
`JwtService.getSigningKey()` does `Decoders.BASE64.decode(secret)`. The compose secret
`docker-dev-secret-key-...-for-hmac` is plaintext with hyphens (not valid base64), so signing
the JWT threw once credentials passed. Replaced with a real base64 secret (`openssl rand -base64 48`).
7. **NextAuth `CredentialsSignin` — API/frontend contract mismatch** — commit `281adda`
`authorize()` read `data.member.id/email/clubName/clubId`, but the backend `LoginResponse` is
**flat**: `{ accessToken, refreshToken, expiresIn, role }` — no `member` object. Accessing
`data.member.id` on `undefined` threw → `authorize` returned null. Fixed by decoding the JWT
payload for identity claims (`sub`=userId, `email`, `tenant_id`=clubId) + the flat `role`.
**Login credentials:** `admin@test.de` / `test123` (dev seed).
---
## ✅ RESOLVED — 2026-06-13 — CannaManage live at http://192.168.188.119:3000 ## ✅ RESOLVED — 2026-06-13 — CannaManage live at http://192.168.188.119:3000
All blocking issues fixed. Stack is up on TrueNAS (backend + db healthy, frontend serving). All blocking issues fixed. Stack is up on TrueNAS (backend + db healthy, frontend serving).