fixing auth redirect

vswamidass-sfdc · vswamidass-sfdc · commit e2b4868b1aef · 2025-10-16T09:32:42.000-07:00
diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
@@ -5,21 +5,25 @@ class AuthController < ApplicationController
   skip_before_action :require_login, only: [:get_token, :validate_token]
 
   # GET /auth/get_token
-  # Generate and display API token for authenticated SSO user (for Chrome extensions)
-  # For chrome, we don't need to generate a token, we just need to know the user is authenticated
+  # Return user email for authenticated SSO user (for Chrome extensions)
   def get_token
     Rails.logger.info '=== AUTH GET_TOKEN CALLED ==='
+    Rails.logger.info "Session user_id: #{session[:user_id]}"
     Rails.logger.info "Current user: #{current_user&.email || 'NOT AUTHENTICATED'}"
+    Rails.logger.info "Request path: #{request.fullpath}"
 
-    # User is authenticated via SSO session, generate token
+    # User is authenticated via SSO session, return email
     if current_user
-      Rails.logger.info "User authenticated for browser. #{current_user.email}"
+      Rails.logger.info "✅ User authenticated successfully: #{current_user.email}"
+      # Render the page with current_user available
     else
+      Rails.logger.info "❌ User not authenticated, redirecting to login"
       # User not authenticated, redirect to login with return URL
       redirect_to new_session_path(redirect_to: request.fullpath)
     end
   rescue StandardError => e
     Rails.logger.error "Auth error: #{e.message}"
+    Rails.logger.error e.backtrace.join("\n")
     redirect_to root_path, alert: 'Authentication failed. Please try again.'
   end
 
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -8,19 +8,19 @@ def new
   def create
     user = User.find_by_email(params[:session][:email])
     
-    # Debug logging
-    Rails.logger.info "Login attempt for: #{params[:session][:email]}"
-    
     if user&.authenticate(params[:session][:password])
       login_user(user)
+      Rails.logger.info "User logged in: #{user.email}"
       
       # Use redirect_to parameter if provided, otherwise fallback to previous page or root
       if params[:redirect_to].present?
+        Rails.logger.info "Redirecting to: #{params[:redirect_to]}"
         redirect_to params[:redirect_to]
       else
         redirect_to(root_path)
       end
     else
+      Rails.logger.info "Login failed for: #{params[:session][:email]}"
       # Preserve redirect_to parameter on failed login
       redirect_params = params[:redirect_to].present? ? { redirect_to: params[:redirect_to] } : {}
       redirect_to new_session_url(redirect_params), notice: 'Error logging in.'
diff --git a/app/views/auth/get_token.html.erb b/app/views/auth/get_token.html.erb
@@ -5,123 +5,40 @@
     <div class="text-5xl text-green-500 mb-5">✓</div>
     <h1 class="text-gray-800 mb-5 text-2xl font-semibold">Authentication Successful</h1>
     
-    <p class="mb-5">Your API token has been generated for the Chrome extension:</p>
+    <p class="mb-5">Your user email for the Chrome extension:</p>
     
     <div class="bg-gray-50 border-2 border-dashed border-gray-300 rounded-lg p-5 my-5 break-all font-mono text-sm min-h-15 flex items-center justify-center">
-      <div id="token-display" data-token="<%= current_user.email %>" class="text-gray-500 italic">
-        <% if current_user.email %>
-          Loading token...
-        <% else %>
-          No token available. Please try again.
-        <% end %>
+      <div id="token-display" data-token="<%= current_user&.email %>" class="text-sky-600 font-semibold">
+        <%= current_user&.email || 'No email available. Please try again.' %>
       </div>
     </div>
     
-    <button id="copy-btn" class="bg-sky-600 text-white border-none py-2 px-5 rounded cursor-pointer mt-4 text-sm disabled:bg-gray-400 disabled:cursor-not-allowed hover:bg-sky-700" disabled>Copy Token</button>
-    
     <div class="text-gray-600 text-sm leading-relaxed mt-5">
       <strong>Instructions:</strong><br>
-      1. The token above will be automatically captured by your Chrome extension<br>
-      2. If using manually, copy the token and paste it into your extension<br>
-      3. You can safely close this window after the token is captured
+      Your email above will be automatically captured by your Chrome extension.<br>
+      You can safely close this window after the email is captured.
     </div>
-    
-    <div class="bg-yellow-50 border border-yellow-200 rounded p-4 mt-5 text-yellow-700 text-sm">
-      <strong>Note:</strong> This window will automatically close in 10 seconds, or you can close it manually once the extension has captured the token.
+    <!-- Debug info (remove in production) -->
+    <div class="bg-gray-100 border border-gray-300 rounded p-3 mt-3 text-xs text-gray-600">
+      <strong>Debug:</strong> User: <%= current_user&.email || 'NOT AUTHENTICATED' %> | 
+      Session: <%= session[:user_id] || 'NO SESSION' %>
     </div>
   </div>
 </div>
 
 <script>
-  // Extract token from data attribute
-  function extractToken() {
-    const tokenDisplay = document.getElementById('token-display');
-    const token = tokenDisplay.getAttribute('data-token');
-    return token && token.length > 0 ? token : null;
-  }
-
-  // Display the token
-  function displayToken() {
-    const token = extractToken();
-    const tokenDisplay = document.getElementById('token-display');
-    const copyBtn = document.getElementById('copy-btn');
-    
-    if (token) {
-      tokenDisplay.textContent = token;
-      tokenDisplay.className = 'text-sky-600 font-semibold';
-      copyBtn.disabled = false;
-      
-      // Post message to parent window (for Chrome extension)
-      if (window.opener) {
-        window.opener.postMessage({
-          type: 'FACK_AUTH_TOKEN',
-          token: token,
-          success: true
-        }, '*');
-      }
-      
-      // Also try posting to parent frame
-      if (window.parent && window.parent !== window) {
-        window.parent.postMessage({
-          type: 'FACK_AUTH_TOKEN', 
-          token: token,
-          success: true
-        }, '*');
-      }
-    } else {
-      tokenDisplay.textContent = 'No token found. Please try again.';
-      tokenDisplay.className = 'text-gray-500 italic';
-    }
-  }
-
-  // Copy token to clipboard
-  function copyToken() {
-    const token = extractToken();
-    if (token) {
-      navigator.clipboard.writeText(token).then(() => {
-        const btn = document.getElementById('copy-btn');
-        const originalText = btn.textContent;
-        btn.textContent = 'Copied!';
-        btn.className = btn.className.replace('bg-sky-600', 'bg-green-500').replace('hover:bg-sky-700', '');
-        
-        setTimeout(() => {
-          btn.textContent = originalText;
-          btn.className = btn.className.replace('bg-green-500', 'bg-sky-600') + ' hover:bg-sky-700';
-        }, 2000);
-      }).catch(err => {
-        console.error('Could not copy token:', err);
-        // Fallback: select text
-        const tokenDisplay = document.getElementById('token-display');
-        const range = document.createRange();
-        range.selectNode(tokenDisplay);
-        window.getSelection().removeAllRanges();
-        window.getSelection().addRange(range);
-      });
-    }
-  }
-
-  // Auto-close window after delay
-  function scheduleAutoClose() {
-    setTimeout(() => {
-      if (window.opener || window.parent !== window) {
+  console.log('Auth page loaded - email should be captured by Chrome extension content script');
+  console.log('Email in data-token:', document.getElementById('token-display')?.getAttribute('data-token'));
+  
+  // Auto-close window after extension captures token
+  setTimeout(() => {
+    console.log('Auto-closing window...');
+    if (window.opener || window.parent !== window) {
+      try {
         window.close();
+      } catch (e) {
+        console.log('Could not close window automatically');
       }
-    }, 10000); // 10 seconds
-  }
-
-  // Initialize
-  document.addEventListener('DOMContentLoaded', () => {
-    displayToken();
-    scheduleAutoClose();
-    
-    document.getElementById('copy-btn').addEventListener('click', copyToken);
-    
-    // Listen for messages from Chrome extension
-    window.addEventListener('message', (event) => {
-      if (event.data.type === 'FACK_TOKEN_CAPTURED') {
-        // Extension has captured the token, can close window
-        setTimeout(() => window.close(), 1000);
-      }
-    });
-  });
+    }
+  }, 5000); // Reduced to 5 seconds
 </script>
diff --git a/chrome-extension/auth-content.js b/chrome-extension/auth-content.js
@@ -48,7 +48,7 @@ function checkForToken() {
 
 // Note: The auth page handles postMessage communication directly, so no listener needed here
 
-// Main initialization
+// Main initialization with better redirect handling
 function init() {
   console.log('Initializing auth content script');
   
@@ -57,15 +57,38 @@ function init() {
     return;
   }
   
-  // If not found immediately, wait for DOM to be ready
-  if (document.readyState === 'loading') {
-    document.addEventListener('DOMContentLoaded', () => {
-      setTimeout(() => checkForToken(), 100);
-    });
-  } else {
-    // DOM is already ready, try again after a short delay
+  // Set up polling with multiple attempts
+  let attempts = 0;
+  const maxAttempts = 30; // 15 seconds total (500ms * 30)
+  
+  const pollForToken = () => {
+    attempts++;
+    console.log(`Polling for token, attempt ${attempts}/${maxAttempts}`);
+    
+    if (checkForToken() || attempts >= maxAttempts) {
+      if (attempts >= maxAttempts && !tokenSent) {
+        console.log('❌ Token polling timeout - token not found after 15 seconds');
+      }
+      return;
+    }
+    
+    setTimeout(pollForToken, 500);
+  };
+  
+  // Start polling immediately
+  setTimeout(pollForToken, 100);
+  
+  // Also listen for DOM changes (Turbo redirects)
+  document.addEventListener('DOMContentLoaded', () => {
+    console.log('DOM ready - checking for token again');
     setTimeout(() => checkForToken(), 100);
-  }
+  });
+  
+  // Listen for Turbo redirects specifically  
+  document.addEventListener('turbo:load', () => {
+    console.log('Turbo load detected - checking for token again');
+    setTimeout(() => checkForToken(), 100);
+  });
 }
 
 // Start the initialization
diff --git a/chrome-extension/manifest.json b/chrome-extension/manifest.json
@@ -22,12 +22,13 @@
     },
     {
       "matches": [
+        "http://localhost:3000/auth/get_token",
         "http://localhost:3000/auth/*",
         "http://*/auth/*",
         "https://*/auth/*"
       ],
       "js": ["auth-content.js"],
-      "run_at": "document_start"
+      "run_at": "document_end"
     }
   ],
   "action": {
diff --git a/chrome-extension/test-api.html b/chrome-extension/test-api.html
diff --git a/chrome-extension/test-sidepanel.html b/chrome-extension/test-sidepanel.html
