fix: Prevent login page redirect loop and race conditions

Author: jhf

app/src/app/login/LoginClientBoundary.tsx

@@ -30,6 +30,7 @@ export default function LoginClientBoundary() {
   const nextPath = searchParams.get('next');
   const authStatus = useAtomValue(authStatusAtom);
   const [pendingRedirect, setPendingRedirect] = useAtom(pendingRedirectAtom);
+  const loginActionIsActive = useAtomValue(loginActionInProgressAtom);
   const [lastPathBeforeAuthChange, setLastPathBeforeAuthChange] = useAtom(lastKnownPathBeforeAuthChangeAtom);
   const pathname = usePathname();
   const [state, send] = useAtom(loginPageMachineAtom);
@@ -69,8 +70,9 @@ export default function LoginClientBoundary() {
       return;
     }
 
-    // If the machine wants to redirect AND no redirect is currently pending, set one.
-    if (state.matches('redirecting') && pendingRedirect === null) {
+    // If the machine wants to redirect AND no redirect is currently pending,
+    // AND a login action isn't already handling the redirect, set one.
+    if (state.matches('redirecting') && pendingRedirect === null && !loginActionIsActive) {
       let targetRedirectPath: string;
 
       // Prioritize the path stored before a cross-tab auth change.
@@ -85,7 +87,7 @@ export default function LoginClientBoundary() {
       // Clear the last path atom after using it for a redirect.
       setLastPathBeforeAuthChange(null);
     }
-  }, [clientMounted, state, nextPath, lastPathBeforeAuthChange, setLastPathBeforeAuthChange, pendingRedirect, setPendingRedirect]);
+  }, [clientMounted, state, nextPath, lastPathBeforeAuthChange, setLastPathBeforeAuthChange, pendingRedirect, setPendingRedirect, loginActionIsActive]);
 
   // Render content based on the machine's state.
   if (state.matches('showingForm')) {

app/src/atoms/JotaiAppProvider.tsx

@@ -595,6 +595,10 @@ export const StateInspector = () => {
 
   // Atoms for redirect logic debugging
   const pathname = usePathname(); // Get current pathname
+  const pendingRedirectValue = useAtomValue(pendingRedirectAtom);
+  const requiredSetupRedirectValue = useAtomValue(requiredSetupRedirectAtom);
+  const loginActionInProgressValue = useAtomValue(loginActionInProgressAtom);
+  const lastKnownPathValue = useAtomValue(lastKnownPathBeforeAuthChangeAtom);
   const restClientFromAtom = useAtomValue(importedRestClientAtom);
   const activityStandardFromAtom = useAtomValue(activityCategoryStandardSettingAtomAsync);
   const numberOfRegionsFromAtom = useAtomValue(numberOfRegionsAtomAsync);
@@ -660,6 +664,12 @@ export const StateInspector = () => {
         loading: workerStatusValue.loading,
         error: workerStatusValue.error,
       },
+      navigationState: {
+        pendingRedirect: pendingRedirectValue,
+        requiredSetupRedirect: requiredSetupRedirectValue,
+        loginActionInProgress: loginActionInProgressValue,
+        lastKnownPathBeforeAuthChange: lastKnownPathValue,
+      },
       redirectRelevantState: {
         authCheckDone: authLoadableValue.state !== 'loading',
         isRestClientReady: !!restClientFromAtom,
@@ -765,9 +775,14 @@ export const StateInspector = () => {
           </div>
 
           <div>
-            <strong>Redirect Relevant State:</strong>
+            <strong>Navigation & Redirect Debugging:</strong>
             <div className="pl-4 mt-1 space-y-1">
               <div><strong>Pathname:</strong> {pathname}</div>
+              <div><strong>Pending Redirect:</strong> {pendingRedirectValue || 'None'}</div>
+              <div><strong>Required Setup Redirect:</strong> {requiredSetupRedirectValue || 'None'}</div>
+              <div><strong>Login Action in Progress:</strong> {loginActionInProgressValue ? 'Yes' : 'No'}</div>
+              <div><strong>Last Known Path (pre-auth):</strong> {lastKnownPathValue || 'None'}</div>
+              <hr className="my-1 border-gray-500" />
               <div><strong>Auth Check Done:</strong> {authLoadableValue.state !== 'loading' ? 'Yes' : 'No'}</div>
               <div><strong>REST Client Ready:</strong> {restClientFromAtom ? 'Yes' : 'No'}</div>
               <div><strong>Activity Standard:</strong> {activityStandardFromAtom === null ? 'Null' : JSON.stringify(activityStandardFromAtom)}</div>

app/src/atoms/auth.ts

@@ -294,19 +294,25 @@ export const loginAtom = atom(
 
       // Successfully authenticated (200 OK and is_authenticated: true implied or explicit from responseData)
       // After successful login, the backend sets cookies.
-      // We need to refresh our authStatusCoreAtom to read the new state.
-      await set(fetchAuthStatusAtom);
 
       // Signal that a login action is now managing the redirect.
-      // This must be set BEFORE pendingRedirectAtom to allow RedirectHandler to identify the source.
+      // This must be set BEFORE awaiting the auth status fetch to prevent race conditions
+      // with other components that might react to the auth state change.
       set(loginActionInProgressAtom, true);
 
+      // We need to refresh our authStatusCoreAtom to read the new state.
+      await set(fetchAuthStatusAtom);
+
       // The call to `await set(fetchAuthStatusAtom)` will now handle triggering the cross-tab sync
       // if the authentication state has changed.
 
       // Set pendingRedirectAtom to trigger navigation.
       // Prioritize nextPath if available and valid, otherwise default to '/'.
-      const redirectTarget = nextPath && nextPath.startsWith('/') ? nextPath : '/';
+      let redirectTarget = nextPath && nextPath.startsWith('/') ? nextPath : '/';
+      // Ensure we don't redirect back to the login page after a successful login.
+      if (redirectTarget === '/login') {
+        redirectTarget = '/';
+      }
       set(pendingRedirectAtom, redirectTarget);
 
     } catch (error) {