Fixed some authentication issues

Author: UmairHundekar

backend/app/routes/auth.py

@@ -17,7 +17,7 @@
 # TODO: ADD RATE LIMITING
 @router.post("/register", response_model=UserCreateResponse)
 async def register_user(user: UserCreateRequest, user_service: UserService = Depends(get_user_service)):
-    allowed_Admins = ["umair.hundekar@uwblueprint.org", "umairmhundekar@gmail.com"]
+    allowed_Admins = ["umair.hkar@gmail.com", "umairmhundekar@gmail.com"]
     if user.role == UserRole.ADMIN:
         if user.email not in allowed_Admins:
             raise HTTPException(status_code=403, detail="Access denied. Admin privileges required for admin portal")

frontend/src/APIClients/authAPIClient.ts

@@ -30,7 +30,7 @@ export interface AuthResult {
   errorCode?: string;
 }
 
-const login = async (email: string, password: string): Promise<AuthResult> => {
+const login = async (email: string, password: string, isAdminPortal: boolean = false): Promise<AuthResult> => {
   try {
     // Validate inputs
     if (!validateEmail(email)) {
@@ -58,12 +58,29 @@ const login = async (email: string, password: string): Promise<AuthResult> => {
     // Attempt backend login
     try {
       const loginRequest: LoginRequest = { email, password };
-      const { data } = await baseAPIClient.post<AuthResponse>('/auth/login', loginRequest, {
-        withCredentials: true,
-      });
+      const headers: any = { withCredentials: true };
+      
+      // Add admin portal header if this is an admin login
+      if (isAdminPortal) {
+        headers.headers = { 'X-Admin-Portal': 'true' };
+      }
+      
+      const { data } = await baseAPIClient.post<AuthResponse>('/auth/login', loginRequest, headers);
       localStorage.setItem(AUTHENTICATED_USER_KEY, JSON.stringify(data));
       return { success: true, user: { ...data.user, ...data } };
-    } catch {
+    } catch (error) {
+      // Handle admin privilege errors specifically
+      if (error && typeof error === 'object' && 'response' in error) {
+        const response = (error as { response?: { status?: number; data?: { detail?: string } } }).response;
+        if (response?.status === 403 && isAdminPortal) {
+          return {
+            success: false,
+            error: 'Access denied. You do not have admin privileges. Please contact an administrator.',
+            errorCode: 'auth/insufficient-privileges',
+          };
+        }
+      }
+      
       // Backend login failure is not critical since Firebase auth succeeded
       return {
         success: true,
@@ -192,22 +209,19 @@ export const register = async ({
       } else {
         console.warn('[REGISTER] Failed to send email verification after registration');
       }
+
+      // Return success with user info - don't try to login since email isn't verified yet
+      return {
+        success: true,
+        user: { email: user.email, uid: user.uid } as unknown as AuthenticatedUser,
+      };
     } catch (firebaseError) {
       console.error('[REGISTER] Firebase sign-in failed:', firebaseError);
       // Continue with registration even if Firebase sign-in fails
       // The user can still verify their email later
-    }
-
-    // Try backend login but don't fail if it doesn't work
-    try {
-      const loginResult = await login(email, password);
-      return loginResult;
-    } catch (loginError) {
-      console.warn('[REGISTER] Backend login failed, but registration was successful:', loginError);
-      // Return success even if backend login fails, since Firebase user was created
       return {
         success: true,
-        user: { email, uid: auth.currentUser?.uid || 'unknown' } as unknown as AuthenticatedUser,
+        user: { email, uid: 'unknown' } as unknown as AuthenticatedUser,
       };
     }
   } catch (error) {
@@ -223,6 +237,10 @@ export const register = async ({
       } else if (response?.status === 400) {
         const detail = response?.data?.detail || 'Invalid registration data';
         return { success: false, error: detail };
+      } else if (response?.status === 403) {
+        // Handle admin privilege errors
+        const detail = response?.data?.detail || 'Access denied';
+        return { success: false, error: detail };
       }
     }
 

frontend/src/pages/admin-login.tsx

@@ -163,7 +163,7 @@ export default function AdminLogin() {
                   marginTop: 6,
                   cursor: 'pointer',
                 }}
-                onClick={() => router.push('/admin-reset-password')}
+                onClick={() => router.push('/reset-password')}
               >
                 Forgot Password?
               </span>

frontend/src/pages/admin-signup.tsx

@@ -38,25 +38,23 @@ export default function AdminLoginPage() {
         signupMethod: SignUpMethod.PASSWORD,
       };
       const result = await register(userData);
-      console.log('Admin registration success:', result);
-      router.push(`/admin-verify?email=${encodeURIComponent(email)}&role=admin`);
-    } catch (err: unknown) {
-      console.error('Admin registration error:', err);
-      if (
-        err &&
-        typeof err === 'object' &&
-        'response' in err &&
-        err.response &&
-        typeof err.response === 'object' &&
-        'data' in err.response &&
-        err.response.data &&
-        typeof err.response.data === 'object' &&
-        'detail' in err.response.data
-      ) {
-        setError((err.response.data as { detail: string }).detail || 'Registration failed');
+      console.log("?", result)
+      // Check if it's an admin privilege error
+      if (!result.success && result.error && result.error.includes('Admin privileges required')) {
+        setError('Access denied. Admin registration is restricted. Please contact an administrator.');
+        return;
+      }
+      
+      // If successful (even if success is false, check if we got a user)
+      if (result.user || result.success) {
+        console.log('Admin registration success:', result);
+        router.push(`/admin-verify?email=${encodeURIComponent(email)}&role=admin`);
       } else {
-        setError('Registration failed');
+        setError(result.error || 'Registration failed');
       }
+    } catch (err: unknown) {
+      console.error('Admin registration error:', err);
+      setError('Registration failed');
     }
   };