/* global React, Button, Icon, LoadingSpinner, LiveMonitorPanel, apiFetch, extractInvitationToken, setAuthNextPath, useAuth, validateBrowserReturnPath */ const { useEffect: useEffectAuthPage, useMemo: useMemoAuthPage, useRef: useRefAuthPage, useState: useStateAuthPage } = React; const SIGNUP_PENDING_STORAGE_KEY = 'armature.signupPending'; const RESEND_COOLDOWN_SECONDS = 30; function readSignupPending() { try { const raw = window.sessionStorage.getItem(SIGNUP_PENDING_STORAGE_KEY); if (!raw) return null; const parsed = JSON.parse(raw); if (!parsed || typeof parsed.email !== 'string') return null; return { email: parsed.email, lastResendAt: Number(parsed.lastResendAt) || 0 }; } catch { return null; } } function writeSignupPending(value) { try { window.sessionStorage.setItem(SIGNUP_PENDING_STORAGE_KEY, JSON.stringify(value)); } catch { // sessionStorage may be unavailable (e.g. private mode) — resend just won't survive a refresh } } function clearSignupPending() { try { window.sessionStorage.removeItem(SIGNUP_PENDING_STORAGE_KEY); } catch { // ignore } } function remainingCooldownSeconds(lastResendAt) { if (!lastResendAt) return 0; const elapsed = Math.floor((Date.now() - lastResendAt) / 1000); return Math.max(0, RESEND_COOLDOWN_SECONDS - elapsed); } function parseAuthQuery(queryString) { const params = new URLSearchParams(queryString || ''); return { invite: params.get('invite') || extractInvitationToken(params.get('invite_link') || ''), plan: params.get('plan') || '', billing: params.get('billing') || params.get('period') || 'monthly', demo: params.get('demo') === '1' ? '1' : '', next: params.get('next') || '', }; } function isValidEmail(value) { const email = String(value || '').trim(); // Keep this aligned with backend lookup validation. return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email); } function planIntentQuerySuffix(query, inviteToken = '') { const params = new URLSearchParams(); if (!inviteToken && query.plan) { params.set('plan', query.plan); params.set('billing', query.billing); if (query.demo) params.set('demo', query.demo); } const queryString = params.toString(); return queryString ? `?${queryString}` : ''; } /** * @param {{ children: React.ReactNode, title: React.ReactNode, subtitle: React.ReactNode, monitorCaption?: string, panelClassName?: string, eyebrow?: string, phaseKey?: string }} props */ function AuthMarketingShell({ children, title, subtitle, monitorCaption, panelClassName = '', eyebrow = '', phaseKey = '' }) { const isCentered = panelClassName === 'auth-panel-centered'; const contentClassName = isCentered ? 'auth-panel-main auth-panel-main-centered' : 'auth-panel-main'; return (

{eyebrow ?

{eyebrow}

: null} {title ?

{title}

: null} {subtitle ?

{subtitle}

: null} {children}

Stuck? Email us

); } function canUseSupabaseAuth(auth) { return Boolean(auth?.config?.authConfigured && auth?.client); } function canUseDevAccess(auth) { return Boolean(auth?.config?.devAuthEnabled && auth?.config?.devAuthToken); } function AuthUnavailableMessage() { return (

Authentication is temporarily unavailable. Refresh and try again, or contact support if this continues.

); } function DevAccessForm({ navigate, nextPath, firstName = '' }) { const auth = useAuth(); const configuredToken = auth?.config?.devAuthToken || ''; const [token, setToken] = useStateAuthPage(configuredToken); const [message, setMessage] = useStateAuthPage(''); const [busy, setBusy] = useStateAuthPage(false); useEffectAuthPage(() => { setToken(configuredToken); }, [configuredToken]); async function submit(event) { event.preventDefault(); setBusy(true); setMessage(''); try { await auth.useAccessToken(token, { flush: true }); if (firstName.trim()) { await apiFetch('/api/me/profile', { method: 'POST', body: JSON.stringify({ first_name: firstName, last_name: '' }), }); await auth.refreshMe({ flush: true }); } navigate(nextPath); } catch (error) { setMessage(error.message || 'Dev access failed'); } finally { setBusy(false); } } return ( ); } function EmailFirstAuthPage({ navigate, queryString = '', variant = 'signup' }) { const auth = useAuth(); const query = useMemoAuthPage(() => parseAuthQuery(queryString), [queryString]); const [preview, setPreview] = useStateAuthPage(null); const [phase, setPhase] = useStateAuthPage('email'); const [firstName, setFirstName] = useStateAuthPage(''); const [email, setEmail] = useStateAuthPage(''); const [password, setPassword] = useStateAuthPage(''); const [showPassword, setShowPassword] = useStateAuthPage(false); const [busyAction, setBusyAction] = useStateAuthPage(''); const [message, setMessage] = useStateAuthPage(''); const firstInputRef = useRefAuthPage(null); const firstNameInputRef = useRefAuthPage(null); const passwordInputRef = useRefAuthPage(null); const inviteToken = query.invite; const orgName = preview?.organization?.name; const isSignupVariant = variant === 'signup'; const canUseSupabase = canUseSupabaseAuth(auth); const authErrorMessage = auth?.error?.message || ''; const businessEmailWarn = /@(gmail|yahoo|hotmail|outlook)\./i.test(email.trim()); const onboardingNextPath = inviteToken ? `/invite/${inviteToken}/accept` : '/onboarding/workspace'; const planQuerySuffix = planIntentQuerySuffix(query, inviteToken); const emailConfirmationNextPath = `${onboardingNextPath}${planQuerySuffix}`; const oauthNextPath = inviteToken ? onboardingNextPath : (query.plan ? `/onboarding/plan${planQuerySuffix}` : '/dashboard'); const planQuerySuffixSignin = planIntentQuerySuffix(query, query.invite); const oauthAuthorizeNext = typeof validateAuthNextTarget === 'function' ? validateAuthNextTarget(query.next) : null; const googleNextPath = oauthAuthorizeNext || oauthNextPath; const nextPathAfterSignin = oauthAuthorizeNext || (query.invite ? `/invite/${query.invite}/accept` : (query.plan ? `/onboarding/plan${planQuerySuffixSignin}` : '/dashboard')); const devNextPath = isSignupVariant ? emailConfirmationNextPath : nextPathAfterSignin; useEffectAuthPage(() => { requestAnimationFrame(() => { if (phase === 'email') firstInputRef.current?.focus(); else if (phase === 'signup') firstNameInputRef.current?.focus(); else if (phase === 'signin') passwordInputRef.current?.focus(); }); }, [phase]); useEffectAuthPage(() => { let cancelled = false; async function loadPreview() { if (!inviteToken) { setPreview(null); return; } try { const result = await apiFetch(`/api/invitations/${inviteToken}`); if (!cancelled) setPreview(result); } catch (error) { if (!cancelled) setMessage(error.message || 'Invite could not be loaded'); } } loadPreview(); return () => { cancelled = true; }; }, [inviteToken]); async function run(action, key) { setBusyAction(key); setMessage(''); try { await action(); } catch (error) { const msg = error?.message || ''; if (/already registered|already been registered|user already exists/i.test(msg)) { setMessage('An account with this email already exists. Sign in instead.'); setPhase('signin'); setPassword(''); return; } setMessage(msg || 'Authentication failed'); } finally { setBusyAction(''); } } async function continueFromEmail(event) { event.preventDefault(); const trimmed = email.trim(); if (!trimmed) throw new Error('Enter your email address'); if (!isValidEmail(trimmed)) throw new Error('Enter a valid email address'); try { const result = await apiFetch(`/api/auth/lookup-email?email=${encodeURIComponent(trimmed)}`); if (result.lookupAvailable === false) { setPhase('signup'); return; } setPhase(result.exists ? 'signin' : 'signup'); } catch (error) { throw new Error(error.message || 'Could not continue. Try again or use Google.'); } } async function submitSignin(event) { event.preventDefault(); const trimmedEmail = email.trim(); const skipMeRefresh = Boolean(query.invite); await auth.signInWithPassword(trimmedEmail, password, { flush: true, skipMeRefresh }); if (oauthAuthorizeNext) { window.location.assign(oauthAuthorizeNext); return; } navigate(nextPathAfterSignin); } async function submitSignup(event) { event.preventDefault(); if (password.length < 8) throw new Error('Password must be at least 8 characters'); const trimmedEmail = email.trim(); const skipMeRefresh = Boolean(inviteToken); const result = await auth.signUpWithPassword(trimmedEmail, password, { nextPath: emailConfirmationNextPath, skipMeRefresh }); if (!result?.data?.session) { // Supabase obfuscates duplicate signups by returning user metadata // without a session — empty `identities`, and (sometimes) populated // confirmation / sign-in timestamps. Those response-level signals are // the only safe duplicate detector here: a re-fetch of // `/api/auth/lookup-email` would always say `exists:true` because // `auth.signUpWithPassword` just inserted into `auth.users` (PR #398 // made the lookup authoritative against that table), so every brand // new signup would be misrouted to "account already exists". const identities = result?.data?.user?.identities; const existingBySupabaseHint = Array.isArray(identities) && identities.length === 0; const existingByConfirmedHint = Boolean( result?.data?.user?.email_confirmed_at || result?.data?.user?.confirmed_at || result?.data?.user?.last_sign_in_at, ); if (existingBySupabaseHint || existingByConfirmedHint) { setMessage('An account with this email already exists. Sign in instead.'); setPhase('signin'); setPassword(''); return; } writeSignupPending({ email: trimmedEmail, lastResendAt: 0 }); const params = new URLSearchParams(); params.set('email', trimmedEmail); if (inviteToken) params.set('invite', inviteToken); if (!inviteToken && query.plan) { params.set('plan', query.plan); params.set('billing', query.billing); if (query.demo) params.set('demo', query.demo); } navigate(`/signup/verify-email?${params.toString()}`); return; } await apiFetch('/api/me/profile', { method: 'POST', body: JSON.stringify({ first_name: firstName, last_name: '' }), }); if (inviteToken) { navigate(emailConfirmationNextPath); return; } await auth.refreshMe({ flush: true }); navigate(emailConfirmationNextPath); } async function google() { setAuthNextPath(googleNextPath); await auth.signInWithGoogle({ nextPath: googleNextPath }); } function backToEmail() { setPhase('email'); setPassword(''); setMessage(''); } function backToSignin() { setPhase('signin'); setMessage(''); } function startForgotPassword() { setPhase('forgot'); setMessage(''); } async function submitForgotPassword(event) { event.preventDefault(); const trimmed = email.trim(); if (!trimmed) throw new Error('Enter your email address'); if (!isValidEmail(trimmed)) throw new Error('Enter a valid email address'); await auth.resetPasswordForEmail(trimmed, { nextPath: '/reset-password' }); setPhase('forgot-sent'); } const signupReady = firstName.trim() && email.trim() && password.length >= 8; const inviteTitle = inviteToken && orgName ? ( <>Join {orgName} ) : null; const continueTitle = <>Continue to Armature; const welcomeBackTitle = <>Welcome back; const almostThereTitle = inviteTitle || <>Almost there; const forgotTitle = <>Reset your password; const forgotSentTitle = <>Check your inbox; const shellTitle = phase === 'email' ? continueTitle : phase === 'signin' ? welcomeBackTitle : phase === 'forgot' ? forgotTitle : phase === 'forgot-sent' ? forgotSentTitle : almostThereTitle; const shellSubtitle = phase === 'email' ? (inviteToken ? 'Accept your workspace invite to continue.' : '') : phase === 'signin' ? <>Signing in as {email.trim() || '…'} : phase === 'forgot' ? <>We'll send a reset link to {email.trim() || '…'} : phase === 'forgot-sent' ? <>We sent a reset link to {email.trim() || '…'}. Open it to set a new password. : <>Creating an account for {email.trim() || '…'}; const monitorCaption = phase === 'email' && !isSignupVariant ? 'while you sign in - workspace checks are running' : 'while you continue - workspace checks are running'; if (!auth.config) { if (auth.error) { return (

{auth.error.message || 'Could not load authentication configuration.'}

); } return (

); } return ( {inviteToken && preview?.status === 'active' && (

You have been invited to {orgName} as {preview.role}.

)} {canUseSupabase ? ( <> {phase === 'email' && ( )} {phase === 'signin' && ( )} {phase === 'forgot' && ( )} {phase === 'forgot-sent' && (

)} {phase === 'signup' && ( )} ) : canUseDevAccess(auth) ? ( ) : ( )} {authErrorMessage &&

{authErrorMessage}

} {message &&

{message}

} ); } function SignupPage(props) { return ; } function SigninPage(props) { return ; } function webmailUrlForEmail(email) { const domain = (email.split('@')[1] || '').toLowerCase(); if (!domain) return null; if (domain === 'gmail.com' || domain === 'googlemail.com') { return { label: 'Open Gmail', href: 'https://mail.google.com/mail/u/0/#inbox' }; } if (domain === 'outlook.com' || domain === 'hotmail.com' || domain === 'live.com' || domain === 'msn.com') { return { label: 'Open Outlook', href: 'https://outlook.live.com/mail/0/inbox' }; } if (domain === 'yahoo.com' || domain === 'yahoo.co.uk' || domain === 'ymail.com') { return { label: 'Open Yahoo Mail', href: 'https://mail.yahoo.com/' }; } return null; } function VerifyEmailPage({ navigate, queryString = '' }) { const auth = useAuth(); const params = useMemoAuthPage(() => new URLSearchParams(queryString || ''), [queryString]); const querySuffix = queryString ? `?${queryString}` : ''; const pending = useMemoAuthPage(() => readSignupPending(), []); const urlEmail = (params.get('email') || '').trim().toLowerCase(); const storedEmail = (pending?.email || '').trim().toLowerCase(); const trustedEmail = pending?.email && (!urlEmail || urlEmail === storedEmail) ? pending.email : ''; const displayEmail = trustedEmail || pending?.email || ''; const afterConfirmationPath = params.get('invite') ? `/invite/${params.get('invite')}/accept` : `/onboarding/workspace${params.get('plan') ? `?plan=${encodeURIComponent(params.get('plan'))}&billing=${encodeURIComponent(params.get('billing') || 'monthly')}${params.get('demo') === '1' ? '&demo=1' : ''}` : ''}`; useEffectAuthPage(() => { if (auth.session) { clearSignupPending(); navigate(afterConfirmationPath); return; } if (!pending) navigate(`/signup${querySuffix}`); }, [auth.session, pending, navigate, querySuffix, afterConfirmationPath]); const [resendBusy, setResendBusy] = useStateAuthPage(false); const [resendMessage, setResendMessage] = useStateAuthPage(''); const [resendError, setResendError] = useStateAuthPage(''); const [cooldown, setCooldown] = useStateAuthPage(() => remainingCooldownSeconds(pending?.lastResendAt)); const webmail = useMemoAuthPage(() => webmailUrlForEmail(displayEmail), [displayEmail]); useEffectAuthPage(() => { if (cooldown <= 0) return undefined; const timer = setTimeout(() => setCooldown((s) => Math.max(0, s - 1)), 1000); return () => clearTimeout(timer); }, [cooldown]); async function handleResend() { if (!trustedEmail || resendBusy || cooldown > 0) return; setResendBusy(true); setResendMessage(''); setResendError(''); try { await auth.resendSignupEmail(trustedEmail, { nextPath: afterConfirmationPath }); const lastResendAt = Date.now(); writeSignupPending({ email: trustedEmail, lastResendAt }); setResendMessage('Confirmation email sent. Check your inbox.'); setCooldown(RESEND_COOLDOWN_SECONDS); } catch (error) { setResendError(error.message || 'Could not resend confirmation email'); } finally { setResendBusy(false); } } function backToSignup() { const back = new URLSearchParams(); if (params.get('invite')) back.set('invite', params.get('invite')); if (params.get('plan')) back.set('plan', params.get('plan')); if (params.get('billing')) back.set('billing', params.get('billing')); if (params.get('demo') === '1') back.set('demo', '1'); clearSignupPending(); const qs = back.toString(); navigate(`/signup${qs ? `?${qs}` : ''}`); } const verifyTitle = <>Check your inbox; const verifySubtitle = displayEmail ? ( <>We sent a confirmation link to {displayEmail}. Open it to finish creating your account. ) : 'We sent you a confirmation link. Open it to finish creating your account.'; return (

{webmail && ( )} {trustedEmail && ( )} {resendMessage &&

{resendMessage}

} {resendError &&

{resendError}

}

The link expires after a short time. If you do not see it, check your spam folder.

Wrong email?

Already confirmed?

); } function ResetPasswordPage({ navigate, queryString = '' }) { const auth = useAuth(); const params = useMemoAuthPage(() => new URLSearchParams(queryString || ''), [queryString]); const passwordInputRef = useRefAuthPage(null); const [password, setPassword] = useStateAuthPage(''); const [confirm, setConfirm] = useStateAuthPage(''); const [showPassword, setShowPassword] = useStateAuthPage(false); const [busy, setBusy] = useStateAuthPage(false); const [message, setMessage] = useStateAuthPage(''); const [done, setDone] = useStateAuthPage(false); const sessionEmail = auth?.session?.user?.email || auth?.me?.profile?.email || ''; useEffectAuthPage(() => { requestAnimationFrame(() => passwordInputRef.current?.focus()); }, []); // No session = the user navigated here directly (or the recovery link // expired). Send them back to /signin so they can request a new reset. useEffectAuthPage(() => { if (auth.config && !auth.session && auth.status !== 'bootstrapping') { navigate(`/signin${queryString ? `?${queryString}` : ''}`); } }, [auth.config, auth.session, auth.status, navigate, queryString]); const ready = password.length >= 8 && password === confirm; async function submit(event) { event.preventDefault(); setMessage(''); if (password.length < 8) { setMessage('Password must be at least 8 characters'); return; } if (password !== confirm) { setMessage('Passwords do not match'); return; } setBusy(true); try { await auth.updatePassword(password, { flush: true }); setDone(true); setTimeout(() => { const nextPath = validateBrowserReturnPath(params.get('next')) || '/dashboard'; navigate(nextPath); }, 1200); } catch (error) { setMessage(error?.message || 'Could not update password'); } finally { setBusy(false); } } const title = done ? <>Password updated : <>Set a new password; const subtitle = done ? 'Signing you in...' : sessionEmail ? <>Choose a new password for {sessionEmail} : 'Choose a new password to finish recovery.'; return ( {done ? (

) : ( )} ); } window.SignupPage = SignupPage; window.SigninPage = SigninPage; window.VerifyEmailPage = VerifyEmailPage; window.ResetPasswordPage = ResetPasswordPage;