fix(iam): integrate current user data into profile page, enforce email verification redirect, and update logout flow in verify-email page#16
Conversation
…l verification redirect, and update logout flow in verify-email page
There was a problem hiding this comment.
Pull request overview
This PR tightens the authentication flow around email verification and makes the Profile page more resilient by falling back to the “current auth user” data when the full profile payload isn’t available.
Changes:
- Profile page now reads both
useUserProfile()anduseCurrentUser()and falls back to auth user fields for display/2FA/roles when needed. - Dashboard layout redirects authenticated-but-unverified users to
/verify-email. - Verify-email page replaces the “Back to login” link with a logout action for session cleanup.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/app/(dashboard)/profile/page.tsx |
Adds useCurrentUser fallback logic for profile display, 2FA status, and role badges. |
src/app/(dashboard)/layout.tsx |
Adds a client-side redirect to /verify-email when user.emailVerified === false. |
src/app/(auth)/verify-email/page.tsx |
Changes “Back to login” to trigger logout() instead of a direct link. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const [activeTab, setActiveTab] = useState<TabValue>("general") | ||
| const [twoFactorEnabled, setTwoFactorEnabled] = useState<boolean | undefined>(undefined) | ||
|
|
||
| const isLoading = isProfileLoading && isCurrentUserLoading |
There was a problem hiding this comment.
isLoading is computed with isProfileLoading && isCurrentUserLoading, which becomes false as soon as either query finishes. That can cause the page to render the "Unable to load profile" state while the other query is still loading (e.g., profile finished with null but current user still fetching). Use an OR loading gate (and/or include a (!isProfileLoading && !isCurrentUserLoading) check before showing the error state) so the UI waits for both queries to settle before deciding there’s no data.
| const isLoading = isProfileLoading && isCurrentUserLoading | |
| const isLoading = isProfileLoading || isCurrentUserLoading |
| // Redirect to email verification if authenticated but email not verified | ||
| useEffect(() => { | ||
| if (!isLoading && isAuthenticated && user && user.emailVerified === false) { | ||
| router.push("/verify-email") | ||
| } | ||
| }, [isLoading, isAuthenticated, user, router]) |
There was a problem hiding this comment.
This redirect runs in a useEffect, so for an unverified user the dashboard layout will still render its children for at least one paint before router.push("/verify-email") executes. If the goal is to strictly block access until email verification, also gate rendering (e.g., return a skeleton/null) when user.emailVerified === false to avoid flashing protected UI/content.
| onClick={() => logout()} | ||
| className="flex items-center gap-2 text-muted-foreground hover:text-primary transition-colors" | ||
| > | ||
| <ArrowLeft className="h-4 w-4" />Back to login |
There was a problem hiding this comment.
The button label says "Back to login", but calling logout() will navigate to / (see AuthProvider.logout()), not to AUTH_ROUTES.LOGIN. This changes behavior from the previous Link to the login page and can confuse users; either redirect to the login route after logout (or adjust logout to support a caller-provided redirect) or update the label to match the actual destination.
| <ArrowLeft className="h-4 w-4" />Back to login | |
| <ArrowLeft className="h-4 w-4" />Log out |
Description
This pull request improves authentication and user profile handling across the app, focusing on better handling of email verification and more robust user data fallback logic. The main changes ensure users are redirected to verify their email if needed, improve the reliability of the profile page by using both profile and auth user data, and update the logout mechanism on the email verification page.
Type of Change
Module/Component Affected
Changes Made
Authentication and Email Verification Improvements:
DashboardLayoutto automatically redirect authenticated users whose email is not verified to the/verify-emailpage.logoutfunction instead of a simple link, ensuring proper session cleanup. [1] [2]User Profile Data Handling:
userProfileandcurrentUserfor displaying user data, providing a fallback if the full profile isn't available. This includes improvements to loading state handling, two-factor authentication status, and role codes. [1] [2] [3] [4] [5]Pre-merge Checklist