fix(ui): try/finally in handleOidcLogin; logout redirects to /login (not ?local)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-26 19:36:23 +02:00
parent b7d390adf4
commit 7565cdcf2f
3 changed files with 52 additions and 21 deletions
--- a/ui/src/auth/LoginPage.tsx
+++ b/ui/src/auth/LoginPage.tsx
@@ -68,27 +68,32 @@ export function LoginPage() {

  const handleOidcLogin = async () => {
    setOidcLoading(true);
-    const { data } = await api.GET('/auth/oidc/config');
-    if (!data?.authorizationEndpoint || !data?.clientId) {
-      setOidcLoading(false);
+    try {
+      const { data } = await api.GET('/auth/oidc/config');
+      if (!data?.authorizationEndpoint || !data?.clientId) {
+        useAuthStore.setState({ error: 'OIDC configuration unavailable. Try the local form via /login?local.' });
+        return;
+      }
+      if (data.endSessionEndpoint) {
+        localStorage.setItem('cameleer-oidc-end-session', data.endSessionEndpoint);
+      }
+      const redirectUri = `${window.location.origin}${config.basePath}oidc/callback`;
+      const scopes = ['openid', 'email', 'profile', ...PLATFORM_SCOPES, ...(data.additionalScopes || [])];
+      const params = new URLSearchParams({
+        response_type: 'code',
+        client_id: data.clientId,
+        redirect_uri: redirectUri,
+        scope: scopes.join(' '),
+      });
+      if (data.resource) params.set('resource', data.resource);
+      // Note: NO prompt=none. Per RFC 9700 §4.4, that's silent re-auth only;
+      // for first-time login it returns login_required and traps users on a local form.
+      window.location.href = `${data.authorizationEndpoint}?${params}`;
+    } catch {
      useAuthStore.setState({ error: 'OIDC configuration unavailable. Try the local form via /login?local.' });
-      return;
+    } finally {
+      setOidcLoading(false);
    }
-    if (data.endSessionEndpoint) {
-      localStorage.setItem('cameleer-oidc-end-session', data.endSessionEndpoint);
-    }
-    const redirectUri = `${window.location.origin}${config.basePath}oidc/callback`;
-    const scopes = ['openid', 'email', 'profile', ...PLATFORM_SCOPES, ...(data.additionalScopes || [])];
-    const params = new URLSearchParams({
-      response_type: 'code',
-      client_id: data.clientId,
-      redirect_uri: redirectUri,
-      scope: scopes.join(' '),
-    });
-    if (data.resource) params.set('resource', data.resource);
-    // Note: NO prompt=none. Per RFC 9700 §4.4, that's silent re-auth only;
-    // for first-time login it returns login_required and traps users on a local form.
-    window.location.href = `${data.authorizationEndpoint}?${params}`;
  };

  return (