fix: harden google auth flow and prevent false-success navigation

VarshiniGunti · VarshiniGunti · commit a013b18304e0 · 2026-02-25T21:24:13.000+05:30
diff --git a/app/src/Context/AuthContext.jsx b/app/src/Context/AuthContext.jsx
@@ -15,14 +15,34 @@ export const useAuth = () => {
 };
 const googleProvider = new GoogleAuthProvider();
 const BACKEND = import.meta.env.VITE_BACKEND;
+const parseStoredJSON = (key) => {
+  const rawValue = localStorage.getItem(key);
+  if (!rawValue) return null;
+  try {
+    return JSON.parse(rawValue);
+  } catch {
+    localStorage.removeItem(key);
+    return null;
+  }
+};
+
+const readJsonSafely = async (response) => {
+  const contentType = response.headers.get("content-type") || "";
+  if (!contentType.toLowerCase().includes("application/json")) {
+    return null;
+  }
+  try {
+    return await response.json();
+  } catch {
+    return null;
+  }
+};
 
 export default AuthContext;
 
 export const AuthProvider = ({ children }) => {
   let [authTokens, setAuthTokens] = useState(
-    localStorage.getItem("authTokens")
-      ? JSON.parse(localStorage.getItem("authTokens"))
-      : null,
+    parseStoredJSON("authTokens"),
   );
   let [user, setUser] = useState(
     authTokens ? jwtDecode(authTokens.access) : null,
@@ -32,35 +52,39 @@ export const AuthProvider = ({ children }) => {
 
   const isAuthenticated = Boolean(authTokens?.access);
   let [userNames, setUserNames] = useState(
-    localStorage.getItem("userNames")
-      ? JSON.parse(localStorage.getItem("userNames"))
-      : null,
+    parseStoredJSON("userNames"),
   );
   useEffect(() => {
-  if (authTokens) {
-    setUser(jwtDecode(authTokens.access));
-  } else {
-    setUser(null);
-  }
-  setLoading(false);
-}, [authTokens]);
+    if (authTokens) {
+      setUser(jwtDecode(authTokens.access));
+    } else {
+      setUser(null);
+    }
+    setLoading(false);
+  }, [authTokens]);
 
 
   let getUsernamesData = async (authToken) => {
-    let usernames_response = await fetch(BACKEND + "/userDetails/", {
-      method: "GET",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: "Bearer " + authToken.access,
-      },
-    });
-    let usernames_data = await usernames_response.json();
-    if (usernames_response.status === 200) {
-      localStorage.setItem("userNames", JSON.stringify(usernames_data));
-    } else {
-      console.log("ERROR!!!");
+    if (!authToken?.access) return null;
+    try {
+      let usernames_response = await fetch(BACKEND + "/userDetails/", {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: "Bearer " + authToken.access,
+        },
+      });
+      let usernames_data = await readJsonSafely(usernames_response);
+      if (usernames_response.status === 200 && usernames_data) {
+        localStorage.setItem("userNames", JSON.stringify(usernames_data));
+        return usernames_data;
+      }
+      localStorage.removeItem("userNames");
+      return null;
+    } catch {
+      localStorage.removeItem("userNames");
+      return null;
     }
-    return usernames_data;
   };
   let loginUser = async (form_data) => {
     let response = await fetch(BACKEND + "/api/token/", {
@@ -73,8 +97,8 @@ export const AuthProvider = ({ children }) => {
         password: form_data.password,
       }),
     });
-    let data = await response.json();
-    if (response.status === 200) {
+    let data = await readJsonSafely(response);
+    if (response.status === 200 && data?.access) {
       setAuthTokens(data);
       setUser(jwtDecode(data.access));
       localStorage.setItem("authTokens", JSON.stringify(data));
@@ -124,8 +148,8 @@ export const AuthProvider = ({ children }) => {
           password: form_data.password,
         }),
       });
-      let data = await response.json();
-      if (response.status === 200) {
+      let data = await readJsonSafely(response);
+      if (response.status === 200 && data?.access) {
         setAuthTokens(data);
         setUser(jwtDecode(data.access));
         localStorage.setItem("authTokens", JSON.stringify(data));
@@ -171,70 +195,97 @@ export const AuthProvider = ({ children }) => {
   const SignInWithGoogle = async () => {
     let response;
     try {
+      if (!auth) {
+        alert("Firebase is not configured. Check frontend env values.");
+        return false;
+      }
       response = await signInWithPopup(auth, googleProvider);
       if (response && !(response["status"] === 400)) {
+        const credential = GoogleAuthProvider.credentialFromResult(response);
+        const accessToken =
+          credential?.accessToken || response?.user?.accessToken;
+        if (!accessToken) {
+          alert("Google login failed: missing access token.");
+          return false;
+        }
         let logresponse = await fetch(BACKEND + "/api/token/google/", {
           method: "POST",
           headers: {
             "Content-Type": "application/json",
           },
           body: JSON.stringify({
-            token: response.user.accessToken,
+            token: accessToken,
           }),
         });
-        let data = await logresponse.json();
-        if (logresponse.status === 200) {
+        let data = await readJsonSafely(logresponse);
+        if (logresponse.status === 200 && data?.token?.access) {
           let token = data.token;
           setAuthTokens(token);
           setUser(jwtDecode(token.access));
           localStorage.setItem("authTokens", JSON.stringify(token));
           let usernames_data = await getUsernamesData(token);
           setUserNames(usernames_data);
+          return true;
         } else {
-          alert(data.message);
+          alert(data?.message || "Google login failed.");
+          return false;
         }
       } else {
-        console.log("Please try logging in again");
+        return false;
       }
     } catch (error) {
       console.log(error);
-      console.log("Please try logging in again");
+      alert("Please try logging in again");
+      return false;
     }
-    return response;
   };
   const SignUpWithGoogle = async () => {
     let response;
     try {
+      if (!auth) {
+        alert("Firebase is not configured. Check frontend env values.");
+        return false;
+      }
       response = await signInWithPopup(auth, googleProvider);
       if (response && !(response["status"] === 400)) {
+        const credential = GoogleAuthProvider.credentialFromResult(response);
+        const accessToken =
+          credential?.accessToken || response?.user?.accessToken;
+        if (!accessToken) {
+          alert("Google registration failed: missing access token.");
+          return false;
+        }
         let regresponse = await fetch(BACKEND + "/api/register/google/", {
           method: "POST",
           headers: {
             "Content-Type": "application/json",
           },
           body: JSON.stringify({
-            token: response.user.accessToken,
+            token: accessToken,
             username: response.user.email.split("@")[0],
           }),
         });
-        let data = await regresponse.json();
-        if (regresponse.status === 200) {
+        let data = await readJsonSafely(regresponse);
+        if (regresponse.status === 200 && data?.token?.access) {
           let token = data.token;
           setAuthTokens(token);
           setUser(jwtDecode(token.access));
           localStorage.setItem("authTokens", JSON.stringify(token));
+          let usernames_data = await getUsernamesData(token);
+          setUserNames(usernames_data);
+          return true;
         } else {
           alert("Please Try registering again");
+          return false;
         }
-        console.log(response);
       } else {
-        alert("Please Try registering again");
+        return false;
       }
     } catch (error) {
       console.log(error);
       alert("Please Try registering again");
+      return false;
     }
-    return response;
   };
   let contextData = {
     user: user,
diff --git a/app/src/components/Login.jsx b/app/src/components/Login.jsx
@@ -47,9 +47,12 @@ const Login = () => {
   
   async function handleGoogleAuth(e) {
     e.preventDefault();
-    await SignInWithGoogle();
-    navigate("/");
-  } 
+    const success = await SignInWithGoogle();
+    if (success) {
+      navigate("/");
+    }
+  }
+
   if (loading) {
     return (
       <div
@@ -130,4 +133,4 @@ const Login = () => {
     </div>
   );
 };
-export default Login;
+export default Login;
diff --git a/app/src/components/Register.jsx b/app/src/components/Register.jsx
@@ -57,8 +57,10 @@ const Register = () => {
 
   const handleGoogleRegister = async (e) => {
     e.preventDefault();
-    await SignUpWithGoogle();
-    navigate("/profile");
+    const success = await SignUpWithGoogle();
+    if (success) {
+      navigate("/profile");
+    }
   };
   return (
     <div
