mirror of
https://github.com/harvard-edge/cs249r_book.git
synced 2026-07-16 06:07:17 -05:00
[PR #1887] [MERGED] fix(community): repair profile setup form + dashboard access for email logins #30987
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/harvard-edge/cs249r_book/pull/1887
Author: @farhan523
Created: 6/19/2026
Status: ✅ Merged
Merged: 6/21/2026
Merged by: @profvjreddi
Base:
dev← Head:fix/community-profile-setup-and-dashboard-access📝 Commits (2)
0177c06fix(community): repair profile setup form submissiond70272efix(community): let email-login users reach the dashboard📊 Changes
3 files changed (+110 additions, -97 deletions)
View changed files
📝
tinytorch/quarto/community/modules/guard.js(+90 -48)📝
tinytorch/quarto/community/modules/ui.js(+8 -2)📝
tinytorch/quarto/community/profile_setup.html(+12 -47)📄 Description
Fixes the profile-setup bug reported in discussion #1745 and issue #1813, plus a related dashboard-access bug surfaced while testing.
1. Profile setup form did nothing on submit
profile_setup.htmlreferenced THREE.js shader<script>elementsterrain-vs/terrain-fsthat are not defined anywhere in the page (onlysky-vs/sky-fsexist). At module load:This threw
Uncaught TypeError: Cannot read properties of null (reading 'textContent')before the form'ssubmithandler was attached further down the same module. With no handler, clicking Complete Setup triggered a native form submission → the page reloaded with empty fields and nothing was ever saved. Confirmed live onmlsysbook.ai(profile_setup.html:386).Fix
try/catchso a background failure can never again block the form/auth handlers.forattributes to every label — resolves the "No label associated with the form field" accessibility error noted in the report.2. Email/password logins were redirected to login when opening the dashboard
Email login stores a
tinytorch_tokenbut, when the login response contains norefresh_token, never callssupabase.auth.setSession(...)— so no Supabase client session is created.guard.jsgated access onsupabase.auth.getSession(), which is empty in that case, and bounced logged-in users to login. Meanwhile the rest of the app (dashboard'sfetchUserProgress,profile.js,auth.js) authenticates viatinytorch_token, so the nav showed the user as logged in. Verified:{ token: true, refresh: false, sbKeys: [] }.Fix
guard.js: authenticate viatinytorch_token+ theget-profile-detailsEdge Function (with one refresh retry), consistent with the rest of the app. Fail open on network/timeout; clear session + send to login only when the token is truly dead or the account is gone (404).ui.js: clear the sidebar Dashboard lock icon/tooltip once logged in (updateNavStatepreviously only toggled the top-right icon).Follow-up (out of scope, backend)
The root reason for
refresh: falseis that the Netlify/api/auth/loginendpoint did not return arefresh_token, so no refreshable session is stored. This PR makes the dashboard work while the access token is valid; once it expires with no refresh token the guard correctly sends the user back to login. Returning arefresh_tokenfrom the login endpoint lives in thetinytorch.netlify.appbackend (separate repo).Testing
terrain-vsTypeError on the live site and confirmed it's gone after the change.http://localhost:8000/community/): submitting the setup form now persists and advances; logging in with email/password and clicking Dashboard now loads instead of redirecting to login; the sidebar lock clears when logged in.🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.