[PR #1887] [MERGED] fix(community): repair profile setup form + dashboard access for email logins #36506

Closed
opened 2026-07-16 00:24:08 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/harvard-edge/cs249r_book/pull/1887
Author: @farhan523
Created: 6/19/2026
Status: Merged
Merged: 6/21/2026
Merged by: @profvjreddi

Base: devHead: fix/community-profile-setup-and-dashboard-access


📝 Commits (2)

  • 0177c06 fix(community): repair profile setup form submission
  • d70272e fix(community): let email-login users reach the dashboard

📊 Changes

3 files changed (+110 additions, -97 deletions)

View changed files

📝 tinytorch/quarto/community/modules/guard.js (+90 -48)
📝 tinytorch/quarto/community/modules/ui.js (+8 -2)
📝 tinytorch/quarto/community/profile_setup.html (+12 -47)

📄 Description

Fixes the profile-setup bug reported in discussion #1745 and issue #1813, plus a related dashboard-access bug surfaced while testing.

1. Profile setup form did nothing on submit

profile_setup.html referenced THREE.js shader <script> elements terrain-vs / terrain-fs that are not defined anywhere in the page (only sky-vs / sky-fs exist). At module load:

vertexShader: document.getElementById('terrain-vs').textContent, // null.textContent → TypeError

This threw Uncaught TypeError: Cannot read properties of null (reading 'textContent') before the form's submit handler was attached further down the same module. With no handler, clicking Complete Setup triggered a native form submission → the page reloaded with empty fields and nothing was ever saved. Confirmed live on mlsysbook.ai (profile_setup.html:386).

Fix

  • Remove the dead terrain mesh/material code (the referenced shaders never existed; the sky shader is unaffected).
  • Wrap the decorative 3D background in try/catch so a background failure can never again block the form/auth handlers.
  • Add for attributes to every label — resolves the "No label associated with the form field" accessibility error noted in the report.

2. Email/password logins were redirected to login when opening the dashboard

Email login stores a tinytorch_token but, when the login response contains no refresh_token, never calls supabase.auth.setSession(...) — so no Supabase client session is created. guard.js gated access on supabase.auth.getSession(), which is empty in that case, and bounced logged-in users to login. Meanwhile the rest of the app (dashboard's fetchUserProgress, profile.js, auth.js) authenticates via tinytorch_token, so the nav showed the user as logged in. Verified: { token: true, refresh: false, sbKeys: [] }.

Fix

  • guard.js: authenticate via tinytorch_token + the get-profile-details Edge Function (with one refresh retry), consistent with the rest of the app. Fail open on network/timeout; clear session + send to login only when the token is truly dead or the account is gone (404).
  • ui.js: clear the sidebar Dashboard lock icon/tooltip once logged in (updateNavState previously only toggled the top-right icon).

Follow-up (out of scope, backend)

The root reason for refresh: false is that the Netlify /api/auth/login endpoint did not return a refresh_token, so no refreshable session is stored. This PR makes the dashboard work while the access token is valid; once it expires with no refresh token the guard correctly sends the user back to login. Returning a refresh_token from the login endpoint lives in the tinytorch.netlify.app backend (separate repo).

Testing

  • Reproduced the original terrain-vs TypeError on the live site and confirmed it's gone after the change.
  • Verified locally (served at http://localhost:8000/community/): submitting the setup form now persists and advances; logging in with email/password and clicking Dashboard now loads instead of redirecting to login; the sidebar lock clears when logged in.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/harvard-edge/cs249r_book/pull/1887 **Author:** [@farhan523](https://github.com/farhan523) **Created:** 6/19/2026 **Status:** ✅ Merged **Merged:** 6/21/2026 **Merged by:** [@profvjreddi](https://github.com/profvjreddi) **Base:** `dev` ← **Head:** `fix/community-profile-setup-and-dashboard-access` --- ### 📝 Commits (2) - [`0177c06`](https://github.com/harvard-edge/cs249r_book/commit/0177c064448fd027f0265ec9f2252c399f3473be) fix(community): repair profile setup form submission - [`d70272e`](https://github.com/harvard-edge/cs249r_book/commit/d70272e14903bbf57e8a266b5a11cd6ba8c04920) fix(community): let email-login users reach the dashboard ### 📊 Changes **3 files changed** (+110 additions, -97 deletions) <details> <summary>View changed files</summary> 📝 `tinytorch/quarto/community/modules/guard.js` (+90 -48) 📝 `tinytorch/quarto/community/modules/ui.js` (+8 -2) 📝 `tinytorch/quarto/community/profile_setup.html` (+12 -47) </details> ### 📄 Description Fixes the profile-setup bug reported in discussion #1745 and issue #1813, plus a related dashboard-access bug surfaced while testing. ## 1. Profile setup form did nothing on submit `profile_setup.html` referenced THREE.js shader `<script>` elements `terrain-vs` / `terrain-fs` that **are not defined anywhere in the page** (only `sky-vs` / `sky-fs` exist). At module load: ```js vertexShader: document.getElementById('terrain-vs').textContent, // null.textContent → TypeError ``` This threw `Uncaught TypeError: Cannot read properties of null (reading 'textContent')` **before** the form's `submit` handler was attached further down the same module. With no handler, clicking **Complete Setup** triggered a native form submission → the page reloaded with empty fields and nothing was ever saved. Confirmed live on `mlsysbook.ai` (`profile_setup.html:386`). **Fix** - Remove the dead terrain mesh/material code (the referenced shaders never existed; the sky shader is unaffected). - Wrap the decorative 3D background in `try/catch` so a background failure can never again block the form/auth handlers. - Add `for` attributes to every label — resolves the *"No label associated with the form field"* accessibility error noted in the report. ## 2. Email/password logins were redirected to login when opening the dashboard Email login stores a `tinytorch_token` but, when the login response contains no `refresh_token`, never calls `supabase.auth.setSession(...)` — so no Supabase client session is created. `guard.js` gated access on `supabase.auth.getSession()`, which is empty in that case, and bounced logged-in users to login. Meanwhile the rest of the app (dashboard's `fetchUserProgress`, `profile.js`, `auth.js`) authenticates via `tinytorch_token`, so the nav showed the user as logged in. Verified: `{ token: true, refresh: false, sbKeys: [] }`. **Fix** - `guard.js`: authenticate via `tinytorch_token` + the `get-profile-details` Edge Function (with one refresh retry), consistent with the rest of the app. Fail open on network/timeout; clear session + send to login only when the token is truly dead or the account is gone (404). - `ui.js`: clear the sidebar Dashboard lock icon/tooltip once logged in (`updateNavState` previously only toggled the top-right icon). ## Follow-up (out of scope, backend) The root reason for `refresh: false` is that the Netlify `/api/auth/login` endpoint did not return a `refresh_token`, so no refreshable session is stored. This PR makes the dashboard work while the access token is valid; once it expires with no refresh token the guard correctly sends the user back to login. Returning a `refresh_token` from the login endpoint lives in the `tinytorch.netlify.app` backend (separate repo). ## Testing - Reproduced the original `terrain-vs` TypeError on the live site and confirmed it's gone after the change. - Verified locally (served at `http://localhost:8000/community/`): submitting the setup form now persists and advances; logging in with email/password and clicking **Dashboard** now loads instead of redirecting to login; the sidebar lock clears when logged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-07-16 00:24:08 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/cs249r_book#36506