fix(gatekeeper): trim auth inputs and prioritize access code to prevent autofill traps

2026-02-11 22:32:17 +01:00
parent b96d44bf6d
commit 47c70a16f1
1 changed files with 10 additions and 10 deletions
--- a/packages/gatekeeper/src/app/login/page.tsx
+++ b/packages/gatekeeper/src/app/login/page.tsx
@@ -17,8 +17,8 @@ export default async function LoginPage({ searchParams }: LoginPageProps) {
  async function login(formData: FormData) {
    "use server";

-    const email = formData.get("email") as string;
-    const password = formData.get("password") as string;
+    const email = (formData.get("email") as string || "").trim();
+    const password = (formData.get("password") as string || "").trim();

    const expectedCode = process.env.GATEKEEPER_PASSWORD || "mintel";
    const adminEmail = process.env.DIRECTUS_ADMIN_EMAIL;
@@ -31,19 +31,19 @@ export default async function LoginPage({ searchParams }: LoginPageProps) {
    let userIdentity = "";
    let userCompany: any = null;

-    // 1. Check Global Admin (from ENV)
-    if (
+    // 1. Check Generic Code (Guest) - High Priority to prevent autofill traps
+    if (password === expectedCode) {
+      userIdentity = "Guest";
+    }
+    // 2. Check Global Admin (from ENV)
+    else if (
      adminEmail &&
      adminPassword &&
-      email === adminEmail &&
-      password === adminPassword
+      email === adminEmail.trim() &&
+      password === adminPassword.trim()
    ) {
      userIdentity = "Admin";
    }
-    // 2. Check Generic Code (Guest)
-    else if (!email && password === expectedCode) {
-      userIdentity = "Guest";
-    }
    // 3. Check Lightweight Client Users (dedicated collection)
    if (email && password && process.env.INFRA_DIRECTUS_URL) {
      try {