import 'dart:async'; import 'dart:convert'; import 'package:flutter/material.dart'; import 'package:flutter_riverpod/flutter_riverpod.dart'; import 'package:go_router/go_router.dart'; import 'package:qr_flutter/qr_flutter.dart'; import 'package:userfront/i18n.dart'; import '../../../core/widgets/language_selector.dart'; import '../../../core/services/web_auth_integration.dart'; import '../../../core/services/auth_proxy_service.dart'; import '../../../core/services/auth_token_store.dart'; import '../../../core/services/oidc_redirect_guard.dart'; import '../../../core/notifiers/auth_notifier.dart'; import '../domain/login_challenge_resolver.dart'; import '../../profile/domain/notifiers/profile_notifier.dart'; import '../../../core/services/web_window.dart'; class LoginScreen extends ConsumerStatefulWidget { final String? verificationToken; final String? loginChallenge; final String? redirectUrl; const LoginScreen({ super.key, this.verificationToken, this.loginChallenge, this.redirectUrl, }); @override ConsumerState createState() => _LoginScreenState(); } class _LoginScreenState extends ConsumerState with SingleTickerProviderStateMixin { late TabController _tabController; final TextEditingController _linkIdController = TextEditingController(); final TextEditingController _passwordLoginIdController = TextEditingController(); final TextEditingController _passwordController = TextEditingController(); String? _redirectUrl; String? _loginChallenge; // QR Login Variables String? _qrImageBase64; String? _qrPendingRef; bool _isQrLoading = false; bool _qrExpired = false; Timer? _qrPollingTimer; int _qrRemainingSeconds = 0; Timer? _qrCountdownTimer; int _qrPollIntervalMs = 2000; final TextEditingController _shortCodePrefixController = TextEditingController(); final TextEditingController _shortCodeDigitsController = TextEditingController(); String? _linkPendingRef; String? _lastLinkLoginId; bool _lastLinkIsEmail = true; int _linkResendSeconds = 0; Timer? _linkResendTimer; int _linkExpireSeconds = 0; Timer? _linkExpireTimer; bool _linkExpired = false; bool _verificationOnly = false; bool _verificationApproved = false; bool _dismissedOverlays = false; String _verificationMessage = ''; String _verificationTitle = tr('ui.userfront.login.verification.title'); String _verificationPageTitle = tr( 'ui.userfront.login.verification.page_title', ); String _verificationActionLabel = tr( 'ui.userfront.login.verification.action_label', ); Timer? _verificationRedirectTimer; bool _noticeHandled = false; bool _drySendEnabled = false; bool _oidcAutoAcceptTried = false; @override void initState() { super.initState(); _tabController = TabController(length: 3, vsync: this, initialIndex: 1); _tabController.addListener(_handleTabSelection); _drySendEnabled = _parseBoolParam(Uri.base.queryParameters['drySend']) && !AuthProxyService.isProdEnv; _redirectUrl = widget.redirectUrl; WidgetsBinding.instance.addPostFrameCallback((_) async { final uri = Uri.base; if (_redirectUrl == null) { if (uri.queryParameters.containsKey('redirect_url')) { _redirectUrl = uri.queryParameters['redirect_url']; } else if (uri.queryParameters.containsKey('redirect_uri')) { _redirectUrl = uri.queryParameters['redirect_uri']; } } final challengeResolution = _resolveLoginChallenge(uri); _loginChallenge = challengeResolution.value; _logLoginChallengeDiagnostics( phase: 'init', resolution: challengeResolution, ); final loginIdParam = uri.queryParameters['loginId']; final codeParam = uri.queryParameters['code']; final pendingRefParam = uri.queryParameters['pendingRef']; final hasShortCodePath = uri.pathSegments.length >= 2 && uri.pathSegments.first == 'l'; final hasTokenParam = uri.queryParameters.containsKey('t'); final hasVerificationToken = widget.verificationToken != null || hasTokenParam; final hasLoginCode = loginIdParam != null && codeParam != null; _verificationOnly = hasVerificationToken || hasLoginCode || hasShortCodePath; final notice = uri.queryParameters['notice']; if (hasShortCodePath) { final shortCode = uri.pathSegments[1]; _verifyShortCode(shortCode); } if (hasLoginCode) { _verifyLoginCode(loginIdParam, codeParam, pendingRef: pendingRefParam); } else if (hasVerificationToken) { _verifyToken(widget.verificationToken ?? uri.queryParameters['t']!); } if (!_noticeHandled && notice == 'qr_login_required') { _noticeHandled = true; _showInfo(tr('msg.userfront.login.qr_login_required')); } if (!_verificationOnly) { await _attemptOidcAutoAccept(); if (!mounted) return; await _tryCookieSession(); } }); } Future _tryCookieSession({bool silent = true}) async { if (AuthTokenStore.getToken() != null && (_loginChallenge == null || _loginChallenge!.isEmpty)) { return; } final pendingProvider = AuthTokenStore.getPendingProvider(); final provider = pendingProvider ?? AuthTokenStore.getProvider() ?? 'ory'; try { await AuthProxyService.checkCookieSession(); AuthTokenStore.setCookieMode(provider: provider); AuthTokenStore.clearPendingProvider(); if (mounted) { await ref.read(profileProvider.notifier).loadProfile(); await _onCookieLoginSuccess(provider); } } catch (e) { if (!silent) { _showError( tr( 'msg.userfront.login.cookie_check_failed', params: {'error': e.toString().replaceFirst('Exception: ', '')}, ), ); } } } Future _onCookieLoginSuccess(String provider) async { debugPrint("[Auth] Cookie-based login success. Provider: $provider"); AuthNotifier.instance.notify(); if (_hasLoginChallenge) { final accepted = await _acceptOidcLoginAndRedirect(); if (accepted) { return; } if (mounted) { _showError(tr('msg.userfront.login.oidc_failed')); } return; } final token = AuthTokenStore.getToken(); if (token != null && token.isNotEmpty) { if (WebAuthIntegration.isPopup() || (_redirectUrl != null && _redirectUrl!.isNotEmpty)) { debugPrint( "[Auth] Cookie session with external integration. Notifying...", ); WebAuthIntegration.sendLoginSuccess(token); return; } } if (mounted) { context.go('/'); } } Future _attemptOidcAutoAccept() async { if (_oidcAutoAcceptTried) return; _oidcAutoAcceptTried = true; if (_loginChallenge == null || _loginChallenge!.isEmpty) { return; } final token = AuthTokenStore.getToken(); if (token != null && token.isNotEmpty) { final accepted = await _acceptOidcLoginAndRedirect(token: token); if (accepted) { return; } } try { await AuthProxyService.checkCookieSession(); AuthTokenStore.setCookieMode( provider: AuthTokenStore.getProvider() ?? 'ory', ); await _acceptOidcLoginAndRedirect(); } catch (e) { debugPrint("[Auth] OIDC auto-accept cookie check failed: $e"); } } Future _acceptOidcLoginAndRedirect({String? token}) async { if (_loginChallenge == null || _loginChallenge!.isEmpty) { return false; } try { final res = await AuthProxyService.acceptOidcLogin( _loginChallenge!, token: token, ); final redirectTo = res['redirectTo'] as String?; if (redirectTo != null && redirectTo.isNotEmpty) { return _redirectToOidcTarget(redirectTo, source: 'accept_oidc_login'); } } catch (e) { debugPrint("[Auth] OIDC login auto-accept failed: $e"); } return false; } bool _redirectToOidcTarget(String redirectTo, {required String source}) { final checked = validateOidcRedirectTarget(redirectTo); _logOidcRedirectDiagnostics(source: source, checked: checked); debugPrint( "[Auth] OIDC redirect check ($source): valid=${checked.isValid}, reason=${checked.reason}, len=${checked.length}, host=${checked.host}, path=${checked.path}, has_login_verifier=${checked.hasLoginVerifier}", ); if (!checked.isValid || checked.uri == null) { if (mounted) { _showError(tr('msg.userfront.login.oidc_failed')); } return false; } try { debugPrint( "[Auth] OIDC redirect execute ($source): host=${checked.host}, path=${checked.path}, redirect_uri_host=${checked.redirectUriHost}, redirect_uri_port=${checked.redirectUriPort}, state_len=${checked.stateLength}, login_verifier_len=${checked.loginVerifierLength}", ); webWindow.redirectTo(checked.uri.toString()); return true; } catch (e) { debugPrint("[Auth] OIDC redirect failed ($source): $e"); if (mounted) { _showError(tr('msg.userfront.login.oidc_failed')); } return false; } } bool get _hasLoginChallenge => _loginChallenge != null && _loginChallenge!.isNotEmpty; LoginChallengeResolution _resolveLoginChallenge(Uri uri) { return resolveLoginChallenge( widgetLoginChallenge: widget.loginChallenge, uri: uri, rawSearch: webWindow.currentSearch(), rawHref: webWindow.currentHref(), ); } void _logLoginChallengeDiagnostics({ required String phase, required LoginChallengeResolution resolution, }) { final current = Uri.base; final currentQueryKeys = current.queryParameters.keys.toList()..sort(); final payload = { 'phase': phase, 'current_path': current.path, 'current_query_keys': currentQueryKeys, 'stored_has_login_challenge': _hasLoginChallenge, 'stored_login_challenge_len': _loginChallenge?.length ?? 0, ...resolution.toDiagnostics(), }; debugPrint("[Auth] login_challenge diagnostics: ${jsonEncode(payload)}"); } void _logOidcRedirectDiagnostics({ required String source, required OidcRedirectCheckResult checked, }) { final current = Uri.base; final currentQueryKeys = current.queryParameters.keys.toList()..sort(); final payload = { 'source': source, 'current_path': current.path, 'current_query_param_count': current.queryParameters.length, 'current_query_keys': currentQueryKeys, 'has_login_challenge': _hasLoginChallenge, 'login_challenge_len': _loginChallenge?.length ?? 0, ...checked.toDiagnostics(), }; debugPrint("[Auth] OIDC redirect diagnostics: ${jsonEncode(payload)}"); } void _resetLinkLoginState() { _linkPendingRef = null; _lastLinkLoginId = null; _lastLinkIsEmail = true; _linkResendTimer?.cancel(); _linkResendTimer = null; _linkResendSeconds = 0; _linkExpireTimer?.cancel(); _linkExpireTimer = null; _linkExpireSeconds = 0; _linkExpired = false; _shortCodePrefixController.clear(); _shortCodeDigitsController.clear(); } void _dismissOverlays() { if (!mounted || _dismissedOverlays) { return; } _dismissedOverlays = true; final navigator = Navigator.of(context, rootNavigator: true); navigator.popUntil((route) => route is! PopupRoute); } bool _parseBoolParam(String? value) { if (value == null) { return false; } final normalized = value.toLowerCase(); return normalized == 'true' || normalized == '1' || normalized == 'yes'; } void _startLinkResendTimer(int seconds) { _linkResendSeconds = seconds; _linkResendTimer?.cancel(); _linkResendTimer = Timer.periodic(const Duration(seconds: 1), (timer) { if (!mounted) return; setState(() { if (_linkResendSeconds > 0) { _linkResendSeconds--; } else { timer.cancel(); } }); }); } void _startLinkExpireTimer(int seconds) { _linkExpireSeconds = seconds; _linkExpireTimer?.cancel(); _linkExpireTimer = Timer.periodic(const Duration(seconds: 1), (timer) { if (!mounted) return; if (_linkExpireSeconds > 0) { setState(() { _linkExpireSeconds--; }); return; } timer.cancel(); if (mounted) { setState(() { _linkExpired = true; }); _showInfo(tr('msg.userfront.login.link_timeout')); } }); } String _getLoginIdFromJwt(String jwt) { try { final parts = jwt.split('.'); if (parts.length != 3) return 'User'; final payload = utf8.decode( base64Url.decode(base64Url.normalize(parts[1])), ); final data = json.decode(payload); return data['name'] ?? data['email'] ?? data['sub'] ?? 'User'; } catch (e) { debugPrint("[JWT] Decode error: $e"); return 'User'; } } void _handleTabSelection() { if (_tabController.index == 2 && _qrPendingRef == null) { _startQrFlow(); } else if (_tabController.index != 2) { _stopQrPolling(); } } Future _startQrFlow() async { if (_isQrLoading) return; setState(() { _isQrLoading = true; _qrImageBase64 = null; _qrRemainingSeconds = 0; _qrExpired = false; }); try { final res = await AuthProxyService.initQrLogin(); if (mounted) { setState(() { _qrImageBase64 = res['qrCode']; _qrPendingRef = res['pendingRef']; _qrRemainingSeconds = res['expiresIn'] ?? 300; final interval = res['interval']; if (interval is int && interval > 0) { _qrPollIntervalMs = interval * 1000; } else { _qrPollIntervalMs = 2000; } _isQrLoading = false; }); _startQrPolling(); _startCountdown(); } } catch (e) { _showError( tr( 'msg.userfront.login.qr_init_failed', params: {'error': e.toString()}, ), ); if (mounted) setState(() => _isQrLoading = false); } } void _startCountdown() { _qrCountdownTimer?.cancel(); _qrCountdownTimer = Timer.periodic(const Duration(seconds: 1), (timer) { if (!mounted || _qrRemainingSeconds <= 0) { timer.cancel(); if (_qrRemainingSeconds <= 0) { _stopQrPolling(); if (mounted) { setState(() { _qrExpired = true; }); _showInfo(tr('msg.userfront.login.qr_expired')); } } return; } setState(() { _qrRemainingSeconds--; }); }); } void _startQrPolling() { _qrPollingTimer?.cancel(); _qrPollingTimer = Timer.periodic( Duration(milliseconds: _qrPollIntervalMs), (timer) async { if (_qrPendingRef == null || !mounted || _qrRemainingSeconds <= 0) { timer.cancel(); return; } try { final res = await AuthProxyService.pollQrStatus(_qrPendingRef!); if (res['error'] == 'slow_down') { final interval = res['interval']; if (interval is int && interval > 0) { final nextIntervalMs = interval * 1000; if (nextIntervalMs != _qrPollIntervalMs) { _qrPollIntervalMs = nextIntervalMs; timer.cancel(); _startQrPolling(); return; } } else { _qrPollIntervalMs += 500; timer.cancel(); _startQrPolling(); return; } } if (res['error'] == 'authorization_pending') { return; } if (res['error'] == 'expired_token') { timer.cancel(); _qrCountdownTimer?.cancel(); if (mounted) { setState(() { _qrExpired = true; }); } _showError(tr('msg.userfront.login.qr_expired')); return; } if (res['status'] == 'ok') { timer.cancel(); _qrCountdownTimer?.cancel(); final token = res['sessionJwt'] ?? res['sessionToken'] ?? res['token']; if (token is String && token.isNotEmpty) { _completeLoginFromToken(token); } else { _showError(tr('msg.userfront.login.token_missing')); } } } catch (e) { debugPrint("[QR] Polling error: $e"); } }, ); } void _stopQrPolling() { _qrPollingTimer?.cancel(); _qrPollingTimer = null; _qrCountdownTimer?.cancel(); _qrCountdownTimer = null; _qrPendingRef = null; } String _formatTime(int seconds) { final m = seconds ~/ 60; final s = seconds % 60; return "${m.toString().padLeft(2, '0')}:${s.toString().padLeft(2, '0')}"; } void _completeLoginFromToken( String token, { String? provider, bool closeDialog = false, }) { final isJwt = token.split('.').length == 3; if (isJwt) { _getLoginIdFromJwt(token); } if (!mounted) return; if (closeDialog && Navigator.canPop(context)) { Navigator.of(context).pop(); } _onLoginSuccess(token, provider: provider); } Future _hasValidLocalSession() async { final token = AuthTokenStore.getToken(); final usesCookie = AuthTokenStore.usesCookie(); if (token == null && !usesCookie) { return false; } try { final status = await AuthProxyService.getSessionStatus( token: token, useCookie: usesCookie, ); if (status == 200) { return true; } if (status == 401 || status == 403) { AuthTokenStore.clear(); } } catch (e) { debugPrint("[Auth] 세션 확인 실패: $e"); } return false; } void _markVerificationApproved( String message, { String? title, String? pageTitle, String? actionLabel, String actionPath = '/', bool autoRedirect = false, Duration redirectDelay = const Duration(seconds: 2), }) { if (!mounted) return; final resolvedTitle = title ?? tr('ui.userfront.login.verification.title'); final resolvedPageTitle = pageTitle ?? tr('ui.userfront.login.verification.page_title'); final resolvedActionLabel = actionLabel ?? tr('ui.userfront.login.verification.action_label'); setState(() { _verificationApproved = true; _verificationMessage = message; _verificationTitle = resolvedTitle; _verificationPageTitle = resolvedPageTitle; _verificationActionLabel = resolvedActionLabel; }); _verificationRedirectTimer?.cancel(); if (autoRedirect) { _verificationRedirectTimer = Timer(redirectDelay, () { if (!mounted) return; context.go(actionPath); }); } } Widget _buildVerificationResultView() { return Center( child: Padding( padding: const EdgeInsets.all(24.0), child: Column( mainAxisAlignment: MainAxisAlignment.center, children: [ const Icon( Icons.check_circle_outline, color: Colors.green, size: 72, ), const SizedBox(height: 16), Text( _verificationTitle, style: const TextStyle( fontSize: 22, fontWeight: FontWeight.bold, color: Colors.green, ), ), const SizedBox(height: 12), Text( _verificationMessage.isEmpty ? tr('msg.userfront.login.verification.success') : _verificationMessage, textAlign: TextAlign.center, style: const TextStyle(color: Colors.black54), ), const SizedBox(height: 24), FilledButton( onPressed: () { final hasLocalSession = AuthTokenStore.getToken() != null || AuthTokenStore.usesCookie(); final target = hasLocalSession ? '/' : '/signin'; if (mounted) { setState(() { _verificationOnly = false; _verificationApproved = false; }); } context.go(target); }, child: Text(_verificationActionLabel), ), ], ), ), ); } Future _verifyToken(String token) async { debugPrint("[Auth] Starting verification for token: $token"); final approvedMessage = tr('msg.userfront.login.verification.approved'); final localSessionMessage = tr( 'msg.userfront.login.verification.approved_local', ); try { // Use Backend to verify the token (Backend-Driven Flow) final res = await AuthProxyService.verifyMagicLink( token, verifyOnly: _verificationOnly, ); debugPrint("[Auth] Verification successful for token: $token"); final jwt = res['token'] ?? res['sessionJwt'] ?? res['sessionToken']; final status = res['status']?.toString(); final hasLocalSession = await _hasValidLocalSession(); final actionPath = hasLocalSession ? '/' : '/signin'; if (status == 'approved' || (jwt == null && _verificationOnly)) { if (mounted) { _markVerificationApproved(approvedMessage, actionPath: actionPath); } return; } if (jwt is String && jwt.isNotEmpty) { if (hasLocalSession) { _markVerificationApproved( localSessionMessage, actionPath: actionPath, ); return; } _onLoginSuccess(jwt, provider: res['provider'] as String?); return; } if (mounted) { _markVerificationApproved(approvedMessage, actionPath: actionPath); } } catch (e) { debugPrint("[Auth] Verification FAILED for token: $token. Error: $e"); if (mounted) { _showError( tr( 'msg.userfront.login.verification_failed', params: {'error': e.toString()}, ), ); } } } Future _verifyLoginCode( String loginId, String code, { String? pendingRef, }) async { final sanitizedLoginId = loginId.replaceAll(' ', '+'); debugPrint( "[Auth] Starting code verification for loginId: $sanitizedLoginId", ); final approvedMessage = tr('msg.userfront.login.verification.approved'); final localSessionMessage = tr( 'msg.userfront.login.verification.approved_local', ); try { final res = await AuthProxyService.verifyLoginCode( sanitizedLoginId, code, pendingRef: pendingRef, verifyOnly: _verificationOnly, ); final jwt = res['sessionJwt'] ?? res['sessionToken'] ?? res['token']; final status = res['status']?.toString(); debugPrint( "[Auth] Code verification successful for loginId: $sanitizedLoginId", ); final hasLocalSession = await _hasValidLocalSession(); final actionPath = hasLocalSession ? '/' : '/signin'; if (jwt == null && status == 'approved') { if (mounted) { _markVerificationApproved(approvedMessage, actionPath: actionPath); } return; } if (jwt is String && jwt.isNotEmpty) { if (hasLocalSession) { _markVerificationApproved( localSessionMessage, actionPath: actionPath, ); return; } if (_verificationOnly) { _markVerificationApproved(approvedMessage, actionPath: actionPath); return; } _onLoginSuccess(jwt, provider: res['provider'] as String?); return; } if (_verificationOnly && mounted) { _markVerificationApproved(approvedMessage, actionPath: actionPath); } } catch (e) { debugPrint( "[Auth] Code verification FAILED for loginId: $sanitizedLoginId. Error: $e", ); if (mounted) { _showError( tr( 'msg.userfront.login.verification_failed', params: {'error': e.toString()}, ), ); } } } Future _verifyShortCode(String shortCode) async { final sanitized = shortCode.trim().toUpperCase(); if (sanitized.isEmpty) return; debugPrint("[Auth] Starting short code verification for code: $sanitized"); final approvedMessage = tr('msg.userfront.login.verification.approved'); final localSessionMessage = tr( 'msg.userfront.login.verification.approved_local', ); try { final res = await AuthProxyService.verifyLoginShortCode( sanitized, verifyOnly: _verificationOnly, ); final jwt = res['sessionJwt'] ?? res['sessionToken'] ?? res['token']; final status = res['status']?.toString(); debugPrint("[Auth] Short code verification successful"); final hasLocalSession = await _hasValidLocalSession(); final actionPath = hasLocalSession ? '/' : '/signin'; if (jwt == null && status == 'approved') { if (mounted) { _markVerificationApproved(approvedMessage, actionPath: actionPath); } return; } if (jwt is String && jwt.isNotEmpty) { if (hasLocalSession) { _markVerificationApproved( localSessionMessage, actionPath: actionPath, ); return; } if (_verificationOnly) { _markVerificationApproved(approvedMessage, actionPath: actionPath); return; } _onLoginSuccess(jwt, provider: res['provider'] as String?); return; } if (_verificationOnly && mounted) { _markVerificationApproved(approvedMessage, actionPath: actionPath); } } catch (e) { debugPrint("[Auth] Short code verification FAILED. Error: $e"); if (mounted) { _showError( tr( 'msg.userfront.login.verification_failed', params: {'error': e.toString()}, ), ); } } } @override void dispose() { _stopQrPolling(); _verificationRedirectTimer?.cancel(); _tabController.dispose(); _linkIdController.dispose(); _passwordLoginIdController.dispose(); _passwordController.dispose(); _shortCodePrefixController.dispose(); _shortCodeDigitsController.dispose(); _linkResendTimer?.cancel(); super.dispose(); } Future _handlePasswordLogin() async { final input = _passwordLoginIdController.text.trim(); final password = _passwordController.text.trim(); if (input.isEmpty || password.isEmpty) { _showError(tr('msg.userfront.login.password.missing_credentials')); return; } String loginId = input; if (!input.contains('@')) { loginId = input.replaceAll(RegExp(r'[-\s]'), ''); if (loginId.startsWith('010')) { loginId = '+82${loginId.substring(1)}'; } } try { final res = await AuthProxyService.loginWithPassword( loginId, password, loginChallenge: _loginChallenge, ); final jwt = res['sessionJwt'] ?? res['sessionToken'] ?? res['token']; final provider = res['provider'] as String?; final redirectTo = res['redirectTo'] as String?; if (jwt != null) { _onLoginSuccess(jwt, provider: provider, redirectTo: redirectTo); } else if (redirectTo != null && redirectTo.isNotEmpty) { webWindow.redirectTo(redirectTo); } else { } } catch (e) { if (e.toString().contains("User not registered")) { _showUnregisteredDialog(); } else { _showError( tr( 'msg.userfront.login.password.failed', params: {'error': e.toString().replaceFirst('Exception: ', '')}, ), ); } } } Future _handleLinkLogin() async { final input = _linkIdController.text.trim(); if (input.isEmpty) return; String loginId = input; if (!input.contains('@')) { loginId = input.replaceAll(RegExp(r'[-\s]'), ''); if (loginId.startsWith('010')) { loginId = '+82${loginId.substring(1)}'; } } debugPrint("[Auth] Initiating Enchanted Link for: $loginId"); try { await _startEnchantedFlow(loginId, isEmail: input.contains('@')); } catch (e) { if (e.toString().contains("User not registered")) { _showUnregisteredDialog(); } else { _showError( tr( 'msg.userfront.login.link_failed', params: {'error': e.toString()}, ), ); } } } Future _startEnchantedFlow( String loginId, { required bool isEmail, bool codeOnly = false, }) async { try { final initResponse = await AuthProxyService.initEnchantedLink( loginId, codeOnly: codeOnly, drySend: _drySendEnabled, ); final pendingRef = initResponse['pendingRef']; final mode = (initResponse['mode'] ?? '').toString(); final provider = (initResponse['provider'] ?? '').toString(); final interval = initResponse['interval']; final resendAfter = initResponse['resendAfter']; final expiresIn = initResponse['expiresIn']; debugPrint( "[Auth] Link Sent. PendingRef: $pendingRef, Mode: $mode, Provider: $provider", ); if (mounted) { setState(() { _linkPendingRef = pendingRef?.toString(); _lastLinkLoginId = loginId; _lastLinkIsEmail = isEmail; _linkExpired = false; }); _dismissOverlays(); _showInfo( isEmail ? tr('msg.userfront.login.link_sent_email') : tr('msg.userfront.login.link_sent_phone'), ); final initialInterval = (interval is int && interval > 0) ? Duration(seconds: interval) : const Duration(seconds: 2); if (resendAfter is int && resendAfter > 0) { _startLinkResendTimer(resendAfter); } if (expiresIn is int && expiresIn > 0) { _startLinkExpireTimer(expiresIn); } _pollForSession(pendingRef, initialInterval: initialInterval); } } catch (e) { debugPrint("[Auth] Initialization failed: $e"); if (mounted) { setState(_resetLinkLoginState); } if (e.toString().contains("User not registered")) { _showUnregisteredDialog(); } else { _showError( tr( 'msg.userfront.login.link_send_failed', params: {'error': e.toString()}, ), ); } } } Future _pollForSession( String pendingRef, { Duration? initialInterval, }) async { int attempts = 0; const maxAttempts = 60; var pollInterval = initialInterval ?? const Duration(seconds: 2); debugPrint("[Auth] Starting poll for ref: $pendingRef"); while (attempts < maxAttempts && mounted) { if (_linkPendingRef != pendingRef) { return; } await Future.delayed(pollInterval); attempts++; try { final result = await AuthProxyService.pollEnchantedLink(pendingRef); if (result['error'] == 'slow_down') { final interval = result['interval']; if (interval is int && interval > 0) { pollInterval = Duration(seconds: interval); } else { pollInterval += const Duration(seconds: 1); } continue; } if (result['error'] == 'authorization_pending') { continue; } if (result['error'] == 'expired_token') { if (mounted) { Navigator.of(context).pop(); _showError(tr('msg.userfront.login.link_timeout')); } return; } if (result['status'] == 'ok') { final token = result['sessionJwt'] ?? result['sessionToken'] ?? result['token']; if (token is String && token.isNotEmpty) { debugPrint("[Auth] Polling SUCCESS. Token received."); _completeLoginFromToken( token, provider: result['provider'] as String?, closeDialog: true, ); return; } debugPrint("[Auth] Polling SUCCESS but token missing."); if (mounted && Navigator.canPop(context)) { Navigator.of(context).pop(); } _showError(tr('msg.userfront.login.token_missing')); return; } } catch (e) { debugPrint("[Auth] Polling error (attempt $attempts): $e"); } } if (mounted) { debugPrint("[Auth] Polling timed out for ref: $pendingRef"); Navigator.of(context).pop(); _showError(tr('msg.userfront.login.link_timeout')); } } void _showError(String message) { if (!mounted) return; ScaffoldMessenger.of(context).showSnackBar( SnackBar(content: Text(message), backgroundColor: Colors.red), ); try { AuthProxyService.logError(message); } catch (e) { // ignore } } void _showInfo(String message) { if (!mounted) return; ScaffoldMessenger.of(context).showSnackBar( SnackBar(content: Text(message), backgroundColor: Colors.green), ); } void _logTokenDetails(String jwt) { try { final parts = jwt.split('.'); if (parts.length != 3) return; final decodedPayload = base64Url.decode(base64Url.normalize(parts[1])); final payloadJson = utf8.decode(decodedPayload); final data = json.decode(payloadJson) as Map; final accessExpValue = data['exp'] as num?; final accessExp = accessExpValue != null ? DateTime.fromMillisecondsSinceEpoch(accessExpValue.toInt() * 1000) : 'N/A'; final refreshExp = data['rexp'] ?? 'N/A'; debugPrint(""" [Auth] Session Token Details --- - Access Token Expires: $accessExp - Refresh Token Expires: $refreshExp """); } catch (e) { debugPrint("[Auth] Failed to decode or log token details: $e"); } } Future _onLoginSuccess(String token, {String? provider, String? redirectTo}) async { try { if (!mounted) { return; } // [Priority 1] Immediate External Redirection if (redirectTo != null && redirectTo.isNotEmpty) { try { final providerName = provider ?? AuthTokenStore.getProvider(); AuthTokenStore.setToken(token, provider: providerName); } catch (stErr) { // ignore } webWindow.redirectTo(redirectTo); // Removed await as it's void return; } // [Priority 2] OIDC Challenge Handling if (_loginChallenge != null && _loginChallenge!.isNotEmpty) { try { // Save token first, it's needed for acceptance final providerName = provider ?? AuthTokenStore.getProvider(); AuthTokenStore.setToken(token, provider: providerName); final res = await AuthProxyService.acceptOidcLogin( _loginChallenge!, token: token, ); final nextRedirectTo = res['redirectTo'] as String?; if (nextRedirectTo != null && nextRedirectTo.isNotEmpty) { webWindow.redirectTo(nextRedirectTo); // Removed await return; } else { } } catch (e) { _showError( tr( 'msg.userfront.login.oidc_failed', ), ); return; } } _logTokenDetails(token); final providerName = provider ?? AuthTokenStore.getProvider(); AuthTokenStore.setToken(token, provider: providerName); AuthTokenStore.clearPendingProvider(); _dismissOverlays(); try { await ref.read(profileProvider.notifier).loadProfile(); } catch (e) { // ignore } final uri = Uri.base; final redirectParam = uri.queryParameters['redirect_uri'] ?? uri.queryParameters['redirect_url']; final hasRedirectParam = redirectParam != null && redirectParam.isNotEmpty; if (WebAuthIntegration.isPopup() || hasRedirectParam) { WebAuthIntegration.sendLoginSuccess(token); AuthNotifier.instance.notify(); return; } AuthNotifier.instance.notify(); if (mounted) { context.go('/'); } } catch (globalErr) { // ignore } } void _showUnregisteredDialog() { showDialog( context: context, builder: (context) => AlertDialog( title: Text(tr('ui.userfront.login.unregistered.title')), content: Text(tr('msg.userfront.login.unregistered.body')), actions: [ TextButton( onPressed: () => Navigator.pop(context), child: Text(tr('ui.common.cancel')), ), FilledButton( onPressed: () { Navigator.pop(context); _resetLinkLoginState(); context.push('/signup'); }, child: Text(tr('ui.userfront.login.unregistered.action')), ), ], ), ); } @override Widget build(BuildContext context) { if (_verificationOnly && _verificationApproved) { return Scaffold( appBar: AppBar( title: Text(_verificationPageTitle), leading: IconButton( icon: const Icon(Icons.arrow_back), onPressed: () => context.go('/'), ), ), body: _buildVerificationResultView(), ); } return Scaffold( body: LayoutBuilder( builder: (context, constraints) { return SingleChildScrollView( child: ConstrainedBox( constraints: BoxConstraints(minHeight: constraints.maxHeight), child: Center( child: Container( constraints: const BoxConstraints(maxWidth: 400), padding: const EdgeInsets.all(24), child: Column( mainAxisAlignment: MainAxisAlignment.center, crossAxisAlignment: CrossAxisAlignment.stretch, children: [ Text( tr('ui.userfront.app_title'), style: const TextStyle( fontSize: 32, fontWeight: FontWeight.bold, ), textAlign: TextAlign.center, ), if (_drySendEnabled) ...[ const SizedBox(height: 16), Container( padding: const EdgeInsets.symmetric( horizontal: 12, vertical: 10, ), decoration: BoxDecoration( color: const Color(0xFFFFF3CD), borderRadius: BorderRadius.circular(8), border: Border.all(color: const Color(0xFFFFC107)), ), child: Row( children: [ const Icon( Icons.warning_amber_rounded, color: Color(0xFF8A6D3B), ), const SizedBox(width: 8), Expanded( child: Text( tr('msg.userfront.login.dry_send'), style: const TextStyle( color: Color(0xFF8A6D3B), fontSize: 12, ), ), ), ], ), ), ], const SizedBox(height: 40), TabBar( controller: _tabController, tabs: [ Tab(text: tr('ui.userfront.login.tabs.password')), Tab(text: tr('ui.userfront.login.tabs.link')), Tab(text: tr('ui.userfront.login.tabs.qr')), ], ), const SizedBox(height: 24), SizedBox( height: 350, child: TabBarView( controller: _tabController, children: [ Padding( padding: const EdgeInsets.only(top: 16.0), child: Column( children: [ TextField( controller: _passwordLoginIdController, decoration: InputDecoration( labelText: tr( 'ui.userfront.login.field.login_id', ), border: const OutlineInputBorder(), prefixIcon: const Icon( Icons.person_outline, ), ), onSubmitted: (_) => _handlePasswordLogin(), ), const SizedBox(height: 16), TextField( controller: _passwordController, obscureText: true, decoration: InputDecoration( labelText: tr( 'ui.userfront.login.field.password', ), border: const OutlineInputBorder(), prefixIcon: const Icon( Icons.lock_outline, ), ), onSubmitted: (_) => _handlePasswordLogin(), ), const SizedBox(height: 24), FilledButton( onPressed: _handlePasswordLogin, style: FilledButton.styleFrom( minimumSize: const Size.fromHeight(50), ), child: Text( tr('ui.userfront.login.action.submit'), ), ), ], ), ), Padding( padding: const EdgeInsets.only(top: 16.0), child: Column( children: [ if (_linkPendingRef == null) ...[ TextField( controller: _linkIdController, decoration: InputDecoration( labelText: tr( 'ui.userfront.login.field.login_id', ), hintText: '', border: const OutlineInputBorder(), prefixIcon: const Icon( Icons.person_outline, ), ), onSubmitted: (_) => _handleLinkLogin(), ), const SizedBox(height: 24), FilledButton( onPressed: _handleLinkLogin, style: FilledButton.styleFrom( minimumSize: const Size.fromHeight(50), ), child: Text( tr('ui.userfront.login.link.send'), ), ), const SizedBox(height: 24), Text( tr('msg.userfront.login.link.helper'), style: const TextStyle( color: Colors.grey, fontSize: 12, ), textAlign: TextAlign.center, ), ], if (_linkPendingRef != null) ...[ if (_linkExpired) ...[ Text( tr('msg.userfront.login.link_timeout'), textAlign: TextAlign.center, style: const TextStyle( color: Colors.grey, fontSize: 12, ), ), const SizedBox(height: 12), FilledButton( onPressed: () { setState(_resetLinkLoginState); }, style: FilledButton.styleFrom( minimumSize: const Size.fromHeight( 45, ), ), child: Text(tr('ui.common.refresh')), ), ] else ...[ Text( tr( 'msg.userfront.login.link.short_code_help', ), style: const TextStyle( color: Colors.grey, fontSize: 12, ), textAlign: TextAlign.center, ), const SizedBox(height: 12), Row( children: [ Expanded( flex: 2, child: TextField( controller: _shortCodePrefixController, textCapitalization: TextCapitalization.characters, decoration: InputDecoration( labelText: tr( 'ui.userfront.login.short_code.prefix', ), border: const OutlineInputBorder(), hintText: 'AB', hintStyle: const TextStyle( color: Colors.grey, ), ), maxLength: 2, ), ), const SizedBox(width: 8), Expanded( flex: 4, child: TextField( controller: _shortCodeDigitsController, keyboardType: TextInputType.number, decoration: InputDecoration( labelText: tr( 'ui.userfront.login.short_code.digits', ), border: const OutlineInputBorder(), hintText: '345678', hintStyle: const TextStyle( color: Colors.grey, ), suffixText: _linkExpireSeconds > 0 ? tr( 'ui.userfront.login.short_code.expire_time', params: { 'time': _formatTime( _linkExpireSeconds, ), }, ) : null, ), maxLength: 6, ), ), ], ), const SizedBox(height: 12), FilledButton( onPressed: () { final prefix = _shortCodePrefixController.text .trim() .toUpperCase(); final digits = _shortCodeDigitsController.text .trim(); if (prefix.length != 2 || digits.length != 6) { _showError( tr( 'msg.userfront.login.short_code.invalid', ), ); return; } _verifyShortCode(prefix + digits); }, style: FilledButton.styleFrom( minimumSize: const Size.fromHeight( 45, ), ), child: Text( tr( 'ui.userfront.login.short_code.submit', ), ), ), const SizedBox(height: 12), TextButton( onPressed: () { if (_linkResendSeconds > 0) { _showInfo( tr( 'msg.userfront.login.link.resend_wait', params: { 'time': _formatTime( _linkResendSeconds, ), }, ), ); return; } final loginId = _lastLinkLoginId ?? _linkIdController.text.trim(); if (loginId.isEmpty) { _showError( tr( 'msg.userfront.login.link.missing_login_id', ), ); return; } _startEnchantedFlow( loginId, isEmail: _lastLinkIsEmail || loginId.contains('@'), codeOnly: false, ); }, child: Text( _linkResendSeconds > 0 ? tr( 'ui.userfront.login.link.resend_with_time', params: { 'time': _formatTime( _linkResendSeconds, ), }, ) : tr('ui.common.resend'), ), ), if (!_lastLinkIsEmail) ...[ const SizedBox(height: 4), TextButton( onPressed: () { if (_linkResendSeconds > 0) { _showInfo( tr( 'msg.userfront.login.link.resend_wait', params: { 'time': _formatTime( _linkResendSeconds, ), }, ), ); return; } final loginId = _lastLinkLoginId ?? _linkIdController.text.trim(); if (loginId.isEmpty) { _showError( tr( 'msg.userfront.login.link.missing_phone', ), ); return; } _startEnchantedFlow( loginId, isEmail: false, codeOnly: true, ); }, child: Text( tr( 'ui.userfront.login.link.code_only', params: { 'time': _formatTime( _linkResendSeconds, ), }, ), ), ), ], ], ], ], ), ), Column( mainAxisAlignment: MainAxisAlignment.center, crossAxisAlignment: CrossAxisAlignment.center, children: [ if (_isQrLoading) const CircularProgressIndicator() else if (_qrExpired) Column( children: [ Text( tr('msg.userfront.login.qr_expired'), textAlign: TextAlign.center, style: const TextStyle( color: Colors.grey, fontSize: 12, ), ), const SizedBox(height: 12), FilledButton( onPressed: _startQrFlow, style: FilledButton.styleFrom( minimumSize: const Size.fromHeight( 45, ), ), child: Text(tr('ui.common.refresh')), ), ], ) else if (_qrImageBase64 != null) Column( crossAxisAlignment: CrossAxisAlignment.center, children: [ Container( padding: const EdgeInsets.all(16), decoration: BoxDecoration( border: Border.all( color: Colors.grey.shade300, ), borderRadius: BorderRadius.circular( 12, ), ), child: QrImageView( data: _qrImageBase64!, version: QrVersions.auto, size: 200.0, ), ), const SizedBox(height: 12), Text( _qrRemainingSeconds > 0 ? tr( 'ui.userfront.login.qr.remaining', params: { 'time': _formatTime( _qrRemainingSeconds, ), }, ) : tr( 'ui.userfront.login.qr.expired', ), textAlign: TextAlign.center, style: TextStyle( color: _qrRemainingSeconds > 30 ? Colors.blue : Colors.red, fontWeight: FontWeight.bold, ), ), const SizedBox(height: 8), Text( tr('msg.userfront.login.qr.scan_hint'), textAlign: TextAlign.center, style: const TextStyle( color: Colors.grey, fontSize: 12, ), ), TextButton( onPressed: _startQrFlow, child: Text( tr('ui.userfront.login.qr.refresh'), ), ), ], ) else Text( tr('msg.userfront.login.qr.load_failed'), textAlign: TextAlign.center, ), ], ), ], ), ), const SizedBox(height: 16), Column( children: [ TextButton( onPressed: () => context.push('/forgot-password'), child: Text( tr('ui.userfront.login.forgot_password'), ), ), Row( mainAxisAlignment: MainAxisAlignment.center, children: [ Text( tr('msg.userfront.login.no_account'), style: const TextStyle( color: Colors.grey, fontSize: 14, ), ), TextButton( onPressed: () => context.push('/signup'), child: Text(tr('ui.userfront.login.signup')), ), ], ), ], ), const SizedBox(height: 6), const Align( alignment: Alignment.center, child: LanguageSelector(), ), ], ), ), ), ), ); }, ), ); } }