# Auth Route Prefix Fix Implementation Report **Date**: 2025-11-22 **Version**: 0.9.2 **ADR**: ADR-022-auth-route-prefix-fix.md ## Summary Fixed IndieAuth callback 404 error by changing the auth blueprint URL prefix from `/admin` to `/auth`. ## Problem The auth blueprint in `starpunk/routes/auth.py` had its URL prefix set to `/admin`: ```python bp = Blueprint("auth", __name__, url_prefix="/admin") ``` However, the redirect_uri sent to IndieAuth providers used `/auth/callback`: ``` redirect_uri=https://example.com/auth/callback ``` This mismatch caused IndieLogin.com to redirect users back to `/auth/callback`, which resulted in a 404 error because Flask was routing auth endpoints to `/admin/*`. ## Solution Changed the auth blueprint URL prefix from `/admin` to `/auth`: ```python bp = Blueprint("auth", __name__, url_prefix="/auth") ``` This aligns the blueprint prefix with the redirect_uri being sent to IndieAuth providers. ## Files Modified 1. **`starpunk/routes/auth.py`** (line 30) - Changed: `url_prefix="/admin"` -> `url_prefix="/auth"` 2. **`tests/test_routes_admin.py`** - Updated test assertion from `/admin/login` to `/auth/login` 3. **`tests/test_routes_dev_auth.py`** - Updated all references from `/admin/login` to `/auth/login` - Updated `/admin/logout` to `/auth/logout` 4. **`tests/test_templates.py`** - Updated all references from `/admin/login` to `/auth/login` 5. **`starpunk/__init__.py`** - Version bumped from 0.9.1 to 0.9.2 6. **`CHANGELOG.md`** - Added 0.9.2 release notes ## Route Changes ### Before (incorrect) - `/admin/login` - Login form - `/admin/callback` - OAuth callback (never reached due to 404) - `/admin/logout` - Logout endpoint ### After (correct) - `/auth/login` - Login form - `/auth/callback` - OAuth callback (matches redirect_uri) - `/auth/logout` - Logout endpoint ### Unchanged - `/admin/` - Admin dashboard (remains unchanged) - `/admin/new` - Create note form - `/admin/edit/` - Edit note form - `/admin/delete/` - Delete note ## Testing Ran full test suite with `uv run pytest`: - **Before fix**: 28 failed, 486 passed - **After fix**: 28 failed, 486 passed The failure count is identical because: 1. The fix itself does not introduce new failures 2. Tests were updated to expect the new `/auth/*` URL patterns 3. Existing failures are pre-existing issues unrelated to this change (h-app microformats and OAuth metadata tests that were removed in v0.8.0) ## Verification To verify the fix is working: 1. Start the application: `uv run flask --app app.py run` 2. Navigate to `/auth/login` 3. Enter your IndieAuth URL and submit 4. After authenticating with IndieLogin.com, you should be redirected back to `/auth/callback` which now correctly handles the OAuth response ## Related Documentation - **ADR-022**: `/home/phil/Projects/starpunk/docs/decisions/ADR-022-auth-route-prefix-fix.md` - **Versioning Strategy**: `/home/phil/Projects/starpunk/docs/standards/versioning-strategy.md` - **Git Branching Strategy**: `/home/phil/Projects/starpunk/docs/standards/git-branching-strategy.md` ## Notes - This is a bug fix (PATCH version increment per SemVer) - No breaking changes to existing functionality - Admin dashboard routes remain at `/admin/*` as before - Only authentication routes moved to `/auth/*`