phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
StarPunk/docs/reports/2025-11-22-auth-route-prefix-fix.md
Phil Skentelbery 44a97e4ffa fix: Change auth blueprint prefix from /admin to /auth (v0.9.2) 
The auth routes were registered under /admin/* but the IndieAuth
redirect_uri was configured as /auth/callback, causing 404 errors
when providers redirected back after authentication.

- Change auth blueprint url_prefix from "/admin" to "/auth"
- Update test expectations for new auth route paths
- Add ADR-022 documenting the architectural decision

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-22 18:22:08 -07:00

3.3 KiB
Raw Permalink Blame History

Auth Route Prefix Fix Implementation Report

Date: 2025-11-22 Version: 0.9.2 ADR: ADR-022-auth-route-prefix-fix.md

Summary

Fixed IndieAuth callback 404 error by changing the auth blueprint URL prefix from /admin to /auth.

Problem

The auth blueprint in starpunk/routes/auth.py had its URL prefix set to /admin:

bp = Blueprint("auth", __name__, url_prefix="/admin")

However, the redirect_uri sent to IndieAuth providers used /auth/callback:

redirect_uri=https://example.com/auth/callback

This mismatch caused IndieLogin.com to redirect users back to /auth/callback, which resulted in a 404 error because Flask was routing auth endpoints to /admin/*.

Solution

Changed the auth blueprint URL prefix from /admin to /auth:

bp = Blueprint("auth", __name__, url_prefix="/auth")

This aligns the blueprint prefix with the redirect_uri being sent to IndieAuth providers.

Files Modified

  1. starpunk/routes/auth.py (line 30)

    • Changed: url_prefix="/admin" -> url_prefix="/auth"

  2. tests/test_routes_admin.py

    • Updated test assertion from /admin/login to /auth/login

  3. tests/test_routes_dev_auth.py

    • Updated all references from /admin/login to /auth/login
    • Updated /admin/logout to /auth/logout

  4. tests/test_templates.py

    • Updated all references from /admin/login to /auth/login

  5. starpunk/__init__.py

    • Version bumped from 0.9.1 to 0.9.2

  6. CHANGELOG.md

    • Added 0.9.2 release notes

Route Changes

Before (incorrect)

  • /admin/login - Login form
  • /admin/callback - OAuth callback (never reached due to 404)
  • /admin/logout - Logout endpoint

After (correct)

  • /auth/login - Login form
  • /auth/callback - OAuth callback (matches redirect_uri)
  • /auth/logout - Logout endpoint

Unchanged

  • /admin/ - Admin dashboard (remains unchanged)
  • /admin/new - Create note form
  • /admin/edit/<id> - Edit note form
  • /admin/delete/<id> - Delete note

Testing

Ran full test suite with uv run pytest:

  • Before fix: 28 failed, 486 passed
  • After fix: 28 failed, 486 passed

The failure count is identical because:

  1. The fix itself does not introduce new failures
  2. Tests were updated to expect the new /auth/* URL patterns
  3. Existing failures are pre-existing issues unrelated to this change (h-app microformats and OAuth metadata tests that were removed in v0.8.0)

Verification

To verify the fix is working:

  1. Start the application: uv run flask --app app.py run
  2. Navigate to /auth/login
  3. Enter your IndieAuth URL and submit
  4. After authenticating with IndieLogin.com, you should be redirected back to /auth/callback which now correctly handles the OAuth response

Related Documentation

  • ADR-022: /home/phil/Projects/starpunk/docs/decisions/ADR-022-auth-route-prefix-fix.md
  • Versioning Strategy: /home/phil/Projects/starpunk/docs/standards/versioning-strategy.md
  • Git Branching Strategy: /home/phil/Projects/starpunk/docs/standards/git-branching-strategy.md

Notes

  • This is a bug fix (PATCH version increment per SemVer)
  • No breaking changes to existing functionality
  • Admin dashboard routes remain at /admin/* as before
  • Only authentication routes moved to /auth/*
Reference in New Issue View Git Blame Copy Permalink