From bad0a99d09ec69c998da7fb065d5184a3c6e3ade Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Wed, 11 Mar 2026 22:19:25 +0000 Subject: [PATCH] Fix recovery bootstrap for emailpassword login param Co-authored-by: Ray Jacobson --- packages/web/index.html | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/packages/web/index.html b/packages/web/index.html index 3e20d43fbef..17e26621c78 100644 --- a/packages/web/index.html +++ b/packages/web/index.html @@ -76,11 +76,26 @@ const lookupKey = urlParams.get('lookupKey') const hasEmail = Boolean(email) const hasLookupKey = Boolean(lookupKey) + const isEmailPasswordRecovery = mode === 'emailpassword' + + const decodeLoginEntropy = (loginValue) => { + try { + // Handle URL-safe base64 tokens and missing padding. + const normalizedLogin = loginValue.replace(/-/g, '+').replace(/_/g, '/') + const padding = '='.repeat((4 - (normalizedLogin.length % 4)) % 4) + return atob(normalizedLogin + padding) + } catch { + return null + } + } - let entropy = null if (login) { - entropy = atob(login) - window.localStorage.setItem('hedgehog-entropy-key', entropy) + if (!isEmailPasswordRecovery) { + const entropy = decodeLoginEntropy(login) + if (entropy) { + window.localStorage.setItem('hedgehog-entropy-key', entropy) + } + } let redirectUrl = location.protocol + '//' + location.host if (useHashRouting) { redirectUrl += '/#' @@ -89,7 +104,6 @@ window.history.replaceState({}, document.title, redirectUrl) } - const isEmailPasswordRecovery = mode === 'emailpassword' const isPasswordRecovery = !isEmailPasswordRecovery && (warning === 'RECOVERY_DO_NOT_SHARE' || mode === 'password')