Skip to content

A non-existing user can skip onboarding if setting local storage with onboarding data #705

Open
Open
A non-existing user can skip onboarding if setting local storage with onboarding data#705
@sergiojoker11

Description

@sergiojoker11
sergiojoker11
opened on Sep 17, 2025

(Some) reproduction steps:

  • Login with a new user (so, onboarding data gets created) and advance up to tier selection.
  • Delete user from dynamo (and refresh tokens cause otherwise you enter in a 5th dimension where /api/login returns 500 and logs "Access JWT decoding failed" and an entry is created in DB leaving the user record incomplete)
  • Refresh page so you are redirected to login page with a redirect query param (ep: http://localhost:5173/#/?redirect=%2Fonboarding%2Ftier-selection)
  • Log back in

Result: you managed to skip onboarding.

Note 1: likely redirect query param has no influence in the result.
Note 2: maybe deleting the user from DB is not required as long as user has onboarding user status.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions