UN-2971 [FEAT] Pass selectedProduct to login/signup API for OAuth product scope

[hari-kuriakose]

What

• Pass selectedProduct query parameter from frontend to login/signup API endpoints
• Enable backend to include product-specific scope in OAuth authorization

Why

• Need to include custom OAuth scope (product:unstract or product:llm-whisperer) in the authorization flow
• The selected product stored in localStorage needs to be forwarded to the backend for OAuth scope customization

How

• Read selectedProduct from localStorage in the Login component
• Add handleSignup function that constructs signup URL with selectedProduct query parameter
• Update handleLogin function to also include selectedProduct query parameter
• Pass handleSignup to the LoginForm plugin component

Can this PR break any existing features. If yes, please list possible items. If no, please explain why. (PS: Admins do not merge the PR without this section filled)

• No, this is backward compatible. If selectedProduct is not present or invalid, the API calls work without the query parameter (same as before).

Database Migrations

• None

Env Config

• None

Relevant Docs

• N/A

Related Issues or PRs

• Jira: UN-2971

Dependencies Versions

• None

Notes on Testing

• Select a product (unstract or llm-whisperer) from the product selection page
• Navigate to the login/landing page
• Click "Create Your free account" or "Login"
• Verify the API call includes ?selectedProduct=<product> query parameter

Screenshots

N/A

Checklist

I have read and understood the Contribution Guidelines.

🤖 Generated with Claude Code

[coderabbitai]

Summary by CodeRabbit

• New Features
  • Login and signup flows now preserve the selected product context through the authentication process, ensuring a seamless experience across different product environments.

Walkthrough

The login component now supports product-aware authentication by reading a selectedProduct value from localStorage. When a valid product is detected from a predefined list, it automatically appends this as a query parameter to both login and signup URLs, enabling product context to persist through the authentication flow.

Changes

Cohort / File(s)	Summary
Product-aware Login Flow frontend/src/components/log-in/Login.jsx, package.json	Adds conditional logic to read selectedProduct from localStorage and append it as a query parameter to login and signup URLs when the product matches the allowed list. Introduces a new handleSignup function mirroring login logic. Updates exported Login component to pass handleSignup prop to LoginForm.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: passing selectedProduct to login/signup API for OAuth product scope customization.
Description check	✅ Passed	The description is comprehensive, covering all required sections with clear explanations of what changed, why, and how, plus backward compatibility assurance and testing notes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch UN-2971-product-scope-oauth

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

frontend/src/components/log-in/Login.jsx (2)

22-34: Consolidate duplicate URL construction and add encodeURIComponent defensively.

handleLogin and handleSignup are identical modulo the path string. A small helper eliminates the duplication. Additionally, selectedProduct is interpolated directly into the URL; encoding it is a safe, future-proof habit even though the current whitelist values don't require it.

♻️ Proposed refactor

-  const handleLogin = () => {
-    const loginUrl = isValidProduct
-      ? `${baseUrl}/api/v1/login?selectedProduct=${selectedProduct}`
-      : `${baseUrl}/api/v1/login`;
-    window.location.href = loginUrl;
-  };
-
-  const handleSignup = () => {
-    const signupUrl = isValidProduct
-      ? `${baseUrl}/api/v1/signup?selectedProduct=${selectedProduct}`
-      : `${baseUrl}/api/v1/signup`;
-    window.location.href = signupUrl;
-  };
+  const buildAuthUrl = (path) => {
+    const base = `${baseUrl}/api/v1/${path}`;
+    return isValidProduct
+      ? `${base}?selectedProduct=${encodeURIComponent(selectedProduct)}`
+      : base;
+  };
+
+  const handleLogin = () => { window.location.href = buildAuthUrl("login"); };
+  const handleSignup = () => { window.location.href = buildAuthUrl("signup"); };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/components/log-in/Login.jsx` around lines 22 - 34, DRY the URL
construction in handleLogin and handleSignup by extracting a small helper (e.g.,
buildAuthUrl or constructAuthUrl) that accepts the path ('/api/v1/login' or
'/api/v1/signup') and returns `${baseUrl}${path}` plus
`?selectedProduct=${encodeURIComponent(selectedProduct)}` only when
isValidProduct is true; update handleLogin and handleSignup to call that helper
and set window.location.href to its result, ensuring selectedProduct is passed
through encodeURIComponent for safety.

---

19-20: Extract the valid-product list to a shared constant.

["unstract", "llm-whisperer"] is hardcoded inline. Since selectedProduct is also consumed in PersistentLogin.js and useSessionValid.js, any future product addition risks drift if defined separately in each file. Exporting from GetStaticData.js provides a single source of truth.

♻️ Proposed refactor

In frontend/src/helpers/GetStaticData.js, add the constant:

+export const VALID_PRODUCTS = ["unstract", "llm-whisperer"];

Then in Login.jsx, import and use it:

-import { getBaseUrl } from "../../helpers/GetStaticData";
+import { getBaseUrl, VALID_PRODUCTS } from "../../helpers/GetStaticData";
 ...
-const isValidProduct =
-  selectedProduct && ["unstract", "llm-whisperer"].includes(selectedProduct);
+const isValidProduct = selectedProduct && VALID_PRODUCTS.includes(selectedProduct);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/components/log-in/Login.jsx` around lines 19 - 20, Extract the
hardcoded product list into a shared exported constant (e.g., VALID_PRODUCTS) in
GetStaticData.js and replace the inline array used to compute isValidProduct in
Login.jsx with an import of that constant; update other consumers
(PersistentLogin.js and useSessionValid.js) to import and use the same
VALID_PRODUCTS constant so all files reference a single source of truth for
valid products (ensure the symbol name matches across imports and update any
tests or imports accordingly).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@frontend/src/components/log-in/Login.jsx`:
- Around line 22-34: DRY the URL construction in handleLogin and handleSignup by
extracting a small helper (e.g., buildAuthUrl or constructAuthUrl) that accepts
the path ('/api/v1/login' or '/api/v1/signup') and returns `${baseUrl}${path}`
plus `?selectedProduct=${encodeURIComponent(selectedProduct)}` only when
isValidProduct is true; update handleLogin and handleSignup to call that helper
and set window.location.href to its result, ensuring selectedProduct is passed
through encodeURIComponent for safety.
- Around line 19-20: Extract the hardcoded product list into a shared exported
constant (e.g., VALID_PRODUCTS) in GetStaticData.js and replace the inline array
used to compute isValidProduct in Login.jsx with an import of that constant;
update other consumers (PersistentLogin.js and useSessionValid.js) to import and
use the same VALID_PRODUCTS constant so all files reference a single source of
truth for valid products (ensure the symbol name matches across imports and
update any tests or imports accordingly).

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between d7babec and 7c8c809.

📒 Files selected for processing (1)

• frontend/src/components/log-in/Login.jsx

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud