Fix email input field issues in onboarding

[lsukaristone]

• Add proper input attributes (type, autocomplete, etc.) for better browser compatibility
• Handle edge case where session exists but email is missing
• Auto-clear problematic sessions with missing email data
• Add debug mode (?debug=true) to help diagnose auth issues
• Prevent field from getting stuck in disabled state

This should resolve the persistent issue where users cannot type in the email field.

🤖 Generated with Claude Code

---

Important

Fixes email input issues in OnboardingPage.tsx by adding input attributes, handling missing email sessions, and adding a debug mode.

• Behavior:
  • Adds input attributes type='email', autoComplete='email', autoCapitalize='none', autoCorrect='off', spellCheck='false' to the email field in OnboardingPage.tsx for better browser compatibility.
  • Handles edge case where session exists but email is missing by clearing the session and unlocking the email field.
  • Auto-clears sessions with missing email data using supabase.auth.signOut().
  • Adds a debug mode (?debug=true) to display debug information on the page.
  • Prevents email field from getting stuck in a disabled state by ensuring setEmailLocked(false) is called appropriately.

^{This description was created by for 387d26d. You can customize this summary. It will automatically update as commits are pushed.}

Summary by CodeRabbit

• Bug Fixes

  • Prevents stuck sign-in states by handling sessions missing an email: shows an error toast, clears the email field, unlocks input, and signs out so users can re‑authenticate.

• New Features

  • Adds an optional debug information panel on the onboarding form.
  • Improves email input UX with stricter semantics (email type, autocomplete, no auto-capitalization/correction/spellcheck) for more reliable entry and validation.

[gemini-code-assist]

Summary of Changes

Hello @lsukaristone, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses several persistent issues related to the email input field on the onboarding page. The primary goal is to improve user experience by ensuring the email field functions correctly, preventing it from getting stuck, and robustly handling authentication states where email data might be missing from a user session. It also introduces a debug mode to aid in diagnosing future authentication problems.

Highlights

• Enhanced Email Input Attributes: Standard HTML attributes like type='email', autocomplete='email', autoCapitalize='none', autoCorrect='off', and spellCheck='false' have been added to the email input field for improved browser compatibility and user experience.
• Robust Session Handling: Logic has been implemented to detect and automatically clear problematic user sessions where a session exists but the associated email information is missing, preventing users from being stuck in a bad authentication state.
• Improved Error Feedback: A toast notification is now displayed to inform users when their session is missing email information, prompting them to sign in again for a clearer user experience.
• Debug Mode Integration: A conditional debug information display (?debug=true query parameter) has been integrated to assist in diagnosing authentication-related issues directly on the onboarding page.
• Email Field State Management: The email field is now explicitly ensured not to be locked when an authentication issue occurs, allowing users to re-enter their email and proceed.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request aims to fix several issues with the email input field during onboarding. It introduces better handling for edge cases where a user session might exist without an email, adds attributes to the email input for improved browser compatibility, and adds a debug mode. My review has identified a critical issue where the new debug feature will crash the application because a variable is used without being defined. I've also found a high-severity issue related to inconsistent and incomplete error handling for invalid sessions, which could lead to a poor user experience. I've provided suggestions to fix these issues.

[gemini-code-assist]

The variable debugInfo is used here but it is not defined anywhere in the component. This will cause a ReferenceError at runtime and break the page. Please ensure debugInfo is declared and populated with the intended debug information, likely from a URL query parameter as mentioned in the pull request description.

[gemini-code-assist]

The logic here to handle a session without an email is inconsistent with the similar logic in checkSession (lines 126-140). This implementation is missing a user-facing notification (toast) and doesn't update the isCheckingAuth state, which could leave the UI in a loading state or cause confusion for the user.

To ensure consistent behavior, this block should also show a toast message and set isCheckingAuth to false. For better maintainability, consider refactoring this duplicated logic into a single helper function.

        // Session exists but email is missing - clear the bad state
        console.error('Auth state change: Session without email detected', session.user)
        setValue('email', '')
        setEmailLocked(false)
        setIsCheckingAuth(false)
        toast({
          variant: 'destructive',
          title: 'Authentication Issue',
          description: 'Your session is missing email information. Please try signing in again.'
        })
        void supabase.auth.signOut() // Clear the problematic session

[ellipsis-dev]

Caution

Changes requested ❌

Reviewed everything up to 387d26d in 2 minutes and 7 seconds. Click for details.

• Reviewed 62 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 3 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. src/components/OnboardingPage.tsx:97

• Draft comment:
  Consider consolidating duplicate session error handling. The same 'session without email' logic appears in both the auth state change callback and the checkSession function.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

2. src/components/OnboardingPage.tsx:341

• Draft comment:
  Good addition of input props (type, autoComplete, autoCapitalize, autoCorrect, and spellCheck) to improve browser compatibility for the email field.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

3. src/components/OnboardingPage.tsx:102

• Draft comment:
  Consider handling potential errors from supabase.auth.signOut() instead of ignoring the returned promise with 'void'. This can improve robustness in case signOut fails.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 20% vs. threshold = 50% This is a cleanup operation in an already-error state. The signOut() is a best-effort cleanup - if it fails, we've already cleared the UI state (email and lock). The code has already logged the error condition. Adding error handling here doesn't meaningfully improve the user experience or system reliability. The comment does identify a potential error case we're not handling. Failed signOut could leave invalid session data in the auth system. The impact of a failed signOut is minimal since we've already reset the UI state. The auth system will eventually expire the invalid session anyway. The comment suggests handling an edge case that adds complexity without meaningful benefit in an already-error scenario. The comment should be removed.

Workflow ID: wflow_ic1BCiklflUO1Upr

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

The debugInfo variable is used in the JSX but isn’t defined in this diff. Ensure that debug mode logic (e.g., reading ?debug=true) sets and passes debugInfo appropriately.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The onboarding component updates auth-session handling to detect sessions lacking an email, trigger sign-out and user-visible errors, and stop further checks. It augments the email input with stricter attributes and adds an optional debug-info UI block. Existing valid-session and sign-in flows remain, with added edge-case handling.

Changes

Cohort / File(s)

Summary of Changes

Onboarding and auth-state handling src/components/OnboardingPage.tsx

- Added missing-email branches in auth listener and initial session check: log, show destructive toast (on initial check), clear email/unlock input, and sign out session; halt further checks when encountered. - Introduced user-facing toast prompting re-sign-in for missing-email sessions. - Enhanced email input attributes: type=email, autoComplete=email, autoCapitalize=none, autoCorrect=off, spellCheck=false. - Added conditional debugInfo render block for UI debugging. - Preserved existing valid-session and sign-in flows with stricter edge-case handling.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant OnboardingPage
  participant AuthService as Auth Service
  participant Toast as Toast/UI

  rect rgba(203,235,255,0.3)
    note right of OnboardingPage: Initial load
    User->>OnboardingPage: Open page
    OnboardingPage->>AuthService: getInitialSession()
    alt Session with email
      AuthService-->>OnboardingPage: { session, email }
      OnboardingPage-->>User: Proceed with normal flow
    else Session missing email
      AuthService-->>OnboardingPage: { session, email: null }
      OnboardingPage->>Toast: Show destructive toast: re-sign-in required
      OnboardingPage->>OnboardingPage: Clear email, unlock input
      OnboardingPage->>AuthService: signOut()
      OnboardingPage-->>User: Halt further auth checks
    else No session
      AuthService-->>OnboardingPage: null
      OnboardingPage-->>User: Await sign-in
    end
  end

  rect rgba(220,255,220,0.35)
    note right of OnboardingPage: Auth state changes
    AuthService-->>OnboardingPage: onAuthStateChange(event, session)
    alt Session with email
      OnboardingPage-->>User: Maintain normal flow
    else Session missing email
      OnboardingPage->>OnboardingPage: Log error, clear email, unlock input
      OnboardingPage->>AuthService: signOut()
      OnboardingPage-->>User: Return to email entry
    end
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Add JWT token extraction fallback for cross-browser compatibility #243 — Also changes OnboardingPage session/email flow, adding a JWT-based email fallback; closely related to missing-email session handling.
• Fix onboarding email field for users without active sessions #242 — Adjusts OnboardingPage auth-state and email input behaviors, overlapping with onboarding/email-session logic.

Poem

A carrot-bright toast pops on the screen—
“Your email’s gone missing; please sign in clean!”
I thump my paws, debug in sight,
Clear the session, set things right.
With ears up high and inputs neat,
This onboarding hop lands soft and sweet. 🥕🐇

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-email-input-debug

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

src/components/OnboardingPage.tsx (2)

97-103: Auth listener: missing toast and loading reset can leave UI stuck

When a session exists without an email, the UI never exits the "Checking authentication..." state and the user gets no feedback. Align this with the initial session check path by resetting isCheckingAuth, showing a toast, and cleaning the URL fragment.

Apply this diff:

       } else if (session?.user && !session.user.email) {
         // Session exists but email is missing - clear the bad state
         console.error('Auth state change: Session without email detected', session.user)
         setValue('email', '')
         setEmailLocked(false)
+        setIsCheckingAuth(false)
+        toast({
+          variant: 'destructive',
+          title: 'Authentication Issue',
+          description: 'Your session is missing email information. Please try signing in again.'
+        })
         void supabase.auth.signOut() // Clear the problematic session
+        clearAuthFragment()

---

402-406: debugInfo is undefined; this will crash render — wire up proper debug mode

debugInfo is never declared, causing a runtime ReferenceError and ESLint's leaked-render warning. Replace it with a defined, memoized debug toggle and string.

Apply this diff to the JSX:

-            {debugInfo && (
+            {debugEnabled && (
               <div className='mt-4 p-2 bg-gray-100 rounded text-xs font-mono whitespace-pre-wrap'>
-                Debug Info:{debugInfo}
+                Debug Info:{debugInfoText}
               </div>
             )}

Then add the following inside the component (after useForm so watch is available). Also add useMemo to the React import at Line 3.

// near other hooks in the component
const watchEmail = watch('email')

const debugEnabled = useMemo(() => {
  if (typeof window === 'undefined') return false
  return new URLSearchParams(window.location.search).get('debug') === 'true'
}, [])

const debugInfoText = useMemo(() => {
  if (!debugEnabled) return ''
  const hash = typeof window !== 'undefined' ? window.location.hash : ''
  const search = typeof window !== 'undefined' ? window.location.search : ''
  return JSON.stringify(
    {
      isCheckingAuth,
      emailLocked,
      hasAvatar: !!avatar,
      email: watchEmail,
      urlSearch: search,
      urlHash: hash
    },
    null,
    2
  )
}, [debugEnabled, isCheckingAuth, emailLocked, avatar, watchEmail])

Run to ensure no remaining undefined references:

#!/bin/bash
rg -n --pretty '\bdebugInfo\b' src/components/OnboardingPage.tsx || echo "OK: no debugInfo"
rg -n --pretty '\bdebugEnabled\b|\bdebugInfoText\b' src/components/OnboardingPage.tsx

🧹 Nitpick comments (2)

src/components/OnboardingPage.tsx (2)

126-139: Mirror missing-email handling and consider DRY helper

Two places handle "session without email" slightly differently. For consistency and easier maintenance, mirror the auth-listener behavior (clear the field and scrub URL fragment). Optionally, extract a small helper to handle this case in both branches.

Minimal consistency fixes:

         } else if (session?.user && !session.user.email) {
           // Session exists but email is missing - this is an error state
           console.error('Session found but email is missing:', session.user)
           if (isMounted) {
+            setValue('email', '')
             setEmailLocked(false) // Ensure field is not locked
             setIsCheckingAuth(false)
             toast({
               variant: 'destructive',
               title: 'Authentication Issue',
               description: 'Your session is missing email information. Please try signing in again.'
             })
             // Clear the problematic session
             void supabase.auth.signOut()
+            clearAuthFragment()
           }

Optional refactor inside the effect (replace both occurrences with handleMissingEmail()):

const handleMissingEmail = () => {
  setValue('email', '')
  setEmailLocked(false)
  setIsCheckingAuth(false)
  toast({
    variant: 'destructive',
    title: 'Authentication Issue',
    description: 'Your session is missing email information. Please try signing in again.'
  })
  void supabase.auth.signOut()
  clearAuthFragment()
}

---

341-345: Prefer boolean prop for spellCheck; add inputMode for better mobile keyboard

Small polish: React props should use booleans, not string literals. Also, inputMode='email' helps mobile keyboards even when type='email' is set.

                     type='email'
                     autoComplete='email'
                     autoCapitalize='none'
                     autoCorrect='off'
-                    spellCheck='false'
+                    inputMode='email'
+                    spellCheck={false}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4423654 and 387d26d.

📒 Files selected for processing (1)

• src/components/OnboardingPage.tsx (4 hunks)

🧰 Additional context used

🪛 ESLint

src/components/OnboardingPage.tsx

[error] 402-406: Potential leaked value that might cause unintentionally rendered values or rendering crashes

(react/jsx-no-leaked-render)