fix: enforce onboarding gate for applicants and observers

Applicants could bypass onboarding and land directly on the dashboard. Added onboardingCompletedAt check + redirect to /onboarding in both the applicant and observer layouts (jury/mentor already had this gate). Also removed premature status ACTIVE on magic-link first login — now only completeOnboarding sets ACTIVE. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 17:00:19 +01:00
parent f0d5599167
commit b1a994a9d6
3 changed files with 32 additions and 12 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -273,13 +273,8 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
          return false // Block suspended users
        }

-        // Update status to ACTIVE on first login (from NONE or INVITED)
-        if (dbUser?.status === 'INVITED' || dbUser?.status === 'NONE') {
-          await prisma.user.update({
-            where: { email: user.email! },
-            data: { status: 'ACTIVE' },
-          })
-        }
+        // Note: status stays INVITED/NONE until onboarding completes.
+        // The completeOnboarding mutation sets status to ACTIVE.

        // Add user data for JWT callback
        if (dbUser) {