From afa34f9b0317911f1a74b31734446c3d47603f6d Mon Sep 17 00:00:00 2001
From: Sam Becker <sam@sambecker.com>
Date: Tue, 22 Apr 2025 17:06:40 -0500
Subject: [PATCH] Clear cookie when server rejects auth check

---
 src/auth/index.ts              | 3 +++
 src/state/AppStateProvider.tsx | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/src/auth/index.ts b/src/auth/index.ts
index 057dd9ad..84c1b8be 100644
--- a/src/auth/index.ts
+++ b/src/auth/index.ts
@@ -19,6 +19,9 @@ export const clearAuthEmailCookie = () =>
 export const hasAuthEmailCookie = () =>
   Boolean(getCookie(KEY_AUTH_EMAIL));
 
+export const isCredentialsSignInError = (error: any) =>
+  (error.message || `${error}`).includes(KEY_CREDENTIALS_SIGN_IN_ERROR);
+
 export const generateAuthSecret = () => fetch(
   'https://generate-secret.vercel.app/32',
   { cache: 'no-cache' },
diff --git a/src/state/AppStateProvider.tsx b/src/state/AppStateProvider.tsx
index ba5ec062..d47a365d 100644
--- a/src/state/AppStateProvider.tsx
+++ b/src/state/AppStateProvider.tsx
@@ -19,6 +19,7 @@ import {
   storeAuthEmailCookie,
   clearAuthEmailCookie,
   hasAuthEmailCookie,
+  isCredentialsSignInError,
 } from '@/auth';
 import { useRouter, usePathname } from 'next/navigation';
 import { isPathAdmin, PATH_ROOT } from '@/app/paths';
@@ -126,6 +127,9 @@ export default function AppStateProvider({
     if (authError) {
       setIsUserSignedInEager(false);
       setUserEmail(undefined);
+      if (isCredentialsSignInError(authError)) {
+        clearAuthEmailCookie();
+      }
     } else {
       setUserEmail(auth?.user?.email ?? undefined);
     }