Problem: Line 350 calls postLog() which is not defined in the login form scope.
postLog is a local variable inside initErrorLogging() and not accessible here.
Solution: Use window.taxbaikAdminSession.postClientLog() instead, which is
the public method created by initErrorLogging() and assigned to the window object.
Result: Login errors are now properly logged without ReferenceError.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Problem: With prerender: true, Blazor hydrates the DOM after initial render,
which can remove event listeners attached before hydration. When user clicks
login button, the form submit handler doesn't fire because the listener was
removed during hydration.
Solution: Switch from form.addEventListener('submit') to document.addEventListener('submit')
with a guard to filter for our specific form. Event delegation survives DOM
mutations and Blazor hydration.
Flow:
1. Prerender: form generated as static HTML
2. JavaScript: attach document-level listener (survives hydration)
3. Blazor hydration: form DOM is updated, but document listener remains
4. User submit: document listener catches event, checks if it's our form, handles
Result: Login form submit now works reliably with prerender: true.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Context: Validation script requires Login.razor to use prerender: true for
immediate form display before WASM boots (Phase 9 requirement).
Solution: Revert to original HTML form + JavaScript approach:
- AdminLoginForm: HTML form (statically rendered, works with prerender: true)
- admin-session.js: JavaScript login handler
- Post-login: 200ms delay before redirect to allow CustomAuthenticationStateProvider
to read tokens from localStorage and establish auth state
Flow:
1. User submits form (JavaScript handles it)
2. POST /api/auth/login
3. Save tokens to localStorage
4. 200ms delay
5. Redirect to /taxbaik/admin/dashboard
6. Page loads with Blazor bootstrapping + auth state restored
Result: Login form displays immediately (prerender: true) while maintaining
proper authentication state propagation for [Authorize] pages.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Problem: JavaScript login form saved tokens to localStorage but didn't notify
CustomAuthenticationStateProvider, causing [Authorize] pages to remain in
'loading' state indefinitely. The provider only reads tokens when:
1. GetAuthenticationStateAsync() is called (page load)
2. NotifyAuthenticationStateChanged() is triggered (UI updates)
But JavaScript login didn't trigger either, leaving the authentication state
stale.
Solution: Convert AdminLoginForm from HTML+JavaScript to pure Blazor component.
Now the login flow is:
1. User enters credentials in Blazor form
2. HttpClient POST to /api/auth/login
3. Save tokens to localStorage
4. Call CustomAuthenticationStateProvider.LoginAsync() directly
5. Blazor detects auth state change and re-evaluates [Authorize] pages
6. Dashboard [Authorize] page renders successfully
Result: Immediate authentication state update, no loading timeout on protected pages.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Problem: Login form showed remembered username from localStorage, but didn't
restore the 'remember me' checkbox state. Users had to re-check the box on
each login attempt, defeating the purpose of the remember feature.
Solution:
1. AdminLoginForm: Add isRememberChecked field and RememberedCheckboxKey constant
2. OnInitializedAsync: Restore both username AND checkbox state from localStorage
3. admin-session.js bindLoginForm: Restore checkbox.checked from localStorage
4. admin-session.js submit handler: Save checkbox state alongside username
Result: Complete round-trip persistence - when user checks 'remember me' and
logs in, both username and checkbox state persist until explicitly cleared.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Groups the repo root into src (buildable source), docs (already existed),
and everything else (db/, scripts/, tests/, deploy/ - deployment/ops/test
assets that aren't compiled, already organized as their own folders). CI
now only needs src/ to build: dotnet restore/build/test/publish all point
at src/TaxBaik.sln, src/TaxBaik.Web/, src/TaxBaik.Proxy/.
- git mv every project (Domain, Infrastructure, Application,
Application.Tests, Web, Web.Client, Proxy) and TaxBaik.sln into src/ as a
unit, so relative ProjectReference/.sln paths stay valid unchanged.
- .gitea/workflows/deploy.yml: 6 dotnet restore/clean/build/test/publish
invocations now point at src/. db/migrations and scripts/ stay at root
(deploy_gb.sh and browser-e2e.yml only touch published output and the
deployed URL, not source paths - verified, no changes needed there).
- scripts/validate_admin_render.sh: admin render-mode file paths now
src/TaxBaik.Web.Client/...
- scripts/validate_kst_timestamps.sh: dropped deploy.sh from its target
list - that script was removed in the prior cleanup commit (dead, no
CI workflow referenced it) but this validator still expected it to exist.
- CLAUDE.md, docs/ENGINEERING_HARNESS.md, docs/ADMIN_PATTERN_CRITIQUE_WBS.md:
updated project-structure diagram, dotnet run/build commands, and grep
targets to the new src/ paths (also fixed a pre-existing stale path in
ADMIN_PATTERN_CRITIQUE_WBS.md that still said TaxBaik.Web/Components/Admin
from before that ever moved to TaxBaik.Web.Client).
- Added a Repo Root harness rule + Architecture Guardrail entries: new files
belong under src/docs/tests/scripts/db/deploy, not loose at root; temp
work stays outside the repo (or under a gitignored .scratch/) and is
never committed.
Verified locally: dotnet build/test src/TaxBaik.sln (26/26 tests), and all
three scripts/validate_*.sh pass against the new layout.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>