From a3cc73e49d8acd045d8250a82d4da25502abcb90 Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Wed, 4 Feb 2026 00:41:32 +0100
Subject: [PATCH] Fix redirect loop for users who need to set password

The auth layout was redirecting logged-in users to their dashboard even
when they still needed to set their password. This caused a redirect
loop: auth layout redirects to /jury, middleware redirects back to
/set-password, repeat until crash.

Now the auth layout checks mustSetPassword before redirecting, allowing
users to complete the password setup flow.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 src/app/(auth)/layout.tsx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/app/(auth)/layout.tsx b/src/app/(auth)/layout.tsx
index 170e403..d180f52 100644
--- a/src/app/(auth)/layout.tsx
+++ b/src/app/(auth)/layout.tsx
@@ -16,7 +16,8 @@ export default async function AuthLayout({
   }
 
   // Redirect logged-in users to their dashboard
-  if (session?.user) {
+  // But NOT if they still need to set their password
+  if (session?.user && !session.user.mustSetPassword) {
     const role = session.user.role
     if (role === 'SUPER_ADMIN' || role === 'PROGRAM_ADMIN') {
       redirect('/admin')