fix: google revocation handling (#1484)

* refactor(issue-templates): simplify feature request and bug report templates

- Removed unnecessary emoji from template names for a cleaner presentation.
- Eliminated the priority dropdown from the feature request template to streamline the submission process.
- Updated the bug report template to remove the emoji, enhancing consistency across issue templates.
- Adjusted the configuration file to reflect these changes, ensuring clarity in the issue submission process.

* test(socket): enhance SocketProvider tests with async act calls

- Updated SocketProvider tests to utilize `act` for asynchronous callback invocations, ensuring proper handling of state updates during testing.
- Improved test reliability by wrapping callback executions in `act`, aligning with React's testing best practices.

* test(socket): add race condition handling test for useGcalSync

- Introduced a new test case to verify the correct handling of import end events when the awaitingImportResults state changes mid-render.
- Utilized a ref to prevent stale closures, ensuring that the correct state is referenced during socket event processing.
- Enhanced the reliability of the useGcalSync hook by ensuring it properly processes events even when state changes occur asynchronously.

* delete(svg): remove unused circle.svg file

- Deleted the circle.svg file from the public SVG assets as it is no longer needed in the project.
- This cleanup helps streamline the asset management and reduces unnecessary file clutter.

* fix(socket): address PR review comments for useGcalSync

- Update ref synchronously during render instead of in useEffect
  to fully eliminate race condition window
- Rename misleading test name (timeout -> successfully)
- Fix test assertions to validate action creator calls directly
  instead of using unused variable and dispatch-based assertions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor(sync): rename awaitingImportResults to isImportPending

- Updated state management and selectors to reflect the new naming convention for clarity.
- Adjusted related components and tests to ensure consistency with the updated state name.
- This change enhances code readability and aligns with the overall naming strategy in the project.

* refactor(socket): simplify reconnect logic and update test case

- Removed the 1-second delay in the reconnect function, allowing for immediate reconnection after disconnection.
- Updated the corresponding test case to reflect the change in behavior, ensuring it accurately tests the immediate reconnection functionality.
- This change enhances the responsiveness of the socket client and improves the clarity of the test case.

* refactor(tests): update useGcalSync tests to remove fake timers

- Removed the use of fake timers in the tests for useGcalSync, simplifying the test setup.
- Updated type definitions for event handler variables to allow for undefined values, enhancing type safety.
- This change improves test clarity and aligns with best practices for handling asynchronous events in React testing.

* test(socket): add integration tests for Google Calendar re-authentication flow

- Introduced a new test suite for the Google Calendar re-authentication process, validating user experience during import operations.
- Implemented tests to ensure the spinner visibility during import initiation, handling of socket events, and correct state updates upon import completion.
- Enhanced test reliability by utilizing `act` for asynchronous operations and capturing socket event callbacks.
- This addition improves coverage for the re-authentication flow and ensures a seamless user experience during Google Calendar synchronization.

* refactor(sync): rename setAwaitingImportResults to setIsImportPending

- Updated the Redux action and corresponding function names to improve clarity and consistency in the import state management.
- Adjusted all related components and tests to reflect the new naming convention, ensuring seamless integration across the codebase.
- This change enhances code readability and aligns with the overall naming strategy in the project.

* feat(errors): enhance Google token error handling and add corresponding tests

- Updated the error handling for invalid Google tokens to prune user data and notify clients via WebSocket.
- Modified the response to include a specific payload indicating Google access has been revoked.
- Added unit tests to verify the new error handling behavior, ensuring proper response and state management during Google token invalidation.
- This change improves user experience by providing clearer feedback on session status and data management.

* feat(user): implement pruneGoogleData method and corresponding tests

- Added the pruneGoogleData method to UserService, which stops Google Calendar sync and removes the Google field from the user document.
- Introduced a new test suite for pruneGoogleData, verifying that user data is correctly pruned and associated events are deleted.
- This enhancement improves data management and user experience by ensuring that outdated Google data is effectively removed.

* feat(sync): implement Google revoked access handling and notifications

- Added functionality to handle Google access revocation by pruning user data and notifying clients via WebSocket.
- Updated SyncController to respond with a structured message when access is revoked, improving user feedback.
- Introduced tests to verify the new behavior, ensuring proper handling of revoked access scenarios.
- This enhancement improves data management and user experience by effectively managing Google Calendar access changes.

* feat(api): implement Google revoked access handling in CompassApi

- Added handling for Google access revocation in CompassApi, ensuring users remain logged in while displaying a toast notification.
- Introduced a new utility function to extract error codes from Axios errors, enhancing error management.
- Updated tests to verify the new behavior, including scenarios for Google revoked access.
- This enhancement improves user experience by providing clear feedback and managing Google Calendar data effectively.

* chore: fix conflicts in useGcalSync

* refactor: revert try/catch in event.controller

* test(compass): enhance Google revoked access handling tests

- Updated the test for handling Google access revocation to ensure proper behavior on 401/410 responses.
- Introduced a new payload structure for the GOOGLE_REVOKED error code and verified that the correct toast notification is displayed.
- Improved test coverage by iterating over multiple status codes to validate consistent error handling and user feedback.

* test(socket): enhance useGcalSync tests with timer management

- Added beforeEach and afterEach hooks to manage fake timers in the useGcalSync test suite.
- This change improves test reliability by ensuring proper timer handling during asynchronous operations.

* refactor(errors): improve Google error handling type safety

- Updated error handling functions to accept `unknown` type instead of specific error types, enhancing type safety and flexibility.
- Adjusted the `handleExpressError` and `isFullSyncRequired` functions to work with the new type definitions, ensuring consistent error management across the application.
- This change improves code robustness and prepares the error handling system for a wider range of error scenarios.

* feat(sync): implement deleteWatchesByUser and enhance Google error handling

- Introduced the deleteWatchesByUser method in SyncService to remove watch records for a specific user, improving data management.
- Added createGoogleError utility for generating mock Google errors, enhancing test coverage and error handling.
- Updated gcal.utils to include getGoogleErrorStatus for better error status retrieval from Google errors.
- Enhanced tests for SyncService to validate behavior when handling Google errors, ensuring robust error management.

* feat(auth): implement handleGoogleRevoked utility for improved Google access management

- Introduced the handleGoogleRevoked function to centralize handling of Google access revocation, including toast notifications and event management.
- Updated CompassApi and useGcalSync to utilize the new utility, ensuring consistent behavior across the application.
- Enhanced tests for handleGoogleRevoked to verify correct toast display and event dispatching, improving test coverage and reliability.
- This change enhances user experience by providing clear feedback and managing Google Calendar data effectively upon access revocation.

* fix(event-test-utils): update keyboard shortcut for saving event forms

- Changed the keyboard shortcut for saving event forms from "Enter" to "Meta+Enter" to accommodate different operating systems (Cmd+Enter on Mac, Win+Enter on Windows/Linux).
- This update ensures consistent behavior across platforms when saving event data.

* refactor(event-form): unify keyboard shortcuts for form submission

- Updated keyboard shortcuts for submitting event forms to use "mod+enter" for consistency across platforms (Cmd+Enter on Mac, Ctrl+Enter on Windows/Linux).
- Adjusted related tests and utility functions to reflect the new shortcut, ensuring reliable behavior in form submissions.
- This change enhances user experience by providing a consistent interaction model across different operating systems.

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: tyler-dane

e2e/utils/event-test-utils.ts

@@ -212,7 +212,9 @@ export const fillTitleAndSaveWithKeyboard = async (
   const titleInput = getFormTitleInput(page);
   await expect(titleInput).toBeVisible({ timeout: FORM_TIMEOUT });
   await titleInput.fill(title);
-  await page.keyboard.press("Enter");
+  // EventForm saves on Cmd+Enter (Mac) or Ctrl+Enter (Linux/Windows)
+  // ControlOrMeta maps to the platform-appropriate modifier
+  await page.keyboard.press("ControlOrMeta+Enter");
   // Wait for form to close, confirming the save completed
   await titleInput.waitFor({ state: "hidden", timeout: FORM_TIMEOUT });
 };

packages/backend/src/__tests__/mocks.gcal/errors/error.google.factory.ts

@@ -0,0 +1,59 @@
+import { GaxiosError } from "gaxios";
+
+export const createGoogleError = (
+  overrides: {
+    code?: string | number;
+    responseStatus?: number;
+    message?: string;
+  } = {},
+) => {
+  const url = new URL("https://www.googleapis.com/calendar/v3");
+  const headers = new Headers();
+
+  const error = new GaxiosError(
+    overrides.message ?? "test google error",
+    {
+      headers,
+      url,
+    },
+    overrides.responseStatus
+      ? {
+          config: {
+            headers,
+            url,
+          },
+          status: overrides.responseStatus,
+          statusText: "ERROR",
+          headers,
+          data: {},
+          ok: false,
+          redirected: false,
+          type: "error" as ResponseType,
+          url: url.toString(),
+          body: null,
+          bodyUsed: false,
+          clone: () => {
+            throw new Error("Not implemented");
+          },
+          arrayBuffer: async () => {
+            throw new Error("Not implemented");
+          },
+          blob: async () => {
+            throw new Error("Not implemented");
+          },
+          formData: async () => {
+            throw new Error("Not implemented");
+          },
+          json: async () => ({}),
+          text: async () => "",
+          bytes: async () => {
+            throw new Error("Not implemented");
+          },
+        }
+      : undefined,
+  );
+
+  error.code = overrides.code;
+
+  return error;
+};

packages/backend/src/common/errors/handlers/error.express.handler.ts

@@ -1,6 +1,7 @@
 import { Request } from "express";
 import { GaxiosError } from "gaxios";
 import { SessionRequest } from "supertokens-node/framework/express";
+import { GOOGLE_REVOKED } from "@core/constants/websocket.constants";
 import { BaseError } from "@core/errors/errors.base";
 import { Status } from "@core/errors/status.codes";
 import { Logger } from "@core/logger/winston.logger";
@@ -19,6 +20,7 @@ import {
 } from "@backend/common/services/gcal/gcal.utils";
 import { CompassError, Info_Error } from "@backend/common/types/error.types";
 import { SessionResponse } from "@backend/common/types/express.types";
+import { webSocketServer } from "@backend/servers/websocket/websocket.server";
 import { getSyncByToken } from "@backend/sync/util/sync.queries";
 import { findCompassUserBy } from "@backend/user/queries/user.queries";
 import userService from "@backend/user/services/user.service";
@@ -91,7 +93,7 @@ export const handleExpressError = async (
     }
 
     if (isGoogleError(e)) {
-      await handleGoogleError(req, res, userId, e);
+      await handleGoogleError(req, res, userId, e as GaxiosError);
     } else {
       const errInfo = assembleErrorInfo(e);
       res.status(e.status || Status.INTERNAL_SERVER).send(errInfo);
@@ -104,20 +106,23 @@ export const handleExpressError = async (
 };
 
 const handleGoogleError = async (
-  req: Request | SessionRequest,
+  _req: Request | SessionRequest,
   res: SessionResponse,
   userId: string,
   e: GaxiosError,
 ) => {
   if (isInvalidGoogleToken(e)) {
-    await req.session?.revokeSession();
+    await userService.pruneGoogleData(userId);
+    webSocketServer.handleGoogleRevoked(userId);
 
-    // revoke specific sessions for this user
-    logger.debug(
-      `Invalid Google token for user: ${userId}\n\tsession revoked as result`,
+    logger.warn(
+      `Invalid Google token for user: ${userId}. Google data pruned and client notified.`,
     );
 
-    res.status(Status.UNAUTHORIZED).send();
+    res.status(Status.UNAUTHORIZED).send({
+      code: GOOGLE_REVOKED,
+      message: "Google access revoked. Your Google data has been removed.",
+    });
     return;
   }
 

packages/backend/src/common/errors/handlers/error.handler.test.ts

@@ -1,10 +1,16 @@
+import { GOOGLE_REVOKED } from "@core/constants/websocket.constants";
 import { BaseError } from "@core/errors/errors.base";
 import { Status } from "@core/errors/status.codes";
+import { invalidGrant400Error } from "@backend/__tests__/mocks.gcal/errors/error.google.invalidGrant";
+import { handleExpressError } from "@backend/common/errors/handlers/error.express.handler";
 import {
   error,
+  errorHandler,
   toClientErrorPayload,
 } from "@backend/common/errors/handlers/error.handler";
 import { UserError } from "@backend/common/errors/user/user.errors";
+import { webSocketServer } from "@backend/servers/websocket/websocket.server";
+import userService from "@backend/user/services/user.service";
 
 describe("error.handler", () => {
   describe("toClientErrorPayload", () => {
@@ -38,4 +44,38 @@ describe("error.handler", () => {
       expect(Object.keys(payload)).toEqual(["result", "message"]);
     });
   });
+
+  describe("handleExpressError", () => {
+    it("returns 401 with GOOGLE_REVOKED payload when Google token is invalid", async () => {
+      const userId = "507f1f77bcf86cd799439011";
+      jest.spyOn(userService, "pruneGoogleData").mockResolvedValue();
+      const handleGoogleRevokedSpy = jest.spyOn(
+        webSocketServer,
+        "handleGoogleRevoked",
+      );
+      handleGoogleRevokedSpy.mockImplementation(() => undefined);
+      jest.spyOn(errorHandler, "isOperational").mockReturnValue(true);
+
+      const send = jest.fn();
+      const res = {
+        header: jest.fn().mockReturnThis(),
+        status: jest.fn().mockReturnThis(),
+        send,
+      } as unknown as Parameters<typeof handleExpressError>[1];
+      const req = {
+        session: { getUserId: () => userId },
+      } as Parameters<typeof handleExpressError>[0];
+      (res as { req?: typeof req }).req = req;
+
+      await handleExpressError(req, res, invalidGrant400Error);
+
+      expect(res.status).toHaveBeenCalledWith(Status.UNAUTHORIZED);
+      expect(send).toHaveBeenCalledWith({
+        code: GOOGLE_REVOKED,
+        message: "Google access revoked. Your Google data has been removed.",
+      });
+      expect(handleGoogleRevokedSpy).toHaveBeenCalledWith(userId);
+      handleGoogleRevokedSpy.mockRestore();
+    });
+  });
 });

packages/backend/src/common/services/gcal/gcal.util.test.ts

@@ -1,8 +1,10 @@
+import { createGoogleError } from "../../../__tests__/mocks.gcal/errors/error.google.factory";
 import { invalidGrant400Error } from "../../../__tests__/mocks.gcal/errors/error.google.invalidGrant";
 import { invalidValueError } from "../../../__tests__/mocks.gcal/errors/error.google.invalidValue";
 import { invalidSyncTokenError } from "../../../__tests__/mocks.gcal/errors/error.invalidSyncToken";
 import {
   getEmailFromUrl,
+  getGoogleErrorStatus,
   isFullSyncRequired,
   isInvalidGoogleToken,
   isInvalidValue,
@@ -18,6 +20,19 @@ describe("Google Error Parsing", () => {
   it("recognizes expired refresh token", () => {
     expect(isInvalidGoogleToken(invalidGrant400Error)).toBe(true);
   });
+  it("returns response status when present", () => {
+    expect(
+      getGoogleErrorStatus(
+        createGoogleError({ code: "500", responseStatus: 401 }),
+      ),
+    ).toBe(401);
+  });
+  it("falls back to the parsed gaxios code", () => {
+    expect(getGoogleErrorStatus(createGoogleError({ code: "410" }))).toBe(410);
+  });
+  it("returns undefined for non-google errors", () => {
+    expect(getGoogleErrorStatus(new Error("nope"))).toBeUndefined();
+  });
 });
 
 describe("Gaxios response parsing", () => {

packages/backend/src/common/services/gcal/gcal.utils.ts

@@ -42,27 +42,40 @@ export const getEmailFromUrl = (url: string) => {
 };
 
 // occurs when token expired or revoked
-export const isInvalidGoogleToken = (e: GaxiosError | Error) => {
-  const is400 = "code" in e && e.code === "400";
-  const hasInvalidMsg = "message" in e && e.message === "invalid_grant";
-  const isInvalid = is400 && hasInvalidMsg;
+export const isInvalidGoogleToken = (e: unknown) => {
+  if (!isGoogleError(e)) return false;
 
-  return isGoogleError(e) && isInvalid;
+  const err = e as GaxiosError;
+  const is400 = err.code === "400" || err.response?.status === 400;
+  const hasInvalidMsg = err.message === "invalid_grant";
+  const hasInvalidData = err.response?.data?.error === "invalid_grant";
+
+  return is400 && (hasInvalidMsg || hasInvalidData);
 };
 
 export const isGoogleError = (e: unknown) => {
-  return e instanceof GaxiosError;
+  return e instanceof GaxiosError || (e as any)?.name === "GaxiosError";
 };
 
-export const isFullSyncRequired = (e: GaxiosError | Error) => {
-  if (isGoogleError(e) && e.code) {
-    const codeStr = typeof e.code === "string" ? e.code : String(e.code);
-    if (parseInt(codeStr) === 410) {
-      return true;
-    }
+export const getGoogleErrorStatus = (e: unknown) => {
+  if (!isGoogleError(e)) return undefined;
+
+  const err = e as GaxiosError;
+  const responseStatus = err.response?.status;
+
+  if (typeof responseStatus === "number") return responseStatus;
+  if (typeof err.code === "number") return err.code;
+
+  if (typeof err.code === "string") {
+    const code = Number.parseInt(err.code, 10);
+    if (!Number.isNaN(code)) return code;
   }
 
-  return false;
+  return undefined;
+};
+
+export const isFullSyncRequired = (e: unknown) => {
+  return getGoogleErrorStatus(e) === 410;
 };
 
 export const isInvalidValue = (e: GaxiosError) => {

packages/backend/src/servers/websocket/websocket.server.ts

@@ -6,6 +6,7 @@ import {
   EVENT_CHANGED,
   EVENT_CHANGE_PROCESSED,
   FETCH_USER_METADATA,
+  GOOGLE_REVOKED,
   IMPORT_GCAL_END,
   IMPORT_GCAL_START,
   RESULT_IGNORED,
@@ -236,6 +237,10 @@ class WebSocketServer {
   handleBackgroundSomedayChange(userId: string) {
     return this.notifyUser(userId, SOMEDAY_EVENT_CHANGED);
   }
+
+  handleGoogleRevoked(userId: string) {
+    return this.notifyUser(userId, GOOGLE_REVOKED);
+  }
 }
 
 export const webSocketServer = new WebSocketServer();

packages/backend/src/sync/controllers/sync.controller.test.ts

@@ -3,7 +3,10 @@ import { randomUUID } from "node:crypto";
 import { DefaultEventsMap } from "socket.io";
 import { Socket } from "socket.io-client";
 import { faker } from "@faker-js/faker";
-import { EVENT_CHANGED } from "@core/constants/websocket.constants";
+import {
+  EVENT_CHANGED,
+  GOOGLE_REVOKED,
+} from "@core/constants/websocket.constants";
 import { Status } from "@core/errors/status.codes";
 import { Resource_Sync, XGoogleResourceState } from "@core/types/sync.types";
 import { Schema_User } from "@core/types/user.types";
@@ -23,12 +26,16 @@ import {
   cleanupTestDb,
   setupTestDb,
 } from "@backend/__tests__/helpers/mock.db.setup";
+import { invalidGrant400Error } from "@backend/__tests__/mocks.gcal/errors/error.google.invalidGrant";
 import { WatchError } from "@backend/common/errors/sync/watch.errors";
 import gcalService from "@backend/common/services/gcal/gcal.service";
 import mongoService from "@backend/common/services/mongo.service";
+import { webSocketServer } from "@backend/servers/websocket/websocket.server";
+import syncService from "@backend/sync/services/sync.service";
 import * as syncQueries from "@backend/sync/util/sync.queries";
 import { updateSync } from "@backend/sync/util/sync.queries";
 import userMetadataService from "@backend/user/services/user-metadata.service";
+import userService from "@backend/user/services/user.service";
 
 describe("SyncController", () => {
   const baseDriver = new BaseDriver();
@@ -184,6 +191,54 @@ describe("SyncController", () => {
 
       expect(response.text).toEqual("IGNORED");
     });
+
+    it("should prune Google data, notify client via websocket, and return structured response when user revokes access", async () => {
+      const { user } = await UtilDriver.setupTestUser();
+      const userId = user._id.toString();
+
+      const watch = await mongoService.watch.findOne({
+        user: userId,
+        gCalendarId: { $ne: Resource_Sync.CALENDAR },
+      });
+
+      expect(watch).toBeDefined();
+      expect(watch).not.toBeNull();
+
+      const handleGcalNotificationSpy = jest
+        .spyOn(syncService, "handleGcalNotification")
+        .mockRejectedValue(invalidGrant400Error);
+
+      const pruneGoogleDataSpy = jest
+        .spyOn(userService, "pruneGoogleData")
+        .mockResolvedValue();
+
+      const handleGoogleRevokedSpy = jest.spyOn(
+        webSocketServer,
+        "handleGoogleRevoked",
+      );
+
+      const response = await syncDriver.handleGoogleNotification(
+        {
+          resource: Resource_Sync.EVENTS,
+          channelId: watch!._id,
+          resourceId: watch!.resourceId,
+          resourceState: XGoogleResourceState.EXISTS,
+          expiration: watch!.expiration,
+        },
+        Status.GONE,
+      );
+
+      expect(response.body).toEqual({
+        code: GOOGLE_REVOKED,
+        message: "User revoked access, pruned Google data",
+      });
+      expect(pruneGoogleDataSpy).toHaveBeenCalledWith(userId);
+      expect(handleGoogleRevokedSpy).toHaveBeenCalledWith(userId);
+
+      handleGcalNotificationSpy.mockRestore();
+      pruneGoogleDataSpy.mockRestore();
+      handleGoogleRevokedSpy.mockRestore();
+    });
   });
 
   describe("importGCal: ", () => {