Merge pull request Expensify#64280 from callstack-internal/pac-guerreiro/fix/missing-credentials-during-reauthentication

rlinoz · web-flow · commit 555d22749dcd · 2025-06-23T16:50:02.000-07:00
fix: missing credentials during re-authentication
diff --git a/src/libs/Authentication.ts b/src/libs/Authentication.ts
@@ -9,7 +9,7 @@ import redirectToSignIn from './actions/SignInRedirect';
 import {getAuthenticateErrorMessage} from './ErrorUtils';
 import Log from './Log';
 import {post} from './Network';
-import {getCredentials, setAuthToken, setIsAuthenticating} from './Network/NetworkStore';
+import {getCredentials, hasReadRequiredDataFromStorage, setAuthToken, setIsAuthenticating} from './Network/NetworkStore';
 import requireParameters from './requireParameters';
 
 type Parameters = {
@@ -31,7 +31,7 @@ Onyx.connect({
     },
 });
 
-function Authenticate(parameters: Parameters): Promise<Response> | undefined {
+function Authenticate(parameters: Parameters): Promise<Response | void> {
     const commandName = 'Authenticate';
 
     try {
@@ -42,7 +42,7 @@ function Authenticate(parameters: Parameters): Promise<Response> | undefined {
             error: errorMessage,
         });
         redirectToSignIn(errorMessage);
-        return;
+        return Promise.resolve();
     }
 
     return post(commandName, {
@@ -69,60 +69,93 @@ function Authenticate(parameters: Parameters): Promise<Response> | undefined {
 /**
  * Reauthenticate using the stored credentials and redirect to the sign in page if unable to do so.
  * @param [command] command name for logging purposes
+ * @return returns true if reauthentication was successful, false otherwise.
  */
-function reauthenticate(command = ''): Promise<void> | undefined {
+function reauthenticate(command = ''): Promise<boolean> {
+    Log.hmmm('Reauthenticate - Attempting re-authentication', {
+        command,
+    });
+
     // Prevent re-authentication if authentication with shortLiveToken is in progress
     if (isAuthenticatingWithShortLivedToken) {
-        return;
+        Log.hmmm('Reauthenticate - Authentication with shortLivedToken is in progress. Re-authentication aborted.', {
+            command,
+        });
+        return Promise.resolve(false);
     }
 
     // Prevent any more requests from being processed while authentication happens
     setIsAuthenticating(true);
 
-    const credentials = getCredentials();
-    return Authenticate({
-        useExpensifyLogin: false,
-        partnerName: CONFIG.EXPENSIFY.PARTNER_NAME,
-        partnerPassword: CONFIG.EXPENSIFY.PARTNER_PASSWORD,
-        partnerUserID: credentials?.autoGeneratedLogin,
-        partnerUserSecret: credentials?.autoGeneratedPassword,
-    })?.then((response) => {
-        if (response.jsonCode === CONST.JSON_CODE.UNABLE_TO_RETRY) {
-            // When a fetch() fails due to a network issue and an error is thrown we won't log the user out. Most likely they
-            // have a spotty connection and will need to retry reauthenticate when they come back online. Error so it can be handled by the retry mechanism.
-            throw new Error('Unable to retry Authenticate request');
-        }
-
-        // If authentication fails and we are online then log the user out
-        if (response.jsonCode !== 200) {
-            const errorMessage = getAuthenticateErrorMessage(response);
+    Log.hmmm('Reauthenticate - Waiting for credentials', {
+        command,
+    });
+
+    return hasReadRequiredDataFromStorage().then(() => {
+        const credentials = getCredentials();
+
+        Log.hmmm('Reauthenticate - Starting authentication process', {
+            command,
+        });
+
+        return Authenticate({
+            useExpensifyLogin: false,
+            partnerName: CONFIG.EXPENSIFY.PARTNER_NAME,
+            partnerPassword: CONFIG.EXPENSIFY.PARTNER_PASSWORD,
+            partnerUserID: credentials?.autoGeneratedLogin,
+            partnerUserSecret: credentials?.autoGeneratedPassword,
+        }).then((response) => {
+            if (!response) {
+                return false;
+            }
+
+            Log.hmmm('Reauthenticate - Processing authentication result', {
+                command,
+            });
+
+            if (response.jsonCode === CONST.JSON_CODE.UNABLE_TO_RETRY) {
+                // When a fetch() fails due to a network issue and an error is thrown we won't log the user out. Most likely they
+                // have a spotty connection and will need to retry reauthenticate when they come back online. Error so it can be handled by the retry mechanism.
+                throw new Error('Unable to retry Authenticate request');
+            }
+
+            // If authentication fails and we are online then log the user out
+            if (response.jsonCode !== 200) {
+                const errorMessage = getAuthenticateErrorMessage(response);
+                setIsAuthenticating(false);
+                Log.hmmm('Redirecting to Sign In because we failed to reauthenticate', {
+                    command,
+                    error: errorMessage,
+                });
+                redirectToSignIn(errorMessage);
+                return false;
+            }
+
+            // If we reauthenticate due to an expired delegate token, restore the delegate's original account.
+            // This is because the credentials used to reauthenticate were for the delegate's original account, and not for the account they were connected as.
+            if (isConnectedAsDelegate()) {
+                Log.info('Reauthenticate while connected as a delegate. Restoring original account.');
+                restoreDelegateSession(response);
+                return true;
+            }
+
+            // Update authToken in Onyx and in our local variables so that API requests will use the new authToken
+            updateSessionAuthTokens(response.authToken, response.encryptedAuthToken);
+
+            // Note: It is important to manually set the authToken that is in the store here since any requests that are hooked into
+            // reauthenticate .then() will immediate post and use the local authToken. Onyx updates subscribers lately so it is not
+            // enough to do the updateSessionAuthTokens() call above.
+            setAuthToken(response.authToken ?? null);
+
+            // The authentication process is finished so the network can be unpaused to continue processing requests
             setIsAuthenticating(false);
-            Log.hmmm('Redirecting to Sign In because we failed to reauthenticate', {
+
+            Log.hmmm('Reauthenticate - Re-authentication successful', {
                 command,
-                error: errorMessage,
             });
-            redirectToSignIn(errorMessage);
-            return;
-        }
-
-        // If we reauthenticate due to an expired delegate token, restore the delegate's original account.
-        // This is because the credentials used to reauthenticate were for the delegate's original account, and not for the account they were connected as.
-        if (isConnectedAsDelegate()) {
-            Log.info('Reauthenticate while connected as a delegate. Restoring original account.');
-            restoreDelegateSession(response);
-            return;
-        }
-
-        // Update authToken in Onyx and in our local variables so that API requests will use the new authToken
-        updateSessionAuthTokens(response.authToken, response.encryptedAuthToken);
-
-        // Note: It is important to manually set the authToken that is in the store here since any requests that are hooked into
-        // reauthenticate .then() will immediate post and use the local authToken. Onyx updates subscribers lately so it is not
-        // enough to do the updateSessionAuthTokens() call above.
-        setAuthToken(response.authToken ?? null);
-
-        // The authentication process is finished so the network can be unpaused to continue processing requests
-        setIsAuthenticating(false);
+
+            return true;
+        });
     });
 }
 
diff --git a/src/libs/E2E/actions/e2eLogin.ts b/src/libs/E2E/actions/e2eLogin.ts
@@ -52,7 +52,10 @@ export default function (): Promise<boolean> {
                     // authenticate with a predefined user
                     console.debug('[E2E] Signing in…');
                     Authenticate(e2eUserCredentials)
-                        ?.then((response) => {
+                        .then((response) => {
+                            if (!response) {
+                                return;
+                            }
                             Onyx.merge(ONYXKEYS.SESSION, {
                                 authToken: response.authToken,
                                 creationDate: new Date().getTime(),
diff --git a/src/libs/Middleware/Reauthentication.ts b/src/libs/Middleware/Reauthentication.ts
@@ -11,39 +11,33 @@ import CONST from '@src/CONST';
 import type Middleware from './types';
 
 // We store a reference to the active authentication request so that we are only ever making one request to authenticate at a time.
-let isAuthenticating: Promise<void> | null = null;
+let isAuthenticating: Promise<boolean> | null = null;
 
 const reauthThrottle = new RequestThrottle('Re-authentication');
 
-function reauthenticate(commandName?: string): Promise<void> | null {
+function reauthenticate(commandName?: string): Promise<boolean> {
     if (isAuthenticating) {
         return isAuthenticating;
     }
 
-    isAuthenticating =
-        retryReauthenticate(commandName)
-            ?.then((response) => {
-                return response;
-            })
-            .catch((error) => {
-                throw error;
-            })
-            .finally(() => {
-                isAuthenticating = null;
-            }) ?? null;
+    isAuthenticating = retryReauthenticate(commandName).finally(() => {
+        // Reset the isAuthenticating state to allow new reauthentication flows to start fresh
+        isAuthenticating = null;
+    });
 
     return isAuthenticating;
 }
 
-function retryReauthenticate(commandName?: string): Promise<void> | undefined {
-    return reauthenticateLibs(commandName)?.catch((error: RequestError) => {
+function retryReauthenticate(commandName?: string): Promise<boolean> {
+    return reauthenticateLibs(commandName).catch((error: RequestError) => {
         return reauthThrottle
             .sleep(error, 'Authenticate')
             .then(() => retryReauthenticate(commandName))
             .catch(() => {
                 setIsAuthenticating(false);
                 Log.hmmm('Redirecting to Sign In because we failed to reauthenticate after multiple attempts', {error});
                 redirectToSignIn('passwordForm.error.fallback');
+                return false;
             });
     });
 }
@@ -100,7 +94,11 @@ const Reauthentication: Middleware = (response, request, isFromSequentialQueue)
                 }
 
                 return reauthenticate(request?.commandName)
-                    ?.then((authenticateResponse) => {
+                    .then((wasSuccessful) => {
+                        if (!wasSuccessful) {
+                            return;
+                        }
+
                         if (isFromSequentialQueue || apiRequestType === CONST.API_REQUEST_TYPE.MAKE_REQUEST_WITH_SIDE_EFFECTS) {
                             return processWithMiddleware(request, isFromSequentialQueue);
                         }
@@ -111,7 +109,6 @@ const Reauthentication: Middleware = (response, request, isFromSequentialQueue)
                         }
 
                         replayMainQueue(request);
-                        return authenticateResponse;
                     })
                     .catch(() => {
                         if (isFromSequentialQueue || apiRequestType) {
diff --git a/src/libs/actions/Session/AttachmentImageReauthenticator.ts b/src/libs/actions/Session/AttachmentImageReauthenticator.ts
@@ -64,7 +64,7 @@ function tryReauthenticate() {
     if (isOffline || !active) {
         return;
     }
-    reauthenticate()?.catch((error) => {
+    reauthenticate().catch((error) => {
         Log.hmmm('Could not reauthenticate attachment image or receipt', {error});
     });
 }
diff --git a/src/libs/actions/Session/index.ts b/src/libs/actions/Session/index.ts
@@ -919,7 +919,12 @@ const reauthenticatePusher = throttle(
     () => {
         Log.info('[Pusher] Re-authenticating and then reconnecting');
         Authentication.reauthenticate(SIDE_EFFECT_REQUEST_COMMANDS.AUTHENTICATE_PUSHER)
-            ?.then(Pusher.reconnect)
+            .then((wasSuccessful) => {
+                if (!wasSuccessful) {
+                    return;
+                }
+                Pusher.reconnect();
+            })
             .catch(() => {
                 console.debug('[PusherConnectionManager]', 'Unable to re-authenticate Pusher because we are offline.');
             });

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ function tryReauthenticate() {`
`64`	`64`	`if (isOffline \|\| !active) {`
`65`	`65`	`return;`
`66`	`66`	`}`
`67`		`- reauthenticate()?.catch((error) => {`
	`67`	`+ reauthenticate().catch((error) => {`
`68`	`68`	`Log.hmmm('Could not reauthenticate attachment image or receipt', {error});`
`69`	`69`	`});`
`70`	`70`	`}`