Fix local sign-in losing its user account (empty read-only workspace)#1739
Fix local sign-in losing its user account (empty read-only workspace)#1739iyernaveenr wants to merge 2 commits into
Conversation
The local auto-login response carried no user id, so the client stored none and every server-owned Space was filtered out client-side, leaving an empty read-only workspace. Return the user id from auto-login, recover it from the access token when a login response omits it, and repair already-persisted sessions at rehydrate so existing installs recover without signing in again. Signed-off-by: Naveen R. Iyer <iyernaveenr@gmail.com>
|
@iyernaveenr Thanks for working on this. There is a blocking issue with the persisted-session repair. The recovery logic is inside the Zustand Please bump the auth persistence version (for example, to @4pmtong, please leave any additional comments or suggestions on this issue. |
Bump the auth persistence version so migrate re-runs for sessions at the current version and recovers the id from the token. Signed-off-by: Naveen R. Iyer <iyernaveenr@gmail.com>
|
Thanks for the careful review and for pinpointing the version-gating -- that analysis is exactly right.
Fixed by bumping the persistence version so
A test driving this through the store is blocked by a circular dependency between the auth store and the i18n module (the current suite mocks the store for the same reason). I can add the regression test if the token-to-id recovery is first extracted into a standalone module so it can be exercised directly -- happy to do that if preferred. |
|
Looks good to me. Thanks for your contribution. I verified the version-10 persisted-session migration: it upgrades to version 11, restores the user ID from the token, and the expected Spaces, Projects, composer, and model controls remain available. @4pmtong Please provide the second review, particularly for the backend changes to the local auto-login response and LoginResponse model. |
Problem
In fully local (self-hosted) mode, the app can end up showing only an empty, read-only "Legacy Space": no Projects in the sidebar, composer disabled with "Legacy Spaces are read-only", and no way to pick a model -- even though all of the user's Spaces, Projects, and chat history are intact on the server.
Root cause
The local auto-login endpoint (
POST /api/v1/user/auto-login) returns onlytokenandemail-- no user id. The client'ssetAuththerefore storesuser_id: null. Space hydration filters server Spaces by ownership, comparing each Space'suser_idagainst the canonicalized local id; with no id, the canonical value is thelocalsentinel, which matches nothing, so every server-owned Space is silently discarded and only the locally fabricated legacy Space remains. The access token itself carries the user id in its payload the whole time; the client just never read it.Fix
user_idin the auto-login response (LoginResponsegains an optionaluser_id).setAuth(defensive for all login paths).Testing
user_id: null, valid token): Space list showed only "Legacy Space" while an authenticated/api/v1/spacesrequest returned all Spaces. After the fix, reloading the app recovers the id from the token and the user's Spaces and Projects reappear.POST /api/v1/user/auto-loginnow returnsuser_id(verified against a running local server).tscpasses; the changed server files compile; store test suites pass. Token-decoding helper handles malformed/absent tokens by returning null (no behavior change for the hosted login path, which already supplies an id).