fix(hub-client): abandon document open on auth failure#269
Merged
Conversation
resolveActorId returned undefined on a 401/403, but every open call site guards on === null, so a mid-session expiry opened the document with a random Automerge actor ID instead of abandoning. Extract resolveActorId into authService with an explicit three-valued contract (string / undefined / null) and return null on auth failure so the guard fires. Regression from 465de01 (bd-3o8zmz46).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a sign-in session expired mid-use, opening any document silently succeeded with the wrong collaboration identity. The document-open paths call
resolveActorIdand bail out only when it returnsnull.But on a 401/403,
resolveActorIdreturnedundefined— notnull— so the guard never fired. This is only when the code had already started a token refresh and meant to abandon the attempt.The fix moves
resolveActorIdintoauthServicewith an explicit three-valued contract:string→ actor ID resolved; open with itundefined→ auth disabled; open with no actor IDnull→ auth failure; abandon the openReturning
nullon a 401/403 makes the existing=== nullguard fire, so the open is cleanly abandoned while the silent refresh runs.Regression from 465de01 (bd-3o8zmz46); covered by new unit tests for the contract.