@iblai/web-utils 1.11.11 → 1.11.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -9200,22 +9200,22 @@ async function syncAuthToCookies(storageService) {
9200
9200
  function hasNonExpiredAuthToken() {
9201
9201
  const token = window.localStorage.getItem(LOCAL_STORAGE_KEYS.AUTH_TOKEN);
9202
9202
  if (!token) {
9203
- console.log('################### [hasNonExpiredAuthToken] axd token is not defined', token);
9203
+ console.log("################### [hasNonExpiredAuthToken] axd token is not defined", token);
9204
9204
  return false;
9205
9205
  }
9206
9206
  const tokenExpiry = window.localStorage.getItem(LOCAL_STORAGE_KEYS.TOKEN_EXPIRY);
9207
9207
  if (!tokenExpiry) {
9208
- console.log('################### [hasNonExpiredAuthToken] axd token expiry is not defined', tokenExpiry);
9208
+ console.log("################### [hasNonExpiredAuthToken] axd token expiry is not defined", tokenExpiry);
9209
9209
  return true;
9210
9210
  }
9211
9211
  const expiryDate = new Date(tokenExpiry);
9212
9212
  if (isNaN(expiryDate.getTime())) {
9213
- console.log('################### [hasNonExpiredAuthToken] axd token expiry date', expiryDate);
9213
+ console.log("################### [hasNonExpiredAuthToken] axd token expiry date", expiryDate);
9214
9214
  return false;
9215
9215
  }
9216
9216
  const currentDate = new Date();
9217
9217
  if (expiryDate <= currentDate) {
9218
- console.log('################### [hasNonExpiredAuthToken] axd token expiry date is less than current date ', expiryDate, currentDate);
9218
+ console.log("################### [hasNonExpiredAuthToken] axd token expiry date is less than current date ", expiryDate, currentDate);
9219
9219
  return false;
9220
9220
  }
9221
9221
  return true;
@@ -9478,6 +9478,20 @@ function useAuthProvider({ middleware = new Map(), onAuthSuccess, onAuthFailure,
9478
9478
  console.log("[AuthProvider] Redirect already in progress, skipping");
9479
9479
  return;
9480
9480
  }
9481
+ // Defer every auth redirect while a tenant switch is in flight.
9482
+ // handleTenantSwitch() clears the SHARED (cross-tab) localStorage mid-switch,
9483
+ // so every open window transiently sees missing tokens. Without this guard a
9484
+ // bystander window force-logs-out on the absent DM token, which clears
9485
+ // storage + sets a logout-timestamp cookie that wipes the tokens the
9486
+ // switching tab just wrote and cascades the logout across tabs. The TTL lock
9487
+ // (writeTenantSwitchLock) survives the /login/complete -> /sso-login-complete
9488
+ // redirect and is kept fresh across tabs via useTenantSwitchSync, so it
9489
+ // brackets the switch window. The cross-SPA cookie-sync poll keeps running
9490
+ // and recovers once the new tenant's tokens land.
9491
+ if (isTenantSwitchInProgress()) {
9492
+ console.log("[AuthProvider] Tenant switch in progress, deferring auth redirect");
9493
+ return;
9494
+ }
9481
9495
  isRedirectingRef.current = true;
9482
9496
  redirectStartedAtRef.current = Date.now();
9483
9497
  // NOTE: we intentionally do NOT clear the interval here.
@@ -9663,6 +9677,17 @@ function useAuthProvider({ middleware = new Map(), onAuthSuccess, onAuthFailure,
9663
9677
  var _a;
9664
9678
  try {
9665
9679
  setIsAuthenticating(true);
9680
+ // During an in-flight tenant switch the shared, cross-tab localStorage is
9681
+ // transiently cleared (see handleTenantSwitch), so the auth/DM tokens are
9682
+ // legitimately absent. Bail out BEFORE onAuthFailure — some apps hard
9683
+ // navigate to /error/403 from that callback (e.g. skills does
9684
+ // `window.location.href = '/error/403'`), which would fire even though
9685
+ // safeRedirectToAuthSpa itself is guarded. The cookie-sync poll re-checks
9686
+ // once the new tenant's tokens land.
9687
+ if (isTenantSwitchInProgress()) {
9688
+ console.log("[AuthProvider] Tenant switch in progress, skipping auth check");
9689
+ return;
9690
+ }
9666
9691
  const authToken = await (storageService === null || storageService === void 0 ? void 0 : storageService.getItem(LOCAL_STORAGE_KEYS.AUTH_TOKEN));
9667
9692
  if (authToken && !hasNonExpiredAuthToken()) {
9668
9693
  const reason = "Auth token expired";