@polyguard/sdk 1.4.0 → 1.4.2

package/dist/sdk.esm.js

@@ -10980,10 +10980,11 @@ function handleWebSocketMessage(event, ctx) {
     return;
   }
   if (data.jwt) {
-    const redirectUrl = data.redirect_url;
+    const redirectUrl = data.jwt.redirect_url;
     const { sidebarUrl, link_uuid } = ctx;
     if (sidebarUrl && redirectUrl) {
       const hasMsftSession = document.cookie.includes("pg_msft_session");
+      ctx.markClosed();
       cleanup();
       ws.close();
       if (hasMsftSession) {
@@ -11145,7 +11146,10 @@ var PolyguardWebsocketClientImpl = class {
           reconnectionDelayGrowFactor: 1.5
         };
         ws = new reconnecting_websocket_mjs_default(wsUrl, [], options);
-        const ctx = { ws, qrDiv, isTargetMode, modal, cleanup, returnError, clearError, resolve, rawJwt, sidebarUrl: this.sidebarUrl, link_uuid: this.link_uuid };
+        const markClosed = () => {
+          closed = true;
+        };
+        const ctx = { ws, qrDiv, isTargetMode, modal, cleanup, markClosed, returnError, clearError, resolve, rawJwt, sidebarUrl: this.sidebarUrl, link_uuid: this.link_uuid };
         ws.addEventListener("message", (event) => handleWebSocketMessage(event, ctx));
         ws.addEventListener("error", () => {
           console.error("WebSocket error");

package/dist/sdk.js

@@ -11013,10 +11013,11 @@ var Polyguard = (() => {
       return;
     }
     if (data.jwt) {
-      const redirectUrl = data.redirect_url;
+      const redirectUrl = data.jwt.redirect_url;
       const { sidebarUrl, link_uuid } = ctx;
       if (sidebarUrl && redirectUrl) {
         const hasMsftSession = document.cookie.includes("pg_msft_session");
+        ctx.markClosed();
         cleanup();
         ws.close();
         if (hasMsftSession) {
@@ -11178,7 +11179,10 @@ var Polyguard = (() => {
             reconnectionDelayGrowFactor: 1.5
           };
           ws = new reconnecting_websocket_mjs_default(wsUrl, [], options);
-          const ctx = { ws, qrDiv, isTargetMode, modal, cleanup, returnError, clearError, resolve, rawJwt, sidebarUrl: this.sidebarUrl, link_uuid: this.link_uuid };
+          const markClosed = () => {
+            closed = true;
+          };
+          const ctx = { ws, qrDiv, isTargetMode, modal, cleanup, markClosed, returnError, clearError, resolve, rawJwt, sidebarUrl: this.sidebarUrl, link_uuid: this.link_uuid };
           ws.addEventListener("message", (event) => handleWebSocketMessage(event, ctx));
           ws.addEventListener("error", () => {
             console.error("WebSocket error");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@polyguard/sdk",
-  "version": "1.4.0",
+  "version": "1.4.2",
   "type": "module",
   "main": "dist/sdk.esm.js",
   "module": "dist/sdk.esm.js",

package/src/PolyguardWebsocketClientImpl.js

@@ -136,7 +136,8 @@ export class PolyguardWebsocketClientImpl {
         };
         ws = new ReconnectingWebSocket(wsUrl, [], options);
 
-        const ctx = { ws, qrDiv, isTargetMode, modal, cleanup, returnError, clearError, resolve, rawJwt, sidebarUrl: this.sidebarUrl, link_uuid: this.link_uuid };
+        const markClosed = () => { closed = true; };
+        const ctx = { ws, qrDiv, isTargetMode, modal, cleanup, markClosed, returnError, clearError, resolve, rawJwt, sidebarUrl: this.sidebarUrl, link_uuid: this.link_uuid };
         ws.addEventListener('message', (event) => handleWebSocketMessage(event, ctx));
 
         ws.addEventListener('error', () => {

package/src/__tests__/sidebar.test.js

@@ -159,9 +159,9 @@ describe('sidebarUrl feature', () => {
         link_uuid: 'link-abc',
       });
       document.body.innerHTML = '<div id="test-target"></div>';
-      const fakeJwt = buildFakeJwt({ redirect_url: 'https://teams.microsoft.com/meet/123' });
+      const jwtClaims = { redirect_url: 'https://teams.microsoft.com/meet/123' };
       const { promise, ws } = await startVerifyAndGetWs(client, 'test-target');
-      ws.simulateMessage({ jwt: fakeJwt, redirect_url: 'https://teams.microsoft.com/meet/123' });
+      ws.simulateMessage({ jwt: jwtClaims });
       await promise;
       expect(window.location.assign).toHaveBeenCalledWith('https://teams.microsoft.com/meet/123');
     });
@@ -174,9 +174,9 @@ describe('sidebarUrl feature', () => {
         link_uuid: 'link-abc',
       });
       document.body.innerHTML = '<div id="test-target"></div>';
-      const fakeJwt = buildFakeJwt({ redirect_url: 'https://teams.microsoft.com/meet/123' });
+      const jwtClaims = { redirect_url: 'https://teams.microsoft.com/meet/123' };
       const { promise, ws } = await startVerifyAndGetWs(client, 'test-target');
-      ws.simulateMessage({ jwt: fakeJwt, redirect_url: 'https://teams.microsoft.com/meet/123' });
+      ws.simulateMessage({ jwt: jwtClaims });
       await promise;
       expect(document.querySelector('#polyguard-join-meeting')).toBeNull();
     });
@@ -191,9 +191,9 @@ describe('sidebarUrl feature', () => {
         link_uuid: 'link-abc',
       });
       document.body.innerHTML = '<div id="test-target"></div>';
-      const fakeJwt = buildFakeJwt({ redirect_url: 'https://teams.microsoft.com/meet/123' });
+      const jwtClaims = { redirect_url: 'https://teams.microsoft.com/meet/123' };
       const { promise, ws } = await startVerifyAndGetWs(client, 'test-target');
-      ws.simulateMessage({ jwt: fakeJwt, redirect_url: 'https://teams.microsoft.com/meet/123' });
+      ws.simulateMessage({ jwt: jwtClaims });
       // Should not have redirected yet
       expect(window.location.assign).not.toHaveBeenCalled();
       // Should show join button
@@ -214,9 +214,9 @@ describe('sidebarUrl feature', () => {
         link_uuid: 'link-abc',
       });
       document.body.innerHTML = '<div id="test-target"></div>';
-      const fakeJwt = buildFakeJwt({ redirect_url: 'https://teams.microsoft.com/meet/123' });
+      const jwtClaims = { redirect_url: 'https://teams.microsoft.com/meet/123' };
       const { promise, ws } = await startVerifyAndGetWs(client, 'test-target');
-      ws.simulateMessage({ jwt: fakeJwt, redirect_url: 'https://teams.microsoft.com/meet/123' });
+      ws.simulateMessage({ jwt: jwtClaims });
       const btn = document.querySelector('#polyguard-join-meeting');
       btn.click();
       await promise;
@@ -236,13 +236,37 @@ describe('sidebarUrl feature', () => {
         link_uuid: 'link-abc',
       });
       document.body.innerHTML = '<div id="test-target"></div>';
-      const fakeJwt = buildFakeJwt({ redirect_url: 'https://teams.microsoft.com/meet/123' });
+      const jwtClaims = { redirect_url: 'https://teams.microsoft.com/meet/123' };
       const { promise, ws } = await startVerifyAndGetWs(client, 'test-target');
-      ws.simulateMessage({ jwt: fakeJwt, redirect_url: 'https://teams.microsoft.com/meet/123' });
+      ws.simulateMessage({ jwt: jwtClaims });
       document.querySelector('#polyguard-join-meeting').click();
       await promise;
       expect(window.location.assign).toHaveBeenCalledWith('https://teams.microsoft.com/meet/123');
     });
+
+    it('button survives a late WebSocket close event (race regression)', async () => {
+      // Real browsers dispatch the 'close' event asynchronously after ws.close(),
+      // so it lands after the synchronous button append. If the close listener's
+      // cleanup() runs in that window, it wipes the qrDiv — and the button with it.
+      // markClosed() in the message handler must defuse the close listener.
+      clearCookies();
+      vi.stubGlobal('open', vi.fn().mockReturnValue({}));
+      const client = new PolyguardWebsocketClientImpl({
+        ...DEFAULT_PARAMS,
+        sidebarUrl: 'https://teams.polyguard.ai/ms-teams/sidebar-standalone',
+        link_uuid: 'link-abc',
+      });
+      document.body.innerHTML = '<div id="test-target"></div>';
+      const jwtClaims = { redirect_url: 'https://teams.microsoft.com/meet/123' };
+      const { promise, ws } = await startVerifyAndGetWs(client, 'test-target');
+      ws.simulateMessage({ jwt: jwtClaims });
+      expect(document.querySelector('#polyguard-join-meeting')).not.toBeNull();
+      // Mimic a real browser dispatching close on the next tick (after the message handler returned).
+      ws.simulateClose();
+      expect(document.querySelector('#polyguard-join-meeting')).not.toBeNull();
+      document.querySelector('#polyguard-join-meeting').click();
+      await promise;
+    });
   });
 
   describe('with sidebarUrl but no redirect_url in JWT (non-meeting links)', () => {
@@ -253,12 +277,12 @@ describe('sidebarUrl feature', () => {
         sidebarUrl: 'https://teams.polyguard.ai/ms-teams/sidebar-standalone',
         link_uuid: 'link-abc',
       });
-      const fakeJwt = buildFakeJwt({ confirmation_code: 'ABC123' });
+      const jwtClaims = { confirmation_code: 'ABC123' };
       const { promise, ws } = await startVerifyAndGetWs(client);
-      // No redirect_url in the message data
-      ws.simulateMessage({ jwt: fakeJwt });
+      // No redirect_url in the JWT claims
+      ws.simulateMessage({ jwt: jwtClaims });
       const result = await promise;
-      expect(result).toBe(fakeJwt);
+      expect(result).toEqual(jwtClaims);
       expect(window.location.assign).not.toHaveBeenCalled();
     });
   });

package/src/messageHandler.js

@@ -54,13 +54,18 @@ export function handleWebSocketMessage(event, ctx) {
   }
 
   if (data.jwt) {
-    const redirectUrl = data.redirect_url;
+    const redirectUrl = data.jwt.redirect_url;
     const { sidebarUrl, link_uuid } = ctx;
 
     // When sidebarUrl is configured and the server provides a redirect_url,
     // the SDK handles the redirect (and optionally opens a sidebar popup).
     if (sidebarUrl && redirectUrl) {
       const hasMsftSession = document.cookie.includes('pg_msft_session');
+      // Mark the socket as intentionally closed BEFORE ws.close() so the
+      // 'close' event listener in verify() skips its own cleanup(). Otherwise
+      // the async close handler races with the synchronous button append below
+      // and wipes the qrDiv after we've put the button in it.
+      ctx.markClosed();
       cleanup();
       ws.close();