fix(sdk): retry login through Meteor instead of clearing creds on auth-error

ggazzo · claude · ggazzo · commit 261c2669f29d · 2026-04-30T18:44:08.000-03:00
The 500ms-deferred cleanup wasn't enough to handle e2ee-passphrase-management:
the test's loginByUserState fires _pollStoredLoginToken with the same token
already in localStorage, so Meteor's poller bails (cached token == current).
By the time the wrap's setTimeout fires, the test has already injected the
SAME token (mongo $addToSet re-added it server-side after unsetLoginTokens),
but the wrap was clearing creds anyway, leaving the page stuck on /login
with no follow-up login firing.

Replace the unconditional clear with a Meteor.loginWithToken retry against
whatever's in localStorage right now. If the token was rotated (or re-added
to mongo concurrently), the retry succeeds; if it's truly stale (real
force-logout, no concurrent recovery), Meteor's callback invokes
forceClientLoggedOut to drive the user to /login as before.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/apps/meteor/client/lib/sdk/ddpSdk.ts b/apps/meteor/client/lib/sdk/ddpSdk.ts
@@ -135,6 +135,21 @@ export const ensureConnectedAndAuthenticated = async (): Promise<void> => {
 	}
 };
 
+const forceClientLoggedOut = (sdk: DDPSDK): void => {
+	try {
+		Accounts._unstoreLoginToken();
+	} catch {
+		// ignore
+	}
+	try {
+		(Meteor.connection as unknown as { setUserId: (uid: string | null) => void }).setUserId(null);
+	} catch {
+		// ignore
+	}
+	sdk.account.uid = undefined;
+	sdk.account.user = undefined;
+};
+
 const isAuthError = (error: unknown): boolean => {
 	if (!error || typeof error !== 'object') return false;
 	const e = error as { error?: unknown; reason?: unknown };
@@ -229,31 +244,43 @@ if (typeof window !== 'undefined') {
 			return await originalLogin(token);
 		} catch (error) {
 			if (!isAuthError(error)) throw error;
-			// Defer the cleanup so a concurrent fresh login (e.g. SAML's
-			// post-redirect resume, e2ee-passphrase-management's
-			// loginByUserState/_pollStoredLoginToken, password login from
-			// the form) has a chance to rotate the stored token and SDK
-			// account state. After the delay, only clear creds if the
-			// state is still stuck on the same token+uid we tried with —
-			// meaning no concurrent flow rescued it. For real
-			// force-logout (no concurrent login), nothing else will
-			// touch localStorage and we end up clearing on schedule.
+			// Defer the recovery so a concurrent fresh login (e.g. SAML's
+			// post-redirect resume, password login from the form) has a chance
+			// to rotate the stored token and SDK account state. After the
+			// delay, if state is still stuck on the same token+uid we tried
+			// with, retry the login through Meteor with whatever's currently
+			// in localStorage. Two outcomes:
+			//   - if localStorage was rotated by a concurrent flow (or a test's
+			//     loginByUserState re-added the same token to mongo via
+			//     $addToSet AFTER the server's unsetLoginTokens), the retry
+			//     hits Meteor's normal success path and setUserId fires;
+			//   - if the token is still genuinely stale (real force-logout, no
+			//     concurrent recovery), Meteor's login callback receives the
+			//     auth error and we call makeClientLoggedOut to drive the user
+			//     to /login.
+			// This avoids the race where _pollStoredLoginToken short-circuits
+			// because the stored token didn't visibly change, but the
+			// underlying mongo token was wiped+re-added.
 			setTimeout(() => {
 				const stillSameStored = readStoredLoginToken() === token;
 				const accountStillReflectsThisToken = sdk.account.uid === triedWithUid;
 				if (!stillSameStored || !accountStillReflectsThisToken) return;
-				try {
-					Accounts._unstoreLoginToken();
-				} catch {
-					// ignore
+				const currentToken = readStoredLoginToken();
+				if (!currentToken) {
+					forceClientLoggedOut(sdk);
+					return;
 				}
 				try {
-					(Meteor.connection as unknown as { setUserId: (uid: string | null) => void }).setUserId(null);
-				} catch {
-					// ignore
+					(Meteor as unknown as { loginWithToken: (token: string, cb: (err: unknown) => void) => void }).loginWithToken(
+						currentToken,
+						(err) => {
+							if (err) forceClientLoggedOut(sdk);
+						},
+					);
+				} catch (e) {
+					console.warn('[ddpSdk] retry Meteor.loginWithToken failed', e);
+					forceClientLoggedOut(sdk);
 				}
-				sdk.account.uid = undefined;
-				sdk.account.user = undefined;
 			}, 500);
 			throw error;
 		}
