[Session] Fix stale emailAuthFactor and emailConfirmed on the client #3835
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Extracted from #3728. The fix is b0aa70d.
The intent of this code was to use the value from the session and fallback to the stored value if the session isn't present. However, if
session.emailAuthFactor
(newer) isfalse
butaccount.emailAuthFactor
(older) istrue
, thesession?.emailAuthFactor || account.emailAuthFactor
expression will keep giving ustrue
even thoughfalse
is the fresh value here. So we'll store and display the incorrect storedtrue
value.The fix is to use
??
instead. I've updated a few other places we use||
for fallback values for consistency in the second commit, but that shouldn't affect the behavior.Test Plan
To trigger this, you'd need to get a "session changed" event from the agent with the new session info. One way you can get there is by having your token expired. I don't know how to make that happen though.
A simpler way to trigger it is to comment out these lines so that
resumeSessionWithFreshAccount()
itself starts, but then we're rely on the logic inonAgentSessionChange
to actually apply the update.Then the test plan becomes:
main
and comment out the lines mentioned aboveFrom that point on, toggling it off and on in another browser window is correctly applied on session refresh.