Skip to content

fix: refresh stale token before photo upload; guard panel define#636

Merged
tempus2016 merged 2 commits into
mainfrom
fix/photo-upload-401-and-panel-define
Jun 26, 2026
Merged

fix: refresh stale token before photo upload; guard panel define#636
tempus2016 merged 2 commits into
mainfrom
fix/photo-upload-401-and-panel-define

Conversation

@tempus2016

Copy link
Copy Markdown
Owner

Problem

Photo-evidence upload from the child card fails on long-lived sessions with a generic "Upload failed. Check your connection and try again." The real cause (confirmed in http.ban logs) is a 401: the request to POST /api/taskmate/photo carries an expired auth token.

_confirmPhoto is the only place that sends the token by hand (this.hass.auth.data.access_token, raw fetch); everything else uses callWS, which auto-refreshes. The cached access token is short-lived (~30 min) and never refreshed here, so once a session ages the upload 401s — and the card collapses every failure into the same "check your connection" message, masking the cause.

Server side verified healthy: POSTing a real JPEG with a valid token returns HTTP 200 and stores the file.

A second, separate error from the iOS log:

Failed to execute 'define' on 'CustomElementRegistry': the name "taskmate-panel" has already been used (taskmate-panel.js)

After a version bump the browser can briefly hold both the old (?v=prev) and new (?v=current) panel modules; the unguarded customElements.define() throws on the second.

Fix

  • taskmate-child-card.js — refresh the access token if expired before posting; if the POST still returns 401, force a refresh and retry once.
  • taskmate-panel.js — guard the define() with if (!customElements.get("taskmate-panel")), matching the idempotent pattern the global modules already use.

Verification

  • Reproduced against the dev HA instance: valid-token POST → HTTP 200, stored.
  • Both edited files served correctly from ha-dev and pass node --check.

No version bump / no release — JS-only fix.

…perfect-week 50)

The number platform defaulted weekend_multiplier to 1.0 and perfect_week_bonus
to 0, but the bonus logic (coord_points.py / sensor.py) falls back to 2.0 and 50
when the setting is unset. On a fresh install the entities therefore showed
values that didn't match what was actually applied. Use the same defaults.
…d panel define

The photo-evidence upload (child card → POST /api/taskmate/photo) sends the
auth token by hand via this.hass.auth.data.access_token. That cached token is
short-lived (~30 min) and, unlike callWS, is never refreshed, so once a session
ages the upload 401s and the card shows its catch-all "Upload failed. Check your
connection" — masking the real auth failure (confirmed in http.ban logs).

_confirmPhoto now refreshes the token when expired before posting, and retries
once after a forced refresh if the POST still returns 401. Server side was
verified healthy (valid token → HTTP 200, file stored).

Also guard taskmate-panel.js's customElements.define(): after a version bump the
browser can briefly hold both the old (?v=prev) and new (?v=current) panel
modules, and the second unguarded define() throws "name already used", which
surfaced as an uncaught error in the iOS frontend log. Now no-ops if already
defined, matching the idempotent pattern the global modules already use.
@github-actions github-actions Bot added backend Python integration code cards Lovelace cards / frontend (www/*.js) labels Jun 26, 2026
@tempus2016 tempus2016 merged commit f86e42e into main Jun 26, 2026
11 checks passed
@tempus2016 tempus2016 deleted the fix/photo-upload-401-and-panel-define branch June 26, 2026 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend Python integration code cards Lovelace cards / frontend (www/*.js)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant