fix: use pendingNomadServiceUrl to decide wither to register a new client or restore crypto state from nomad service [WPB-24663]

[MohamadJaara]

https://wearezeta.atlassian.net/browse/WPB-24663

---

PR Submission Checklist for internal contributors

• The PR Title

  • conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
  • contains a reference JIRA issue number like SQPIT-764
  • answers the question: If merged, this PR will: ... ³

• The PR Description

  • is free of optional paragraphs and you have filled the relevant parts to the best of your ability

---

What's new in this PR?

Issues

• SSO login on servers with Nomad profiles enabled was broken. The login flow was querying the backend to check if Nomad profiles are enabled (isNomadProfilesEnabled()) to decide whether to restore crypto state or register a new client. This meant that any SSO login on a Nomad-enabled backend would attempt crypto state restoration, even for non-Nomad login flows.

Causes

The establishSSOSession success callback in both LoginSSOViewModel and NewLoginViewModel called coreLogic.getSessionScope(storedUserId).authenticationScope.isNomadProfilesEnabled() to determine the post-login path. This checks a backend feature flag rather than whether the current login flow was actually initiated as a Nomad flow (i.e., with a nomadServiceUrl).

Solutions

Replaced the backend feature flag check with a local check: val isNomadFlow = pendingNomadServiceUrl != null, captured before calling establishSSOSession (since pendingNomadServiceUrl is consumed/nulled during that call). This correctly determines whether the current SSO login was initiated as a Nomad flow based on the presence of a Nomad service URL in the deep link parameters.

Testing

Test Coverage

• I have added automated test to this contribution

How to Test

1. Perform an SSO login on a backend that has Nomad profiles enabled but without a Nomad deep link — should proceed with regular client registration (not crypto state restore).
2. Perform a Nomad SSO login (via deep link with nomadServiceUrl) — should attempt crypto state restore as before.
3. Verify existing SSO login flows still work on backends without Nomad support.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.71%. Comparing base (728363f) to head (6352cc4).
⚠️ Report is 11 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #4710   +/-   ##
========================================
  Coverage    49.71%   49.71%           
========================================
  Files          602      602           
  Lines        20610    20607    -3     
  Branches      3288     3288           
========================================
- Hits         10246    10245    -1     
  Misses        9398     9398           
+ Partials       966      964    -2     

Files with missing lines	Coverage Δ
...d/ui/authentication/login/sso/LoginSSOViewModel.kt	71.92% <100.00%> (+0.09%)	⬆️
...id/ui/newauthentication/login/NewLoginViewModel.kt	78.44% <100.00%> (+0.43%)	⬆️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 618d223...6352cc4. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.