fix: include type in checkAuth's same-user skip check

Users and link shares share the same numeric id space in JWTs. When a
logged-in user opened a link share whose id happened to match their own
user id, checkAuth() would see `info.value.id === jwtUser.id` and skip
`setUser()`, leaving `info.value.type` as USER even though the new token
was a LINK_SHARE. As a result, `authLinkShare` never flipped to true and
the router guard bounced between /share/:hash/auth and the project view,
stranding the user on an empty NoAuthWrapper shell.

Compare on type as well so USER→LINK_SHARE transitions always replace
the user object.

Refs #2546
This commit is contained in:
kolaente 2026-04-09 11:52:24 +02:00 committed by kolaente
parent 2000732e35
commit 432c5f2817
1 changed files with 15 additions and 4 deletions

View File

@ -324,10 +324,21 @@ export const useAuthStore = defineStore('auth', () => {
if (isAuthenticated) {
// Only set user from JWT if we don't already have a fully loaded
// user with the same ID. The JWT lacks fields like `name`, so
// overwriting a complete user object causes a visible flash
// where the display name briefly reverts to the username.
if (info.value === null || info.value.id !== jwtUser.id) {
// user with the same ID *and* type. The JWT lacks fields like
// `name`, so overwriting a complete user object causes a visible
// flash where the display name briefly reverts to the username.
// Comparing on type as well is essential: regular users and link
// shares share the same numeric ID space, so a USER and a
// LINK_SHARE can have the same `id`. Without the type check, a
// logged-in user opening a link share whose id collides with
// their user id would keep the USER `info.value` and never flip
// `authLinkShare` to true, causing the router guard to bounce
// between /share/:hash/auth and the project view forever.
if (
info.value === null ||
info.value.id !== jwtUser.id ||
info.value.type !== jwtUser.type
) {
setUser(jwtUser, false)
} else {
// Always keep exp in sync so token renewal checks stay accurate