18 Commits

Author SHA1 Message Date
AmirReza Jamali 231d800b47 Fix AuthInterceptor replay logout-on-transient-error + add tests
Address PR re-review findings:
- Only a 401 on the replay falls through to logout; other DioExceptions
  (timeout, connection drop, 5xx) now propagate so a flaky network can't
  wipe a valid session and callers see the real error.
- Skip the refresh when the failed request's bearer no longer matches the
  stored one (a concurrent refresh already rotated it) and replay directly.
- Guard _logout() with a _loggingOut flag so the auth-failed callback fires
  once per burst rather than once per concurrent caller.

Add unit tests (fake Dio adapter + mocked prefs) covering the retry guard,
single-flight refresh, and non-401 replay propagation paths.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 16:20:23 +03:30
AmirReza Jamali deda384aaa Harden AuthInterceptor: retry guard, single-flight refresh, shared pref keys
Addresses PR review on the auth interceptor:

- Guard against unbounded retry recursion: tag the replayed request with
  extra['auth_retried'] and skip the refresh/replay path on a second 401 so
  it can't recurse refresh -> replay indefinitely. Drop the redundant manual
  Authorization header on the replay (onRequest re-injects it).
- Fix the concurrent-refresh race: coalesce concurrent 401s onto a single
  in-flight refresh future so the rotating refresh token is only consumed
  once, instead of later refreshes posting an already-consumed token and
  spuriously logging out. (Chose the shared-future approach over
  QueuedInterceptor, which deadlocks with the replay-via-same-Dio pattern.)
- Centralise the 'bearer' / 'refresh_token' / 'customer_data' pref keys in
  a PrefKeys constants class used by the interceptor, network manager, auth
  service and router so they can't silently diverge.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 12:21:03 +03:30
AmirReza Jamali 633f0ba881 Refactor network request handling by introducing AuthInterceptor for improved authentication management. Removed the previous request interceptor logic to streamline the code and enhance maintainability. 2026-06-10 11:34:45 +03:30
amirrezaghabeli cc0032b21d fixed logout at refresh failed 2026-04-16 16:36:55 +03:30
amirrezaghabeli e03c87f99d Add board navigation and assets
- Introduced new board-related assets in AssetsManager.
- Updated NetworkManager to increase connection and receive timeouts to 20 seconds.
- Added BoardRouteData for navigation to the BoardScreen.
- Updated app routes to include the new board route.
- Modified DesktopNavigationWidget to include a navigation item for the board.
- Added a new string constant for the board label in TendersStrings.
2025-11-10 16:14:50 +03:30
amirrezaghabeli 7e1240dffb some fixes 2025-10-06 10:32:58 +03:30
amirrezaghabeli 9ef02a208b fixed home handle error 2025-09-07 14:48:17 +03:30
amirrezaghabeli dad572af60 show message when there is error in submit or remove approvals 2025-09-06 14:10:49 +03:30
amirrezaghabeli 86d5e82968 skip getting refresh token when calling login 2025-08-30 09:23:01 +03:30
amirrezaghabeli bcd499843b fixed services 2025-08-27 13:03:09 +03:30
amirrezaghabeli 355b433f7b refresh token ability added to project 2025-08-25 12:14:52 +03:30
amirrezaghabeli 14ab9a75ca check web and tablet for logic 2025-08-23 15:22:28 +03:30
amirrezaghabeli 4b51071aad merge branches 2025-08-20 13:11:22 +03:30
amirrezaghabeli 5bb7326c76 feedback models added 2025-08-17 12:29:12 +03:30
amirrezaghabeli 6197887b2a change in network manager and login function 2025-08-17 08:04:59 +03:30
amirrezaghabeli 81d01d53ae login added 2025-08-16 16:11:57 +03:30
amirrezaghabeli 588bc841b5 fix 2025-08-12 14:46:15 +03:30
amirrezaghabeli 8843408287 move to network folder 2025-08-12 14:44:18 +03:30