fix(addon): stop closing Send tabs when access token has expired#949
Open
aaspinwall wants to merge 1 commit into
Open
fix(addon): stop closing Send tabs when access token has expired#949aaspinwall wants to merge 1 commit into
aaspinwall wants to merge 1 commit into
Conversation
getLoginState() treated an expired OIDC access token (short-lived `expires_at`) as logged out and called closeAllTbProTabs(), which removed every send.tb.pro tab — including a Send dashboard tab just opened from the accounts dashboard inside Thunderbird. The session is still valid: the Send web app refreshes the access token transparently via signinSilent() using the refresh_token. Make getLoginState() a read-only probe: report logged-in based on a stored session with a refresh_token, regardless of access-token expiry, and drop the destructive closeAllTbProTabs()/storage-wipe/menuLogout() side effects (real logout already flows through the SIGN_OUT path). Remove the now-unused closeAllTbProTabs() helper. Add menu.test.ts covering the regression. Closes #948 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed?
Made the add-on's
getLoginState()(packages/addon/src/menu.ts) a read-only probe. It now reports logged-in based on a stored session that has arefresh_token, regardless of the OIDC access-tokenexpires_at, and no longer performs destructive side effects. The previously coupledcloseAllTbProTabs()/storage.remove/menuLogout()calls were removed from the probe, and the now-unusedcloseAllTbProTabs()helper was deleted. Addedpackages/addon/src/test/menu.test.tscovering the behavior, including a regression guard that an expired access token never triggersbrowser.tabs.remove.AI disclosure: This change was implemented by Claude (agent-written) under close human direction — the maintainer drove the investigation by reproducing the bug manually in Thunderbird, identified the logged-in vs logged-out asymmetry, reviewed the root-cause analysis, and approved the plan and the final diff.
Why?
Inside Thunderbird, clicking a
send.tb.prolink from theaccounts.tb.pro/dashboardclosed the newly-opened Send tab once the add-on's stored access token had passed its short-livedexpires_at.getLoginState()is called by the/send/profileroute guard (viaGET_LOGIN_STATE) and by a 60s timer; the old code treated an expired access token as logged-out and calledcloseAllTbProTabs(), which removed everysend.tb.protab — including the one just opened.This is a category error:
expires_atis the access-token expiry, not the session lifetime. The Send web app refreshes the access token transparently viauserManager.signinSilent()using therefresh_token, so an expired access token is not a logged-out state. Genuine logout already flows through theSIGN_OUTpath. This is distinct from #945 (theProfileViewself-close), which is working correctly.Limitations and Notes
userManager, so it cannot refresh tokens itself — refresh remains owned by the web app, which this change defers to.signinSilent()itself fails in the web app (refresh token revoked/expired), the add-on isn't notified. PostingSIGN_OUTon silent-refresh failure would let the menu revert to logged-out cleanly — without indiscriminately closing tabs mid-session.Applicable Issues
Closes #948
Screenshots
N/A — behavioral fix, no UI change.