fix: keep bridge token usable after sync block

2026-06-06 19:40:44 +08:00 · 2026-06-06 19:40:44 +08:00 · 0358a4aaac
commit 0358a4aaac
parent 20257f392e
2 changed files with 66 additions and 4 deletions
--- a/lib/app/app_controller_desktop_runtime_helpers.dart
+++ b/lib/app/app_controller_desktop_runtime_helpers.dart
@ -1207,10 +1207,7 @@ extension AppControllerDesktopRuntimeHelpers on AppController {
  }

  Future<String?> _resolveManagedBridgeAuthTokenInternal() async {
-    final accountSyncState = settingsControllerInternal.accountSyncState;
-    if (settingsControllerInternal.accountSignedIn &&
-        accountSyncState?.syncState.trim().toLowerCase() == 'ready' &&
-        accountSyncState?.tokenConfigured.bridge == true) {
+    if (settingsControllerInternal.accountSignedIn) {
      final bridgeToken = (await storeInternal.loadAccountManagedSecret(
        target: kAccountManagedSecretTargetBridgeAuthToken,
      ))?.trim();
--- a/test/runtime/runtime_controllers_settings_account_test.dart
+++ b/test/runtime/runtime_controllers_settings_account_test.dart
@ -82,6 +82,71 @@ void main() {
      },
    );

+    test(
+      'keeps using managed bridge token after the account sync state is blocked',
+      () async {
+        final storeRoot = await Directory.systemTemp.createTemp(
+          'xworkmate-account-sync-blocked-token-',
+        );
+        addTearDown(() async {
+          if (await storeRoot.exists()) {
+            await storeRoot.delete(recursive: true);
+          }
+        });
+
+        final store = SecureConfigStore(
+          secretRootPathResolver: () async => '${storeRoot.path}/secrets',
+          appDataRootPathResolver: () async => '${storeRoot.path}/app-data',
+          supportRootPathResolver: () async => '${storeRoot.path}/support',
+          enableSecureStorage: false,
+        );
+        await store.initialize();
+        await store.saveSettingsSnapshot(
+          SettingsSnapshot.defaults().copyWith(
+            accountBaseUrl: 'https://accounts.svc.plus',
+          ),
+        );
+        await store.saveAccountSessionToken('session-token');
+        await store.saveAccountSessionSummary(
+          const AccountSessionSummary(
+            userId: 'user-1',
+            email: 'review@svc.plus',
+            name: 'Review User',
+            role: 'reviewer',
+            mfaEnabled: true,
+          ),
+        );
+        await store.saveAccountManagedSecret(
+          target: kAccountManagedSecretTargetBridgeAuthToken,
+          value: 'managed-token',
+        );
+        await store.saveAccountSyncState(
+          AccountSyncState.defaults().copyWith(
+            syncState: 'blocked',
+            syncMessage: 'Bridge token expired or rejected.',
+            tokenConfigured: const AccountTokenConfigured(
+              bridge: true,
+              vault: false,
+            ),
+          ),
+        );
+
+        final controller = AppController(
+          store: store,
+          environmentOverride: const <String, String>{},
+        );
+        addTearDown(controller.dispose);
+        await controller.settingsControllerInternal.initialize();
+
+        final token = await controller.settingsControllerInternal
+            .loadEffectiveGatewayToken(
+              profileIndex: kGatewayRemoteProfileIndex,
+            );
+
+        expect(token, 'managed-token');
+      },
+    );
+
    test(
      'updates in-memory blocked state when bridge authorization is unavailable',
      () async {