Handle invalid token after password reset (#1238)

* Handle MSAL authentication after password reset

* Adjust unit tests

* [BOT] Applying version.

* [BOT] Applying format.

* Add AcquireTokenWithCacheReset stub

* Simplify getToken

* Limit startup viewmodel acquireToken to 3 tries

* Simplify getToken function

* [BOT] Applying format.

* Display error message toast if startup acquire token fails

* [BOT] Applying format.

* Display toast message after token fail

* Remove unused import

* Rename tranlations

* [BOT] Applying format.

* Change translation initialization

* Remove unused import

* [BOT] Applying format.

* Fix failing test

---------

Co-authored-by: clubapplets-server <1958869+clubapplets-server@users.noreply.github.com>

Author: BenjaminBelanger

lib/data/services/auth_service.dart

@@ -9,7 +9,6 @@ import 'package:notredame/locator.dart';
 class AuthService {
   String? _token;
   final int _maxRetry = 3;
-  int _retries = 0;
 
   final _scopes = ['api://etsmobileapi/access_as_user'];
 
@@ -18,21 +17,21 @@ class AuthService {
   final Logger _logger = locator<Logger>();
 
   Future<String> getToken() async {
-    if (_token == null) {
+    int attempt = 0;
+
+    while (attempt <= _maxRetry) {
+      if (_token != null) return _token!;
+
       final result = await acquireTokenSilent();
       if (result.$1 != null) {
-        _token = result.$1?.accessToken;
-      } else {
-        _retries++;
-        if (_retries > _maxRetry) {
-          _retries = 0;
-          throw Exception('Max retries reached');
-        }
-        getToken();
+        _token = result.$1!.accessToken;
+        return _token!;
       }
+
+      attempt++;
     }
-    _retries = 0;
-    return _token!;
+
+    throw Exception('Max retries reached');
   }
 
   Future<(bool, MsalException?)> createPublicClientApplication({
@@ -65,7 +64,11 @@ class AuthService {
 
   Future<(AuthenticationResult?, MsalException?)> acquireToken({String? loginHint}) async {
     try {
-      final result = await singleAccountPca?.acquireToken(scopes: _scopes, loginHint: loginHint, prompt: Prompt.login);
+      final result = await singleAccountPca?.acquireToken(
+        scopes: _scopes,
+        loginHint: loginHint,
+        prompt: Prompt.selectAccount,
+      );
       _token = result?.accessToken;
       _logger.d('Acquire token => ${result?.toJson()}');
       return (result, null);
@@ -84,14 +87,30 @@ class AuthService {
     } on MsalException catch (e) {
       _logger.e('Acquire token silent failed => $e');
 
-      // If it is a UI required exception, try to acquire token interactively.
       if (e is MsalUiRequiredException) {
-        return acquireToken();
+        return await acquireTokenWithCacheReset();
       }
       return (null, e);
     }
   }
 
+  Future<(AuthenticationResult?, MsalException?)> acquireTokenWithCacheReset() async {
+    try {
+      _token = null;
+
+      await signOut();
+
+      final result = await singleAccountPca?.acquireToken(scopes: _scopes, prompt: Prompt.login);
+
+      _token = result?.accessToken;
+      _logger.d('Token acquired with cache reset => ${result?.toJson()}');
+      return (result, null);
+    } on MsalException catch (e) {
+      _logger.e('Token acquisition with cache reset failed => $e');
+      return (null, e);
+    }
+  }
+
   Future<(bool, MsalException?)> signOut() async {
     try {
       _token = null;

lib/data/services/signets-api/request_builder_service.dart

@@ -32,7 +32,6 @@ mixin RequestBuilderService {
     String resultTag, {
     Map<String, String>? queryParameters,
   }) async {
-    // Send the envelope
     final uri = Uri.https(Urls.signetsAPI, endpoint, queryParameters);
     final response = await client.get(uri, headers: _buildHeaders(token));
 
@@ -42,8 +41,15 @@ mixin RequestBuilderService {
         retries = 0;
         throw ApiException(prefix: tagError, message: "Token invalide. Veuillez vous déconnecter et vous reconnecter.");
       }
+
       final authService = locator<AuthService>();
-      await authService.acquireTokenSilent();
+      final tokenResult = await authService.acquireTokenSilent();
+
+      if (tokenResult.$1 == null) {
+        retries = 0;
+        throw ApiException(prefix: tagError, message: "Session expirée. Veuillez vous reconnecter.");
+      }
+
       return await sendRequest(
         client,
         endpoint,

lib/l10n/intl_en.arb

@@ -46,6 +46,8 @@
 
   "close_button_text": "Close",
 
+  "startup_viewmodel_acquire_token_fail": "Connection failed after multiple attempts. Please try again.",
+
   "title_schedule": "Schedule",
   "title_student": "Student",
   "title_dashboard": "Dashboard",

lib/l10n/intl_fr.arb

@@ -45,6 +45,8 @@
 
   "close_button_text": "Fermer",
 
+  "startup_viewmodel_acquire_token_fail": "Échec de la connexion après plusieurs tentatives. Veuillez réessayer.",
+
   "title_schedule": "Horaire",
   "title_student": "Étudiant",
   "title_dashboard": "Accueil",

lib/ui/startup/view_model/startup_viewmodel.dart

@@ -1,4 +1,5 @@
 // Package imports:
+import 'package:fluttertoast/fluttertoast.dart';
 import 'package:msal_auth/msal_auth.dart';
 import 'package:stacked/stacked.dart';
 
@@ -10,6 +11,7 @@ import 'package:notredame/data/services/navigation_service.dart';
 import 'package:notredame/data/services/networking_service.dart';
 import 'package:notredame/domain/constants/preferences_flags.dart';
 import 'package:notredame/domain/constants/router_paths.dart';
+import 'package:notredame/l10n/app_localizations.dart';
 import 'package:notredame/locator.dart';
 
 class StartUpViewModel extends BaseViewModel {
@@ -20,6 +22,9 @@ class StartUpViewModel extends BaseViewModel {
   final NavigationService _navigationService = locator<NavigationService>();
   final AnalyticsService _analyticsService = locator<AnalyticsService>();
 
+  final AppIntl intl;
+  StartUpViewModel({required this.intl});
+
   /// Try to silent authenticate the user then redirect to [LoginView] or [DashboardView]
   Future handleStartUp() async {
     if (await handleConnectivityIssues()) return;
@@ -47,9 +52,19 @@ class StartUpViewModel extends BaseViewModel {
       _navigationService.pushNamedAndRemoveUntil(RouterPaths.dashboard);
     } else {
       AuthenticationResult? token;
-      while (token == null) {
+      int attempts = 0;
+      const maxAttempts = 3;
+
+      while (token == null && attempts < maxAttempts) {
+        attempts++;
         token = (await _authService.acquireToken()).$1;
+        if (token == null && attempts >= maxAttempts) {
+          Fluttertoast.showToast(msg: intl.startup_viewmodel_acquire_token_fail, toastLength: Toast.LENGTH_LONG);
+          await _analyticsService.logError('StartupViewmodel', 'Failed to acquire token after $maxAttempts attempts');
+          return;
+        }
       }
+
       _settingsManager.setBool(PreferencesFlag.isLoggedIn, true);
       _navigationService.pushNamedAndRemoveUntil(RouterPaths.dashboard);
     }

lib/ui/startup/widgets/startup_view.dart

@@ -6,6 +6,7 @@ import 'package:flutter_svg/flutter_svg.dart';
 import 'package:stacked/stacked.dart';
 
 // Project imports:
+import 'package:notredame/l10n/app_localizations.dart';
 import 'package:notredame/ui/core/themes/app_palette.dart';
 import 'package:notredame/ui/core/themes/app_theme.dart';
 import 'package:notredame/ui/startup/view_model/startup_viewmodel.dart';
@@ -15,7 +16,7 @@ class StartUpView extends StatelessWidget {
 
   @override
   Widget build(BuildContext context) => ViewModelBuilder<StartUpViewModel>.nonReactive(
-    viewModelBuilder: () => StartUpViewModel(),
+    viewModelBuilder: () => StartUpViewModel(intl: AppIntl.of(context)!),
     onViewModelReady: (StartUpViewModel model) {
       model.handleStartUp();
     },

pubspec.yaml

@@ -5,7 +5,7 @@ description: The 4th generation of ÉTSMobile, the main gateway between the Éco
 # pub.dev using `pub publish`. This is preferred for private packages.
 publish_to: 'none' # Remove this line if you wish to publish to pub.dev
 
-version: 4.59.7
+version: 4.59.8
 
 environment:
   sdk: '>=3.8.0 <4.0.0'

test/data/mocks/services/auth_service_mock.dart

@@ -57,6 +57,29 @@ class AuthServiceMock extends MockAuthService {
     when(mock.acquireToken()).thenAnswer((_) async => (result, exception));
   }
 
+  static void stubAcquireTokenWithCacheReset(AuthServiceMock mock, {bool success = true}) {
+    AuthenticationResult? result;
+    MsalException? exception;
+
+    if (success) {
+      result = AuthenticationResult(
+        accessToken: '',
+        authenticationScheme: '',
+        expiresOn: DateTime.now(),
+        idToken: '',
+        authority: '',
+        tenantId: '',
+        scopes: [''],
+        correlationId: '',
+        account: Account(id: '', username: '', name: ''),
+      );
+    } else {
+      exception = MsalException(message: 'Error');
+    }
+
+    when(mock.acquireTokenWithCacheReset()).thenAnswer((_) async => (result, exception));
+  }
+
   static void stubSignOut(AuthServiceMock mock) {
     when(mock.signOut()).thenAnswer((_) async => (true, null));
   }

test/data/services/signets_api/signets_api_client_test.dart

@@ -237,7 +237,7 @@ void main() {
           );
         } catch (e) {
           expect(e, isA<ApiException>());
-          verify(authServiceMock.acquireTokenSilent()).called(3);
+          verify(authServiceMock.acquireTokenSilent()).called(1);
         }
       });
     });

test/ui/startup/view_model/startup_viewmodel_test.dart

@@ -11,6 +11,7 @@ import 'package:notredame/data/services/navigation_service.dart';
 import 'package:notredame/data/services/networking_service.dart';
 import 'package:notredame/domain/constants/preferences_flags.dart';
 import 'package:notredame/domain/constants/router_paths.dart';
+import 'package:notredame/l10n/app_localizations.dart';
 import 'package:notredame/ui/startup/view_model/startup_viewmodel.dart';
 import '../../../data/mocks/repositories/settings_repository_mock.dart';
 import '../../../data/mocks/services/auth_service_mock.dart';
@@ -25,6 +26,7 @@ void main() {
   late AuthServiceMock authServiceMock;
 
   late StartUpViewModel viewModel;
+  late AppIntl appIntl;
 
   group('StartupViewModel - ', () {
     setUp(() async {
@@ -34,7 +36,8 @@ void main() {
       networkingServiceMock = setupNetworkingServiceMock();
       authServiceMock = setupAuthServiceMock();
 
-      viewModel = StartUpViewModel();
+      appIntl = await setupAppIntl();
+      viewModel = StartUpViewModel(intl: appIntl);
     });
 
     tearDown(() {