Merge pull request 'fix/issue-637' (#645) from fix/issue-637 into dev

Reviewed-on: baron/baron-sso#645
2026-04-28 13:14:57 +09:00
parent 08aa745e30 e3f9bbf925
commit 0c80063311
2 changed files with 33 additions and 7 deletions
--- a/userfront/lib/features/dashboard/presentation/dashboard_screen.dart
+++ b/userfront/lib/features/dashboard/presentation/dashboard_screen.dart
@@ -846,11 +846,13 @@ class _DashboardScreenState extends ConsumerState<DashboardScreen> {
      final profileState = ref.watch(profileProvider);
      final profile = profileState.value;
      final timelineState = ref.watch(authTimelineProvider);
-      final userName =
-          profile?.name ??
-          profile?.email ??
-          profile?.phone ??
-          tr('ui.userfront.profile.user_fallback', fallback: 'User');
+      final userName = (profile?.name.trim().isNotEmpty ?? false)
+          ? profile!.name
+          : (profile?.email.trim().isNotEmpty ?? false)
+          ? profile!.email
+          : (profile?.phone.trim().isNotEmpty ?? false)
+          ? profile!.phone
+          : tr('ui.userfront.profile.user_fallback', fallback: 'User');
      final departmentValue =
          profile?.tenant?.name ?? profile?.department ?? '';
      final department = departmentValue.isNotEmpty
--- a/userfront/lib/main.dart
+++ b/userfront/lib/main.dart
@@ -79,8 +79,30 @@ Future<void> _silentSessionRecovery() async {
  // 1. Local token check
  final hasLocalToken = AuthTokenStore.hasToken();
  if (hasLocalToken) {
-    _log.info("[SessionRecovery] Local token found. Skipping recovery.");
-    return;
+    _log.info("[SessionRecovery] Local token found. Verifying session...");
+    try {
+      final status = await AuthProxyService.getSessionStatus(
+        token: AuthTokenStore.getToken(),
+        useCookie: false,
+      );
+      if (status == 401 || status == 403) {
+        _log.warning(
+          "[SessionRecovery] Local token is invalid. Clearing store.",
+        );
+        AuthTokenStore.clear();
+        return;
+      }
+      _log.info(
+        "[SessionRecovery] Local token is valid. Skipping cookie check.",
+      );
+      return;
+    } catch (e) {
+      _log.info("[SessionRecovery] Failed to verify local token: $e");
+      // 만약 네트워크 에러 등이라면 당장 로그아웃 시키지 않고 일단 통과시킬 수도 있지만,
+      // 보안과 확실한 상태 갱신을 위해 여기서는 실패 시 상태를 유지하거나 필요에 따라 처리합니다.
+      // (현재는 401/403 확실한 인증 실패시에만 clear 처리)
+      return;
+    }
  }

  _log.info(
@@ -104,11 +126,13 @@ Future<void> _silentSessionRecovery() async {
      _log.info("[SessionRecovery] Recovery complete. Subject: $subject");
    } else {
      _log.warning("[SessionRecovery] Session found but subject is empty.");
+      AuthTokenStore.clear();
    }
  } catch (e) {
    _log.info(
      "[SessionRecovery] No valid cookie session found or request failed: $e",
    );
+    AuthTokenStore.clear();
  }
 }