From bbf29bf400b68190ce6c7c48a5b4e26afc3b5124 Mon Sep 17 00:00:00 2001
From: chan <b24028@hanmaceng.co.kr>
Date: Tue, 28 Apr 2026 11:33:40 +0900
Subject: [PATCH] fix: clear stale auth flags and improve user name fallback
 logic (#637)

- Clear AuthTokenStore in _silentSessionRecovery when session is invalid (Case 2)

- Use .trim().isNotEmpty for userName fallback to handle empty strings (Case 1)
---
 .../dashboard/presentation/dashboard_screen.dart     | 12 +++++++-----
 userfront/lib/main.dart                              |  2 ++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/userfront/lib/features/dashboard/presentation/dashboard_screen.dart b/userfront/lib/features/dashboard/presentation/dashboard_screen.dart
index 5188cdd8..a3c5399f 100644
--- a/userfront/lib/features/dashboard/presentation/dashboard_screen.dart
+++ b/userfront/lib/features/dashboard/presentation/dashboard_screen.dart
@@ -846,11 +846,13 @@ class _DashboardScreenState extends ConsumerState<DashboardScreen> {
       final profileState = ref.watch(profileProvider);
       final profile = profileState.value;
       final timelineState = ref.watch(authTimelineProvider);
-      final userName =
-          profile?.name ??
-          profile?.email ??
-          profile?.phone ??
-          tr('ui.userfront.profile.user_fallback', fallback: 'User');
+      final userName = (profile?.name.trim().isNotEmpty ?? false)
+          ? profile!.name
+          : (profile?.email.trim().isNotEmpty ?? false)
+              ? profile!.email
+              : (profile?.phone.trim().isNotEmpty ?? false)
+                  ? profile!.phone
+                  : tr('ui.userfront.profile.user_fallback', fallback: 'User');
       final departmentValue =
           profile?.tenant?.name ?? profile?.department ?? '';
       final department = departmentValue.isNotEmpty
diff --git a/userfront/lib/main.dart b/userfront/lib/main.dart
index 4d0967d7..5bb87ea9 100644
--- a/userfront/lib/main.dart
+++ b/userfront/lib/main.dart
@@ -104,11 +104,13 @@ Future<void> _silentSessionRecovery() async {
       _log.info("[SessionRecovery] Recovery complete. Subject: $subject");
     } else {
       _log.warning("[SessionRecovery] Session found but subject is empty.");
+      AuthTokenStore.clear();
     }
   } catch (e) {
     _log.info(
       "[SessionRecovery] No valid cookie session found or request failed: $e",
     );
+    AuthTokenStore.clear();
   }
 }