PM-24539: Prevent token refresh from looping (#5658)

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/model/AccountTokensJson.kt

@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.datasource.disk.model
 
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
+import java.time.Instant
 
 /**
  * Container for the user's API tokens.
@@ -19,7 +20,7 @@ data class AccountTokensJson(
     val refreshToken: String?,
 
     @SerialName("expiresAtSec")
-    val expiresAtSec: Long = Long.MAX_VALUE,
+    val expiresAtSec: Long = Instant.MAX.epochSecond,
 ) {
     /**
      * Returns `true` if the user is logged in, `false otherwise.

network/src/main/kotlin/com/bitwarden/network/authenticator/RefreshAuthenticator.kt

@@ -8,6 +8,7 @@ import okhttp3.Authenticator
 import okhttp3.Request
 import okhttp3.Response
 import okhttp3.Route
+import timber.log.Timber
 
 /**
  * An authenticator used to refresh the access token when a 401 is returned from an API. Upon
@@ -21,6 +22,10 @@ internal class RefreshAuthenticator : Authenticator {
         route: Route?,
         response: Response,
     ): Request? {
+        if (response.shouldSkipAuthentication()) {
+            // If the same request keeps failing, let's just let the 401 pass through.
+            return null
+        }
         val accessToken = requireNotNull(
             response
                 .request
@@ -34,6 +39,7 @@ internal class RefreshAuthenticator : Authenticator {
             }
 
             else -> {
+                Timber.d("Attempting to refresh token due to unauthorized")
                 refreshTokenProvider
                     ?.refreshAccessTokenSynchronously(userId = userId)
                     ?.fold(
@@ -52,4 +58,6 @@ internal class RefreshAuthenticator : Authenticator {
             }
         }
     }
+
+    private fun Response.shouldSkipAuthentication(): Boolean = this.priorResponse != null
 }