fix: don't overwrite user info with incomplete JWT data on navigation

The JWT token only contains id, username, type, and exp — not the display name. Previously, every route navigation called setUser() with this incomplete data, causing the display name to flash to the username before the API call completed and restored the full name. Now we skip setUser() if a complete user object with the same ID is already loaded. Fixes https://github.com/go-vikunja/vikunja/issues/2270
2026-03-11 17:48:44 -05:00 · 2026-02-21 22:29:47 +01:00
parent a11cde1afc
commit 1d420dd1dc
1 changed files with 9 additions and 4 deletions
--- a/frontend/src/stores/auth.ts
+++ b/frontend/src/stores/auth.ts
@@ -290,12 +290,17 @@ export const useAuthStore = defineStore('auth', () => {
 					.split('.')[1]
 					.replace(/-/g, '+')
 					.replace(/_/g, '/')
-				const info = new UserModel(JSON.parse(atob(base64)))
+				const jwtUser = new UserModel(JSON.parse(atob(base64)))
 				const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND)

-				isAuthenticated = info.exp >= ts
-				// Settings should only be loaded from the api request, not via the jwt
-				setUser(info, false)
+				isAuthenticated = jwtUser.exp >= ts
+				// Only set user from JWT if we don't already have a fully loaded
+				// user with the same ID. The JWT lacks fields like `name`, so
+				// overwriting a complete user object causes a visible flash
+				// where the display name briefly reverts to the username.
+				if (info.value === null || info.value.id !== jwtUser.id) {
+					setUser(jwtUser, false)
+				}
 			} catch (_) {
 				logout()
 			}