From 1d420dd1dc6be8315789f89f00b9462ac2d4bdb8 Mon Sep 17 00:00:00 2001 From: kolaente Date: Sat, 21 Feb 2026 22:29:47 +0100 Subject: [PATCH] fix: don't overwrite user info with incomplete JWT data on navigation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The JWT token only contains id, username, type, and exp — not the display name. Previously, every route navigation called setUser() with this incomplete data, causing the display name to flash to the username before the API call completed and restored the full name. Now we skip setUser() if a complete user object with the same ID is already loaded. Fixes https://github.com/go-vikunja/vikunja/issues/2270 --- frontend/src/stores/auth.ts | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/frontend/src/stores/auth.ts b/frontend/src/stores/auth.ts index 12049c38e..d88f6c230 100644 --- a/frontend/src/stores/auth.ts +++ b/frontend/src/stores/auth.ts @@ -290,12 +290,17 @@ export const useAuthStore = defineStore('auth', () => { .split('.')[1] .replace(/-/g, '+') .replace(/_/g, '/') - const info = new UserModel(JSON.parse(atob(base64))) + const jwtUser = new UserModel(JSON.parse(atob(base64))) const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND) - isAuthenticated = info.exp >= ts - // Settings should only be loaded from the api request, not via the jwt - setUser(info, false) + isAuthenticated = jwtUser.exp >= ts + // Only set user from JWT if we don't already have a fully loaded + // user with the same ID. The JWT lacks fields like `name`, so + // overwriting a complete user object causes a visible flash + // where the display name briefly reverts to the username. + if (info.value === null || info.value.id !== jwtUser.id) { + setUser(jwtUser, false) + } } catch (_) { logout() }