[PR #2561] [MERGED] fix: reset checkAuth debounce in linkShareAuth to prevent redirect loop #8364

Closed
opened 2026-04-20 18:10:30 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/go-vikunja/vikunja/pull/2561
Author: @tink-bot
Created: 4/8/2026
Status: Merged
Merged: 4/9/2026
Merged by: @kolaente

Base: mainHead: fix-link-share-loop


📝 Commits (5)

  • b373d2b test: wire up API URL for anonymous link share e2e tests
  • 81ff223 fix: reset checkAuth debounce in linkShareAuth to prevent redirect loop
  • 74a3a8f fix: skip refreshUserInfo for link share tokens to prevent logout loop
  • 8402366 fix: include type in checkAuth's same-user skip check
  • e0f01f1 test: add e2e regression test for link share loop while logged in

📊 Changes

2 files changed (+78 additions, -5 deletions)

View changed files

📝 frontend/src/stores/auth.ts (+21 -5)
📝 frontend/tests/e2e/sharing/linkShare.spec.ts (+57 -0)

📄 Description

When a logged-in user opens a public link share URL, checkAuth() has a 1-minute debounce that causes it to skip re-parsing the new link share JWT. This leaves authLinkShare as false, so the router guard redirects back to link-share.auth in an infinite loop.

The fix resets the debounce (lastUserInfoRefresh = null) before calling checkAuth() in linkShareAuth(), ensuring the new token is always parsed.

Fixes #2546


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/go-vikunja/vikunja/pull/2561 **Author:** [@tink-bot](https://github.com/tink-bot) **Created:** 4/8/2026 **Status:** ✅ Merged **Merged:** 4/9/2026 **Merged by:** [@kolaente](https://github.com/kolaente) **Base:** `main` ← **Head:** `fix-link-share-loop` --- ### 📝 Commits (5) - [`b373d2b`](https://github.com/go-vikunja/vikunja/commit/b373d2b19256e6c3c0ccc676f33613064c205c9c) test: wire up API URL for anonymous link share e2e tests - [`81ff223`](https://github.com/go-vikunja/vikunja/commit/81ff2239846058f6f548a151272a2252ae61c861) fix: reset checkAuth debounce in linkShareAuth to prevent redirect loop - [`74a3a8f`](https://github.com/go-vikunja/vikunja/commit/74a3a8f1e8766385b0b97da5899da01502d315c1) fix: skip refreshUserInfo for link share tokens to prevent logout loop - [`8402366`](https://github.com/go-vikunja/vikunja/commit/84023664135dae1f72a2dd3ef68c9956e06812f4) fix: include type in checkAuth's same-user skip check - [`e0f01f1`](https://github.com/go-vikunja/vikunja/commit/e0f01f12db754423b20a7c5af233795855fe393b) test: add e2e regression test for link share loop while logged in ### 📊 Changes **2 files changed** (+78 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `frontend/src/stores/auth.ts` (+21 -5) 📝 `frontend/tests/e2e/sharing/linkShare.spec.ts` (+57 -0) </details> ### 📄 Description When a logged-in user opens a public link share URL, `checkAuth()` has a 1-minute debounce that causes it to skip re-parsing the new link share JWT. This leaves `authLinkShare` as false, so the router guard redirects back to `link-share.auth` in an infinite loop. The fix resets the debounce (`lastUserInfoRefresh = null`) before calling `checkAuth()` in `linkShareAuth()`, ensuring the new token is always parsed. Fixes #2546 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 18:10:30 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#8364