fixed a session management bug by updating user authentication token handling and adding runtime context values for user ID and auth token

Author: RadicalMuffinMan

source/ShowScenes.bs

@@ -120,8 +120,12 @@ function LoginFlow()
                 if myToken <> invalid
                     ' check if token is valid
                     session.user.Update("authToken", myToken)
+                    session.setRuntimeRequestContextValue("moonfin.userId", m.global.session.user.id)
+                    session.setRuntimeRequestContextValue("moonfin.authToken", myToken)
                     currentUser = AboutMe()
                     if currentUser = invalid
+                        session.setRuntimeRequestContextValue("moonfin.userId", invalid)
+                        session.setRuntimeRequestContextValue("moonfin.authToken", invalid)
                         unset_user_setting("token")
                         unset_user_setting("username")
                     else
@@ -155,9 +159,13 @@ function LoginFlow()
         if isValid(myAuthToken) and isValid(myUsername)
             session.user.Update("authToken", myAuthToken)
             session.user.Update("name", myUsername)
+            session.setRuntimeRequestContextValue("moonfin.userId", activeUser)
+            session.setRuntimeRequestContextValue("moonfin.authToken", myAuthToken)
 
             currentUser = AboutMe()
             if currentUser = invalid
+                session.setRuntimeRequestContextValue("moonfin.userId", invalid)
+                session.setRuntimeRequestContextValue("moonfin.authToken", invalid)
                 ' Token invalid - clear cached data and show sign-in screen
                 unset_user_setting("token")
                 unset_user_setting("username")

source/api/baserequest.bs

@@ -275,13 +275,18 @@ function getAuthTokenFromRegistry() as dynamic
     end if
 
     activeUserId = getActiveUserIdFromRegistry()
-    if not isValidAndNotEmpty(activeUserId)
-        return invalid
+    if isValidAndNotEmpty(activeUserId)
+        authToken = getRegistryValue(activeUserId, "token")
+        if isValidAndNotEmpty(authToken)
+            return authToken
+        end if
     end if
 
-    authToken = getRegistryValue(activeUserId, "token")
-    if isValidAndNotEmpty(authToken)
-        return authToken
+    if isValid(m) and isChainValid(m, "global.session.user.authToken")
+        authToken = chainLookupReturn(m, "global.session.user.authToken", invalid)
+        if isValidAndNotEmpty(authToken)
+            return authToken
+        end if
     end if
 
     return invalid

source/utils/session.bs

@@ -133,7 +133,7 @@ namespace session
             if userData = invalid or userData.id = invalid then return
 
             tmpSession = m.global.session
-            oldUserSettings = tmpSession.user.settings
+            oldUserSettings = {}
             if userData.json = invalid
                 myAuthToken = tmpSession.user.authToken
                 tmpSession.AddReplace("user", userData)
@@ -173,6 +173,7 @@ namespace session
             end if
 
             session.user.Update("settings", tmpSettingArray)
+            session.user.settings.SaveDefaults()
 
             session.setRuntimeRequestContextValue("moonfin.userId", tmpSession.user.id)
             session.setRuntimeRequestContextValue("moonfin.authToken", tmpSession.user.authToken)