fix(profile): expire dismissed session banner

Author: rabble

docs/superpowers/plans/2026-03-22-divine-login-banner-dismissal-ttl.md

@@ -0,0 +1,123 @@
+# Divine Login Banner Dismissal TTL Implementation Plan
+
+> **For agentic workers:** REQUIRED: Use superpowers:subagent-driven-development (if subagents available) or superpowers:executing-plans to implement this plan. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Make the profile session-expired banner snooze for 30 days instead of forever, and clear the snooze when Divine OAuth recovery succeeds.
+
+**Architecture:** Add a tiny shared helper for the dismissal key and TTL logic, then reuse it from the profile header and auth service. Cover the behavior with one widget regression slice and one auth regression slice before implementation.
+
+**Tech Stack:** Flutter, Riverpod, SharedPreferences, Flutter widget tests, auth service unit tests
+
+---
+
+## Chunk 1: TTL Read/Write Behavior
+
+### Task 1: Add the failing widget regressions
+
+**Files:**
+- Modify: `mobile/test/widgets/profile/profile_header_widget_test.dart`
+
+- [ ] **Step 1: Write the failing tests**
+
+Add tests for:
+- a recent dismissal timestamp hides the expired-session banner
+- a dismissal older than 30 days shows the banner again
+
+- [ ] **Step 2: Run the widget test file to verify the new case fails**
+
+Run: `cd mobile && flutter test test/widgets/profile/profile_header_widget_test.dart`
+Expected: the new TTL expectation fails because the current code treats dismissal as permanent.
+
+### Task 2: Implement the TTL helper and widget update
+
+**Files:**
+- Create: `mobile/lib/utils/divine_login_banner_dismissal.dart`
+- Modify: `mobile/lib/widgets/profile/profile_header_widget.dart`
+
+- [ ] **Step 3: Add the minimal helper**
+
+Add:
+- per-pubkey preference key builder
+- 30-day TTL constant
+- `isDismissed(...)`
+- `dismiss(...)`
+- `clear(...)`
+
+- [ ] **Step 4: Update the profile header to use the helper**
+
+Read the active dismissal via the helper and write a timestamp on dismiss instead of a boolean.
+
+- [ ] **Step 5: Re-run the widget test file**
+
+Run: `cd mobile && flutter test test/widgets/profile/profile_header_widget_test.dart`
+Expected: the TTL tests pass.
+
+## Chunk 2: Shared Helper Coverage And Auth Reset
+
+### Task 3: Add the failing helper regression
+
+**Files:**
+- Create: `mobile/test/utils/divine_login_banner_dismissal_test.dart`
+
+- [ ] **Step 6: Write the failing helper test**
+
+Cover:
+- dismissal remains active within 30 days
+- dismissal expires after 30 days
+- clear removes the stored dismissal
+
+- [ ] **Step 7: Run the helper test file to verify it fails**
+
+Run: `cd mobile && flutter test test/utils/divine_login_banner_dismissal_test.dart`
+Expected: compilation or test failure because the helper does not exist yet.
+
+### Task 4: Clear dismissal on auth recovery
+
+**Files:**
+- Modify: `mobile/lib/services/auth_service.dart`
+- Reuse: `mobile/lib/utils/divine_login_banner_dismissal.dart`
+
+- [ ] **Step 8: Add the minimal auth-side reset**
+
+Clear the stored dismissal when:
+- a silent refresh succeeds
+- Divine OAuth sign-in establishes the session for a pubkey
+
+- [ ] **Step 9: Re-run the helper test file**
+
+Run: `cd mobile && flutter test test/utils/divine_login_banner_dismissal_test.dart`
+Expected: the helper regression passes, and the auth service compiles cleanly against it.
+
+## Chunk 3: Focused Verification
+
+### Task 5: Verify the final touched set
+
+**Files:**
+- Verify: `mobile/lib/widgets/profile/profile_header_widget.dart`
+- Verify: `mobile/lib/services/auth_service.dart`
+- Verify: `mobile/lib/utils/divine_login_banner_dismissal.dart`
+- Verify: `mobile/test/widgets/profile/profile_header_widget_test.dart`
+- Verify: `mobile/test/utils/divine_login_banner_dismissal_test.dart`
+
+- [ ] **Step 10: Run focused analyzer**
+
+Run: `cd mobile && flutter analyze --no-pub lib/widgets/profile/profile_header_widget.dart lib/services/auth_service.dart lib/utils/divine_login_banner_dismissal.dart test/widgets/profile/profile_header_widget_test.dart test/utils/divine_login_banner_dismissal_test.dart`
+Expected: no issues found.
+
+- [ ] **Step 11: Run focused tests together**
+
+Run: `cd mobile && flutter test test/utils/divine_login_banner_dismissal_test.dart test/widgets/profile/profile_header_widget_test.dart`
+Expected: all tests pass.
+
+- [ ] **Step 12: Commit**
+
+```bash
+git add docs/superpowers/specs/2026-03-22-divine-login-banner-dismissal-ttl-design.md \
+  docs/superpowers/plans/2026-03-22-divine-login-banner-dismissal-ttl.md \
+  mobile/lib/utils/divine_login_banner_dismissal.dart \
+  mobile/lib/widgets/profile/profile_header_widget.dart \
+  mobile/lib/services/auth_service.dart \
+  mobile/test/widgets/profile/profile_header_widget_test.dart \
+  mobile/test/utils/divine_login_banner_dismissal_test.dart
+git commit -m "fix(profile): expire dismissed session banner"
+```

docs/superpowers/specs/2026-03-22-divine-login-banner-dismissal-ttl-design.md

@@ -0,0 +1,43 @@
+# Divine Login Banner Dismissal TTL Design
+
+## Goal
+
+Make the dismissible "Session Expired" banner on the profile page come back after 30 days if the account is still expired, and clear the dismissal as soon as the user successfully restores their Divine OAuth session.
+
+## Current Problem
+
+PR `#2214` stores a permanent boolean dismissal keyed by pubkey. Once dismissed, the banner never appears again for that account because nothing resets the preference when auth recovers or when enough time passes.
+
+## Design
+
+Store dismissal as a timestamp instead of a boolean. The profile banner should be hidden only when:
+
+- the current account has an expired OAuth session, and
+- a stored dismissal timestamp exists for that account, and
+- that dismissal is less than 30 days old.
+
+If the dismissal is missing or older than 30 days, the banner should render again.
+
+Use one shared helper for:
+
+- generating the per-pubkey preference key
+- reading whether the dismissal is still active
+- writing the current dismissal timestamp
+- clearing the dismissal after auth recovery
+
+## Reset Behavior
+
+Clear the dismissal when the app successfully restores a valid Divine OAuth session:
+
+- after a successful silent refresh path
+- after a successful Divine OAuth sign-in path
+
+This keeps dismissal scoped to the current expired-session incident rather than muting future incidents forever.
+
+## Tests
+
+Add regression coverage for:
+
+- dismissal hides the banner within 30 days
+- dismissal older than 30 days allows the banner to show again
+- successful expired-session refresh clears the stored dismissal key

mobile/lib/services/auth_service.dart

@@ -18,6 +18,7 @@ import 'package:openvine/services/crash_reporting_service.dart';
 import 'package:openvine/services/pending_verification_service.dart';
 import 'package:openvine/services/relay_discovery_service.dart';
 import 'package:openvine/services/user_data_cleanup_service.dart';
+import 'package:openvine/utils/divine_login_banner_dismissal.dart';
 import 'package:openvine/utils/nostr_key_utils.dart';
 import 'package:openvine/utils/nostr_timestamp.dart';
 import 'package:openvine/utils/unified_logger.dart';
@@ -295,6 +296,7 @@ class AuthService implements BackgroundAwareService {
           category: LogCategory.auth,
         );
         await refreshed.save(_flutterSecureStorage);
+        await _clearDismissedDivineLoginBannerForCurrentUser();
         await signInWithDivineOAuth(refreshed);
         return true;
       }
@@ -308,6 +310,18 @@ class AuthService implements BackgroundAwareService {
     return false;
   }
 
+  Future<void> _clearDismissedDivineLoginBannerForCurrentUser([
+    String? publicKeyHex,
+  ]) async {
+    final prefs = await SharedPreferences.getInstance();
+    final targetPubkey =
+        publicKeyHex ?? prefs.getString('current_user_pubkey_hex');
+    if (targetPubkey == null || targetPubkey.isEmpty) {
+      return;
+    }
+    await clearDivineLoginBannerDismissal(prefs, targetPubkey);
+  }
+
   /// Get discovered user relays (NIP-65)
   List<DiscoveredRelay> get userRelays => List.unmodifiable(_userRelays);
 
@@ -2276,6 +2290,7 @@ class AuthService implements BackgroundAwareService {
 
       final prefs = await SharedPreferences.getInstance();
       await prefs.setString('current_user_pubkey_hex', publicKeyHex);
+      await _clearDismissedDivineLoginBannerForCurrentUser(publicKeyHex);
 
       Log.info(
         '✅ Divine oauth listener setting auth state to authenticated.',

mobile/lib/utils/divine_login_banner_dismissal.dart

@@ -0,0 +1,41 @@
+import 'package:shared_preferences/shared_preferences.dart';
+
+const Duration divineLoginBannerDismissalTtl = Duration(days: 30);
+const _dismissedDivineLoginBannerPrefix = 'dismissed_divine_login_banner_';
+
+String divineLoginBannerDismissalKey(String userIdHex) =>
+    '$_dismissedDivineLoginBannerPrefix$userIdHex';
+
+bool isDivineLoginBannerDismissed(
+  SharedPreferences prefs,
+  String userIdHex, {
+  DateTime? now,
+}) {
+  final rawValue = prefs.get(divineLoginBannerDismissalKey(userIdHex));
+  if (rawValue is! int) {
+    return false;
+  }
+
+  final dismissedAt = DateTime.fromMillisecondsSinceEpoch(rawValue);
+  final comparisonTime = now ?? DateTime.now();
+  return comparisonTime.difference(dismissedAt) < divineLoginBannerDismissalTtl;
+}
+
+Future<void> dismissDivineLoginBanner(
+  SharedPreferences prefs,
+  String userIdHex, {
+  DateTime? now,
+}) {
+  final dismissedAt = now ?? DateTime.now();
+  return prefs.setInt(
+    divineLoginBannerDismissalKey(userIdHex),
+    dismissedAt.millisecondsSinceEpoch,
+  );
+}
+
+Future<void> clearDivineLoginBannerDismissal(
+  SharedPreferences prefs,
+  String userIdHex,
+) {
+  return prefs.remove(divineLoginBannerDismissalKey(userIdHex));
+}

mobile/lib/widgets/profile/profile_header_widget.dart

@@ -18,6 +18,7 @@ import 'package:openvine/screens/auth/secure_account_screen.dart';
 import 'package:openvine/screens/auth/welcome_screen.dart';
 import 'package:openvine/services/nip05_verification_service.dart';
 import 'package:openvine/utils/clipboard_utils.dart';
+import 'package:openvine/utils/divine_login_banner_dismissal.dart';
 import 'package:openvine/utils/nostr_key_utils.dart';
 import 'package:openvine/utils/user_profile_utils.dart';
 import 'package:openvine/widgets/profile/profile_followers_stat.dart';
@@ -28,9 +29,6 @@ import 'package:openvine/widgets/user_name.dart';
 
 /// Profile header widget displaying avatar, stats, name, and bio.
 class ProfileHeaderWidget extends ConsumerWidget {
-  static const _dismissedDivineLoginBannerPrefix =
-      'dismissed_divine_login_banner_';
-
   const ProfileHeaderWidget({
     required this.userIdHex,
     required this.isOwnProfile,
@@ -94,10 +92,10 @@ class ProfileHeaderWidget extends ConsumerWidget {
     final isAnonymous = authService.isAnonymous;
     final hasExpiredSession = authService.hasExpiredOAuthSession;
     final prefs = ref.watch(sharedPreferencesProvider);
-    final dismissedDivineLoginBannerKey =
-        '$_dismissedDivineLoginBannerPrefix$userIdHex';
-    final isDivineLoginBannerDismissed =
-        prefs.getBool(dismissedDivineLoginBannerKey) ?? false;
+    final isDivineLoginBannerHidden = isDivineLoginBannerDismissed(
+      prefs,
+      userIdHex,
+    );
 
     // Use profile color as header background (like original Vine)
     // Color covers avatar/stats, then fades to dark for name/bio readability
@@ -139,9 +137,9 @@ class ProfileHeaderWidget extends ConsumerWidget {
                 // profile) — prompts re-login instead of "Secure Your Account"
                 if (isOwnProfile &&
                     hasExpiredSession &&
-                    !isDivineLoginBannerDismissed)
+                    !isDivineLoginBannerHidden)
                   _SessionExpiredBanner(
-                    dismissedPreferenceKey: dismissedDivineLoginBannerKey,
+                    userIdHex: userIdHex,
                   )
                 // Secure account banner for anonymous users (only on own
                 // profile)
@@ -433,9 +431,9 @@ class _IdentityNotRecoverableBanner extends StatelessWidget {
 /// Prompts the user to sign in again instead of showing "Secure Your Account".
 /// Attempts a silent token refresh first; navigates to login only if that fails.
 class _SessionExpiredBanner extends ConsumerStatefulWidget {
-  const _SessionExpiredBanner({required this.dismissedPreferenceKey});
+  const _SessionExpiredBanner({required this.userIdHex});
 
-  final String dismissedPreferenceKey;
+  final String userIdHex;
 
   @override
   ConsumerState<_SessionExpiredBanner> createState() =>
@@ -463,7 +461,7 @@ class _SessionExpiredBannerState extends ConsumerState<_SessionExpiredBanner> {
   Future<void> _dismissBanner() async {
     setState(() => _isDismissed = true);
     final prefs = ref.read(sharedPreferencesProvider);
-    await prefs.setBool(widget.dismissedPreferenceKey, true);
+    await dismissDivineLoginBanner(prefs, widget.userIdHex);
   }
 
   @override

mobile/test/utils/divine_login_banner_dismissal_test.dart

@@ -0,0 +1,58 @@
+import 'package:flutter_test/flutter_test.dart';
+import 'package:openvine/utils/divine_login_banner_dismissal.dart';
+import 'package:shared_preferences/shared_preferences.dart';
+
+void main() {
+  const pubkey = 'test_pubkey_hex';
+
+  setUp(() async {
+    SharedPreferences.setMockInitialValues({});
+  });
+
+  test('dismissal remains active within 30 days', () async {
+    final prefs = await SharedPreferences.getInstance();
+
+    await dismissDivineLoginBanner(
+      prefs,
+      pubkey,
+      now: DateTime(2026, 3, 22),
+    );
+
+    expect(
+      isDivineLoginBannerDismissed(
+        prefs,
+        pubkey,
+        now: DateTime(2026, 4, 20),
+      ),
+      isTrue,
+    );
+  });
+
+  test('dismissal expires after 30 days', () async {
+    final prefs = await SharedPreferences.getInstance();
+
+    await dismissDivineLoginBanner(
+      prefs,
+      pubkey,
+      now: DateTime(2026, 3, 22),
+    );
+
+    expect(
+      isDivineLoginBannerDismissed(
+        prefs,
+        pubkey,
+        now: DateTime(2026, 4, 22),
+      ),
+      isFalse,
+    );
+  });
+
+  test('clear removes stored dismissal', () async {
+    final prefs = await SharedPreferences.getInstance();
+
+    await dismissDivineLoginBanner(prefs, pubkey, now: DateTime(2026, 3, 22));
+    await clearDivineLoginBannerDismissal(prefs, pubkey);
+
+    expect(prefs.get(divineLoginBannerDismissalKey(pubkey)), isNull);
+  });
+}