[MBL-19940][Student] Fix users being logged out when using multi-view

[kristofnemere]

Test plan:

1. Open Canvas Student on an Android tablet (or emulator with tablet profile)
2. Log in successfully
3. Drag Canvas Student into split-screen / multi-window mode so the app loses focus and resizes
4. Return to Canvas Student
5. Verify the user remains logged in and is NOT prompted to re-authenticate

refs: MBL-19940
affects: Student
release note: Fixed an issue where students were logged out when entering split-screen or multi-window mode on Android tablets.

Checklist

• Follow-up e2e test ticket created or not needed
• Tested in dark mode
• Tested in light mode
• Test in landscape mode and/or tablet
• A11y checked
• Approve from product

[claude]

Review Summary

This is a small, focused change with a meaningful behavioural impact.

What changed: shouldIgnoreToken = true is removed from the RestParams passed to getEnvironmentFeatureFlags in FeatureFlagProvider.fetchEnvironmentFeatureFlags(). Previously the GET /api/v1/features/environment call was made without the Authorization: Bearer header; after this change it will include the token (since shouldIgnoreToken defaults to false).

Consistency: This aligns FeatureFlagProvider with every other call-site for the same endpoint (SplashRepository, CallbackActivity, SplashActivity, FeaturesManager) — none of which set shouldIgnoreToken = true. The original flag appears to have been an unnecessary deviation from the norm.

No concerns found:

• The Canvas /features/environment endpoint is called only after the user is authenticated (the result is immediately stored by apiPrefs.user?.id), so a valid token is always available at call time.
• No security issues introduced — the token is scoped to the authenticated user and is already sent to this same endpoint by all other callers.
• No performance impact.

One suggestion (non-blocking): The existing test uses any() for RestParams, so it doesn't guard against the params reverting. See the inline comment for a tightening suggestion.

Checklist:

• Consider updating the Save environment feature flags test to assert specific RestParams (no shouldIgnoreToken) so the test acts as a regression guard for this fix.

[github-actions]

🧪 Unit Test Results

✅ 📱 Student App

• Tests: 1252 total, 0 failed, 0 skipped
• Duration: 0.000s
• Success Rate: 100%

✅ 🌅 Horizon

• Tests: 790 total, 0 failed, 0 skipped
• Duration: 39.965s
• Success Rate: 100%

✅ 📦 Submodules

• Tests: 3349 total, 0 failed, 0 skipped
• Duration: 49.311s
• Success Rate: 100%

---

📊 Summary

• Total Tests: 5391
• Failed: 0
• Skipped: 0
• Status: ✅ All tests passed!

Last updated: Tue, 07 Apr 2026 10:54:58 GMT

[github-actions]

Student Install Page

[kdeakinstructure]

QA 👍

[github-actions]

📊 Code Coverage Report

✅ Student

• PR Coverage: 42.65%
• Master Coverage: 42.65%
• Delta: +0.00%

✅ Teacher

• PR Coverage: 25.37%
• Master Coverage: 25.37%
• Delta: +0.00%

⚠️ Pandautils

• PR Coverage: 23.69%
• Master Coverage: 23.69%
• Delta: -0.00%

---

📈 Overall Average

• PR Coverage: 30.57%
• Master Coverage: 30.57%
• Delta: -0.00%