comment

kevinyang372 · kevinyang372 · commit 65dc2959a06e · 2026-05-05T10:39:21.000-04:00
diff --git a/app/src/remote_server/server_model.rs b/app/src/remote_server/server_model.rs
@@ -130,6 +130,37 @@ impl PendingFileOps {
     }
 }
 
+/// Client-supplied auth credentials and user identity for the daemon.
+///
+/// Populated by `Initialize` and `Authenticate` messages. The auth token
+/// is used for server API calls; the user identity is forwarded to Sentry
+/// so crash reports from the daemon are attributed to the connecting user.
+///
+/// All fields are intentionally retained across proxy connection teardown
+/// and cleared only by daemon process exit.
+struct DaemonAuthContext {
+    /// Bearer credential set by Initialize / Authenticate.
+    auth_token: Option<String>,
+    /// User ID from the most recent `Initialize` handshake (Firebase UID).
+    #[cfg(feature = "crash_reporting")]
+    sentry_user_id: String,
+    /// User email from the most recent `Initialize` handshake.
+    #[cfg(feature = "crash_reporting")]
+    sentry_user_email: String,
+}
+
+impl DaemonAuthContext {
+    fn new() -> Self {
+        Self {
+            auth_token: None,
+            #[cfg(feature = "crash_reporting")]
+            sentry_user_id: String::new(),
+            #[cfg(feature = "crash_reporting")]
+            sentry_user_email: String::new(),
+        }
+    }
+}
+
 /// The top-level server-side orchestrator model.
 ///
 /// Receives `ClientMessage`s from connected proxy sessions and routes
@@ -164,13 +195,8 @@ pub struct ServerModel {
     executors: HashMap<SessionId, Arc<LocalCommandExecutor>>,
     /// Tracks in-flight file write/delete operations and handles cleanup.
     pending_file_ops: PendingFileOps,
-    /// Daemon-wide bearer credential for the identity-scoped daemon.
-    ///
-    /// The token is written by Initialize when the client supplies a
-    /// non-empty credential, or by Authenticate during token rotation. It is
-    /// intentionally retained across proxy connection teardown and cleared
-    /// only by daemon process exit.
-    auth_token: Option<String>,
+    /// Daemon-wide auth credentials and user identity.
+    auth: DaemonAuthContext,
 }
 
 impl Entity for ServerModel {
@@ -195,7 +221,7 @@ impl ServerModel {
             host_id,
             executors: HashMap::new(),
             pending_file_ops: PendingFileOps::new(),
-            auth_token: None,
+            auth: DaemonAuthContext::new(),
         };
         // Subscribe to FileModel and RepoMetadataModel events
         // file operation results and repo metadata pushes are forwarded to all
@@ -530,18 +556,15 @@ impl ServerModel {
         // Update crash reporting based on client-supplied preferences.
         #[cfg(feature = "crash_reporting")]
         {
+            if !msg.user_id.is_empty() {
+                self.auth.sentry_user_id = msg.user_id.clone();
+            }
+            if !msg.user_email.is_empty() {
+                self.auth.sentry_user_email = msg.user_email.clone();
+            }
+
             if msg.crash_reporting_enabled {
-                if !msg.user_id.is_empty() {
-                    crate::crash_reporting::set_user_id(
-                        crate::auth::UserUid::new(&msg.user_id),
-                        if msg.user_email.is_empty() {
-                            None
-                        } else {
-                            Some(msg.user_email)
-                        },
-                        ctx,
-                    );
-                }
+                self.apply_sentry_user_id(ctx);
             } else {
                 crate::crash_reporting::uninit_sentry();
             }
@@ -562,7 +585,25 @@ impl ServerModel {
     /// Extracted so unit tests can call it without a `ModelContext`.
     fn apply_initialize_auth(&mut self, msg: &Initialize) {
         if !msg.auth_token.is_empty() {
-            self.auth_token = Some(msg.auth_token.clone());
+            self.auth.auth_token = Some(msg.auth_token.clone());
+        }
+    }
+
+    /// Sets the Sentry user identity from the stored `DaemonAuthContext`.
+    /// Called both during `Initialize` and when re-enabling crash reporting
+    /// via `UpdatePreferences`.
+    #[cfg(feature = "crash_reporting")]
+    fn apply_sentry_user_id(&self, ctx: &mut warpui::AppContext) {
+        if !self.auth.sentry_user_id.is_empty() {
+            crate::crash_reporting::set_user_id(
+                crate::auth::UserUid::new(&self.auth.sentry_user_id),
+                if self.auth.sentry_user_email.is_empty() {
+                    None
+                } else {
+                    Some(self.auth.sentry_user_email.clone())
+                },
+                ctx,
+            );
         }
     }
 
@@ -580,10 +621,9 @@ impl ServerModel {
         #[cfg(feature = "crash_reporting")]
         {
             if msg.crash_reporting_enabled {
-                // Re-enable if not already initialized. Use stored auth info.
-                // If we don't have user info, init_sentry with no user is fine.
                 if !crate::crash_reporting::is_initialized() {
                     crate::crash_reporting::init(ctx);
+                    self.apply_sentry_user_id(ctx);
                 }
             } else {
                 crate::crash_reporting::uninit_sentry();
@@ -598,11 +638,11 @@ impl ServerModel {
             log::warn!("Received Authenticate notification with empty auth token; ignoring");
             return;
         }
-        self.auth_token = Some(msg.auth_token);
+        self.auth.auth_token = Some(msg.auth_token);
     }
 
     pub fn auth_token(&self) -> Option<&str> {
-        self.auth_token.as_deref()
+        self.auth.auth_token.as_deref()
     }
 
     /// Handles `Abort` by cancelling the in-progress request it targets.
diff --git a/app/src/remote_server/server_model_tests.rs b/app/src/remote_server/server_model_tests.rs
@@ -2,7 +2,7 @@ use std::collections::HashMap;
 
 use super::super::proto::{Authenticate, Initialize};
 use super::super::protocol::RequestId;
-use super::{PendingFileOps, ServerModel};
+use super::{DaemonAuthContext, PendingFileOps, ServerModel};
 
 fn test_model() -> ServerModel {
     ServerModel {
@@ -13,7 +13,7 @@ fn test_model() -> ServerModel {
         host_id: "test-host-id".to_string(),
         executors: HashMap::new(),
         pending_file_ops: PendingFileOps::new(),
-        auth_token: None,
+        auth: DaemonAuthContext::new(),
     }
 }
 
diff --git a/app/src/terminal/writeable_pty/remote_server_controller.rs b/app/src/terminal/writeable_pty/remote_server_controller.rs
@@ -14,6 +14,7 @@ use crate::terminal::warpify::settings::{SshExtensionInstallMode, WarpifySetting
 use crate::remote_server::manager::{RemoteServerManager, RemoteServerManagerEvent};
 use crate::remote_server::ssh_transport::SshTransport;
 use crate::server::server_api::ServerApiProvider;
+use crate::settings::{PrivacySettings, PrivacySettingsChangedEvent};
 use crate::terminal::model::session::{IsLegacySSHSession, SessionInfo};
 use crate::terminal::model_events::{ModelEvent, ModelEventDispatcher};
 use crate::{send_telemetry_from_ctx, TelemetryEvent};
@@ -94,15 +95,29 @@ impl<T: EventLoopSender> RemoteServerController<T> {
     ) -> Self {
         let auth_state = AuthStateProvider::as_ref(ctx).get().clone();
         let crash_reporting_enabled = Arc::new(parking_lot::RwLock::new(
-            crate::settings::PrivacySettings::handle(ctx)
+            PrivacySettings::handle(ctx)
                 .as_ref(ctx)
                 .is_crash_reporting_enabled,
         ));
         let auth_context = Arc::new(server_api_auth_context(
             auth_state,
             ServerApiProvider::as_ref(ctx).get_auth_client(),
-            crash_reporting_enabled,
+            crash_reporting_enabled.clone(),
         ));
+
+        // Keep the shared crash-reporting flag in sync with the user's
+        // privacy settings so that future daemon handshakes send the
+        // current value rather than a stale snapshot.
+        let privacy_settings = PrivacySettings::handle(ctx);
+        ctx.subscribe_to_model(&privacy_settings, move |_, event, _| {
+            if let &PrivacySettingsChangedEvent::UpdateIsCrashReportingEnabled {
+                new_value, ..
+            } = event
+            {
+                *crash_reporting_enabled.write() = new_value;
+            }
+        });
+
         ctx.subscribe_to_model(&model_event_dispatcher, |me, event, ctx| {
             if let ModelEvent::SshInitShell {
                 pending_session_info,

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ use std::collections::HashMap;`
`2`	`2`
`3`	`3`	`use super::super::proto::{Authenticate, Initialize};`
`4`	`4`	`use super::super::protocol::RequestId;`
`5`		`-use super::{PendingFileOps, ServerModel};`
	`5`	`+use super::{DaemonAuthContext, PendingFileOps, ServerModel};`
`6`	`6`
`7`	`7`	`fn test_model() -> ServerModel {`
`8`	`8`	`ServerModel {`
`@@ -13,7 +13,7 @@ fn test_model() -> ServerModel {`
`13`	`13`	`host_id: "test-host-id".to_string(),`
`14`	`14`	`executors: HashMap::new(),`
`15`	`15`	`pending_file_ops: PendingFileOps::new(),`
`16`		`- auth_token: None,`
	`16`	`+ auth: DaemonAuthContext::new(),`
`17`	`17`	`}`
`18`	`18`	`}`
`19`	`19`