Skip to content

fix: reduce auth hydration and stabilize signup#3591

Draft
marcusgrando wants to merge 9 commits into
devfrom
grando/fix-login-hydration
Draft

fix: reduce auth hydration and stabilize signup#3591
marcusgrando wants to merge 9 commits into
devfrom
grando/fix-login-hydration

Conversation

@marcusgrando
Copy link
Copy Markdown
Member

@marcusgrando marcusgrando commented Jun 3, 2026
edited
Loading

Bug fix

What was the problem?

Login restored the account session with extra blocking calls in the critical path:

  • sign-in analytics hydrated account/user data before switchAccount, duplicating /api/account/info and /api/user/me.
  • account guard loaded /api/v3/contract/{clientId}/products through loadAccountHydration.
  • account guard also loaded /edge_api/v4/service_orders only to derive hasActivePlan, even though /api/account/info already returns has_service_order_plan.

In the HAR, Contract took about 2.09s and Service Orders took about 2.93s after the duplicated account hydration.

Email sign-up had a separate issue: after the account was created, a post-success analytics tracking error could keep the UI on the sign-up form instead of showing the activation step. This left the user with a created but inactive account, which then produced User not activated. on login until activation was completed.

The post-activation paid plan step could also surface Stripe raw errors such as No such checkout.session when Stripe rejected a checkout session during confirmation. That request is made inside Stripe.js, so it may not show as a regular Console API request in DevTools.

Expected behavior

Login should restore the session and decide onboarding redirects without waiting for Contract or Service Orders product calls. Contract plan data should still load where it is actually used, such as Billing and Copilot.

Email sign-up should show the activation instructions after successful account creation, even if analytics tracking fails.

The paid plan checkout should refresh stale Stripe sessions instead of showing raw Stripe session identifiers to the user.

How was it solved

  • Reused token/verify.user_tracking_info for email, MFA, and SSO sign-in tracking instead of pre-switch account hydration.
  • Kept contract plan loading out of loadAccountHydration; Billing and Copilot still lazy-load it with loadContractData.
  • Derived hasActivePlan from account/info.has_service_order_plan during account hydration.
  • Removed ensureServiceOrdersList() from accountGuard, so Service Orders no longer blocks initial login navigation.
  • Made email sign-up success tracking non-blocking so account activation UI still appears after a successful /signup response.
  • Reused the existing stale checkout-session recovery path when Stripe rejects the session during signup plan submission.
  • Updated tests for account hydration, sign-in tracking, account guard behavior, sign-up activation after tracking failures, and stale checkout-session recovery.

How to test

  • ./node_modules/.bin/eslint src/helpers/account-data.js src/router/hooks/guards/accountGuard.js src/tests/helpers/account-data.test.js src/tests/router/hooks/guards/account-guard.test.js src/helpers/track-auth-event.js src/tests/helpers/track-auth-event.test.js
  • ./node_modules/.bin/vitest run src/tests/helpers/account-data.test.js src/tests/router/hooks/guards/account-guard.test.js src/tests/helpers/track-auth-event.test.js src/tests/helpers/account-handler-switch-broadcast.test.js src/tests/helpers/account-handler-has-session.test.js src/tests/services/auth-services/verify-authentication-service.test.js src/tests/plugins/analytics/trackers/SignInTracker.test.js
  • ./node_modules/.bin/eslint src/templates/signup-block/login-with-email-block.vue src/tests/templates/login-with-email-block.test.js src/services/signup-services/signup-service.js src/tests/services/signup-services/signup-service.test.js src/templates/signup-block/form-signup-block.vue src/templates/signup-block/account-activation.vue
  • ./node_modules/.bin/vitest run src/tests/templates/login-with-email-block.test.js src/tests/services/signup-services/signup-service.test.js src/tests/views/signup-additional-data-view.test.js
  • ./node_modules/.bin/eslint src/templates/checkout-block/checkout-plan-block.vue src/templates/checkout-block/payment-method-block.vue src/templates/checkout-block/helpers/stripe-error-mapper.js src/tests/templates/checkout-plan-block.test.js src/tests/templates/payment-method-block.test.js src/views/Signup/AdditionalDataView.vue
  • ./node_modules/.bin/vitest run src/tests/templates/checkout-plan-block.test.js src/tests/templates/payment-method-block.test.js src/tests/views/signup-additional-data-view.test.js src/tests/composables/useCheckoutSessionPreparer.test.js src/tests/templates/pricing-calculation-block.test.js
  • git diff --check

@marcusgrando marcusgrando force-pushed the grando/fix-login-hydration branch 2 times, most recently from 3183f2c to e18b848 Compare June 3, 2026 23:20
@marcusgrando
fix: reduce login hydration calls
958fb2f 
Remove account hydration from pre-switch sign-in tracking and reuse token verification tracking metadata to avoid duplicate account/profile requests during login.

Derive active plan state from account info so the account guard no longer blocks login on contract or service order product calls; Billing and Copilot still lazy-load contract plan data.
@marcusgrando marcusgrando force-pushed the grando/fix-login-hydration branch from e18b848 to 958fb2f Compare June 3, 2026 23:21
@marcusgrando marcusgrando changed the title fix: reduce login hydration calls fix: remove login-blocking hydration calls Jun 3, 2026
marcusgrando and others added 2 commits June 3, 2026 20:24
@marcusgrando
Merge branch 'dev' into grando/fix-login-hydration
e114f46
@marcusgrando
ci: fix changed-file lint checks
258006a 
Install git before security checkout, fetch the PR base branch for architecture governance, and run the security linter only against changed files so legacy findings outside the PR do not block the login hydration fix.
@marcusgrando marcusgrando force-pushed the grando/fix-login-hydration branch from 8a2cca7 to 258006a Compare June 4, 2026 00:06
@marcusgrando marcusgrando marked this pull request as draft June 4, 2026 00:48
@marcusgrando
fix: prevent signup button from hanging
a22aa75 
Handle non-API signup errors without throwing inside the catch block, always clear the loading state, and cover the recaptcha failure path before the signup request is sent.
@marcusgrando
fix: keep signup activation after tracking errors
d07ca4d 
Keep successful email signup on the activation flow even if analytics tracking fails after account creation.

This prevents a created but inactive account from leaving the user on the signup form without the activation instructions.
@marcusgrando marcusgrando changed the title fix: remove login-blocking hydration calls fix: reduce auth hydration and stabilize signup Jun 4, 2026
@marcusgrando
fix: recover stale checkout sessions on submit
ff586c1 
Detect stale Stripe checkout session errors during signup plan submission and reuse the existing recovery path instead of showing the raw Stripe message.

This refreshes the checkout session when confirmation rejects a consumed, expired, or environment-mismatched session.
@marcusgrando
chore: remove defineExpose imports
68db759 
Remove Vue compiler macro imports from drawer components so local startup no longer reports defineExpose import warnings.

The macro calls stay in place because Vue exposes them through the compiler.
@marcusgrando
fix: satisfy architecture lint for drawer services
b9b1dc3 
Move legacy drawer service calls behind Vue Query composables so the defineExpose cleanup does not expose direct service imports to the changed-file architecture gate.

This keeps existing drawer contracts while satisfying the TanStack governance check in CI.
@marcusgrando
fix: address auth review follow-ups
34d5e49 
Harden signup activation after navigation failures, make security changed-file lint resilient to zero or orphan base refs, and keep security lint scoped to security rules. Also tighten plan entitlement input handling and remove stale tracking fallback code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HerbertJulio HerbertJulio Awaiting requested review from HerbertJulio HerbertJulio is a code owner

@robsongajunior robsongajunior Awaiting requested review from robsongajunior robsongajunior is a code owner

@rafaelgarbinatto rafaelgarbinatto Awaiting requested review from rafaelgarbinatto rafaelgarbinatto is a code owner

@gdsantana gdsantana Awaiting requested review from gdsantana gdsantana is a code owner

@pauloSF0 pauloSF0 Awaiting requested review from pauloSF0 pauloSF0 is a code owner

@isaquebock isaquebock Awaiting requested review from isaquebock isaquebock is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@marcusgrando marcusgrando

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcusgrando