chore: release version v1.97.4

Merge branch 'main' of github.com:wanderer-industries/wanderer
fix(core): Fixed character re-auth issues
2026-03-26 13:28:00 +00:00 · 2026-03-26 00:11:47 +00:00 · 2026-03-26 01:11:01 +01:00 · 2026-03-26 01:10:57 +01:00 · 2026-03-25 23:41:47 +00:00 · 2026-03-25 23:41:47 +00:00
5 changed files with 83 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,24 @@

 <!-- changelog -->

+## [v1.97.4](https://github.com/wanderer-industries/wanderer/compare/v1.97.3...v1.97.4) (2026-03-26)
+
+
+
+
+### Bug Fixes:
+
+* core: Fixed character re-auth issues
+
+## [v1.97.3](https://github.com/wanderer-industries/wanderer/compare/v1.97.2...v1.97.3) (2026-03-25)
+
+
+
+
+### Bug Fixes:
+
+* core: Fixed character re-auth issues
+
 ## [v1.97.2](https://github.com/wanderer-industries/wanderer/compare/v1.97.1...v1.97.2) (2026-03-23)


--- a/lib/wanderer_app/esi/api_client.ex
+++ b/lib/wanderer_app/esi/api_client.ex
@@ -897,20 +897,43 @@ defmodule WandererApp.Esi.ApiClient do
  end

  defp invalidate_character_tokens(character, character_id, expires_at, scopes) do
-    attrs = %{access_token: nil, refresh_token: nil, expires_at: expires_at, scopes: scopes}
-
-    with {:ok, _} <- WandererApp.Api.Character.update(character, attrs) do
-      WandererApp.Character.update_character(character_id, attrs)
+    # Skip invalidation if the character was recently re-authorized via SSO.
+    # This protects fresh tokens from being wiped by transient invalid_grant
+    # errors that can occur shortly after re-auth.
+    if WandererApp.Cache.lookup!("character:#{character_id}:reauth_grace", false) do
+      Logger.info(
+        "[ApiClient] Skipping token invalidation for #{character_id} - within re-auth grace period"
+      )
    else
-      error ->
-        Logger.error("Failed to clear tokens for #{character_id}: #{inspect(error)}")
-    end
+      # Re-load from DB to avoid race with concurrent re-auth
+      case WandererApp.Api.Character.by_id(character_id) do
+        {:ok, current_character} ->
+          # Only invalidate if tokens haven't been refreshed since we started
+          if current_character.access_token == character.access_token do
+            attrs = %{access_token: nil, refresh_token: nil, expires_at: expires_at, scopes: scopes}

-    Phoenix.PubSub.broadcast(
-      WandererApp.PubSub,
-      "character:#{character_id}",
-      :character_token_invalid
-    )
+            with {:ok, _} <- WandererApp.Api.Character.update(current_character, attrs) do
+              WandererApp.Character.update_character(character_id, attrs)
+            else
+              error ->
+                Logger.error("Failed to clear tokens for #{character_id}: #{inspect(error)}")
+            end
+
+            Phoenix.PubSub.broadcast(
+              WandererApp.PubSub,
+              "character:#{character_id}",
+              :character_token_invalid
+            )
+          else
+            Logger.info(
+              "[ApiClient] Skipping token invalidation for #{character_id} - tokens were refreshed concurrently"
+            )
+          end
+
+        {:error, _} ->
+          Logger.error("Failed to load character #{character_id} for token invalidation")
+      end
+    end

    :ok
  end
--- a/lib/wanderer_app_web/controllers/auth_controller.ex
+++ b/lib/wanderer_app_web/controllers/auth_controller.ex
@@ -42,6 +42,18 @@ defmodule WandererAppWeb.AuthController do

          WandererApp.Character.update_character(character.id, character_update)

+          # Clear the invalid_grant counter so stale failures don't cause
+          # premature token invalidation after a successful re-auth
+          WandererApp.Cache.delete("character:#{character.id}:invalid_grant_count")
+
+          # Set a grace period to protect fresh tokens from being wiped by
+          # in-flight or immediately-subsequent invalid_grant errors
+          WandererApp.Cache.put(
+            "character:#{character.id}:reauth_grace",
+            true,
+            ttl: :timer.minutes(5)
+          )
+
          # Update corporation/alliance data from ESI to ensure access control is current
          update_character_affiliation(character)

--- a/lib/wanderer_app_web/live/characters/characters_live.ex
+++ b/lib/wanderer_app_web/live/characters/characters_live.ex
@@ -22,6 +22,11 @@ defmodule WandererAppWeb.CharactersLive do
        "character:#{character_id}:corporation"
      )

+      Phoenix.PubSub.subscribe(
+        WandererApp.PubSub,
+        "character:#{character_id}"
+      )
+
      :ok = WandererApp.Character.TrackerManager.start_tracking(character_id)
    end)

@@ -148,6 +153,18 @@ defmodule WandererAppWeb.CharactersLive do
    {:noreply, socket |> assign(characters: characters |> Enum.map(&map_ui_character/1))}
  end

+  @impl true
+  def handle_info(
+        event,
+        socket
+      )
+      when event in [:character_token_invalid, :token_updated] do
+    {:ok, characters} =
+      WandererApp.Api.Character.active_by_user(%{user_id: socket.assigns.user_id})
+
+    {:noreply, socket |> assign(characters: characters |> Enum.map(&map_ui_character/1))}
+  end
+
  @impl true
  def handle_info(
        _event,
--- a/mix.exs
+++ b/mix.exs
@@ -3,7 +3,7 @@ defmodule WandererApp.MixProject do

  @source_url "https://github.com/wanderer-industries/wanderer"

-  @version "1.97.2"
+  @version "1.97.4"

  def project do
    [
Author	SHA1	Message	Date
CI	b9197880f0	chore: release version v1.97.4	2026-03-26 00:11:47 +00:00
Dmitry Popov	88f027facd	Merge branch 'main' of github.com:wanderer-industries/wanderer	2026-03-26 01:11:01 +01:00
Dmitry Popov	d62ad709ab	fix(core): Fixed character re-auth issues	2026-03-26 01:10:57 +01:00
CI	15aeb8eb85	chore: [skip ci]	2026-03-25 23:41:47 +00:00
CI	6970db438d	chore: release version v1.97.3	2026-03-25 23:41:47 +00:00
Dmitry Popov	9ab7fcc46e	fix(core): Fixed character re-auth issues	2026-03-26 00:41:07 +01:00
CI	931a8e629d	chore: [skip ci]	2026-03-23 11:20:01 +00:00