Fix pre-HYDRATE logout and IAM fetch TOCTOU race

- LogoutHelper: remove suppressBackendOperation=true in pre-HYDRATE
  branch so CreateSubscriptionOperation is enqueued alongside the
  anonymous LoginUserOperation (fixes IV=OFF path)
- InAppMessagesManager: capture JWT once before guard check to
  eliminate TOCTOU between guard and backend call
- nit: LoginUserOperationExecutor: add error log when anonymous
  LoginUserOperation is dropped with no subscription op

Author: nan-li

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/LogoutHelper.kt

@@ -38,16 +38,14 @@ class LogoutHelper(
                     ),
                 )
             } else {
-                // IV state unknown (pre-HYDRATE). Take the safe path: disable push
-                // and suppress backend op (like IV=ON), but also enqueue a LoginUserOperation
-                // so the anonymous user is created on the backend if IV turns out to be OFF.
-                // If IV=ON, removeOperationsWithoutExternalId() will purge the anonymous op.
+                // IV unknown (pre-HYDRATE): disable push, enqueue anonymous user.
+                // If IV=ON at HYDRATE, removeOperationsWithoutExternalId() purges these.
                 configModel.pushSubscriptionId?.let { pushSubId ->
                     subscriptionModelStore.get(pushSubId)
                         ?.let { it.isDisabledInternally = true }
                 }
 
-                userSwitcher.createAndSwitchToNewUser(suppressBackendOperation = true)
+                userSwitcher.createAndSwitchToNewUser()
 
                 operationRepo.enqueue(
                     LoginUserOperation(

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/operations/impl/executors/LoginUserOperationExecutor.kt

@@ -74,6 +74,7 @@ internal class LoginUserOperationExecutor(
         // Anonymous Login being processed alone will surely be rejected, so we need to drop the request
         val containsSubscriptionOperation = operations.any { it is CreateSubscriptionOperation || it is TransferSubscriptionOperation }
         if (!containsSubscriptionOperation && loginUserOp.externalId == null) {
+            Logging.error("LoginUserOperationExecutor: dropping anonymous LoginUserOperation with no subscription op: $loginUserOp")
             return ExecutionResponse(ExecutionResult.FAIL_NORETRY)
         }
         if (loginUserOp.existingOnesignalId == null || loginUserOp.externalId == null) {

OneSignalSDK/onesignal/in-app-messages/src/main/java/com/onesignal/inAppMessages/internal/InAppMessagesManager.kt

@@ -302,12 +302,15 @@ internal class InAppMessagesManager(
         }
 
         val externalId = _identityModelStore.model.externalId
+        // Capture JWT once to avoid TOCTOU: the same snapshot is used for the guard
+        // check and the backend call, so a concurrent invalidation can't slip between them.
+        val jwt = externalId?.let { _jwtTokenStore.getJwt(it) }
         if (_configModelStore.model.useIdentityVerification == true) {
             if (externalId == null) {
                 Logging.debug("InAppMessagesManager.fetchMessages: Skipping IAM fetch for anonymous user while identity verification is enabled.")
                 return
             }
-            if (_jwtTokenStore.getJwt(externalId) == null) {
+            if (jwt == null) {
                 Logging.debug("InAppMessagesManager.fetchMessages: Skipping IAM fetch while JWT is invalidated for user: $externalId")
                 return
             }
@@ -328,8 +331,6 @@ internal class InAppMessagesManager(
                 externalId,
                 _identityModelStore.model.onesignalId,
             )
-        val jwt = externalId?.let { _jwtTokenStore.getJwt(it) }
-
         // lambda so that it is updated on each potential retry
         val sessionDurationProvider = { _time.currentTimeMillis - _sessionService.startTime }
         val newMessages = _backend.listInAppMessages(appId, aliasLabel, aliasValue, subscriptionId, rywData, sessionDurationProvider, jwt)