Fix FAIL_UNAUTHORIZED loop when IV off and stuck login when IV arrives post-enqueue

OperationRepo: gate FAIL_UNAUTHORIZED re-queue on useIdentityVerification == true.
When IV is OFF, hasValidJwtIfRequired() always returns true so re-queued ops
were immediately eligible, creating a ~200ms infinite retry loop. Now IV-OFF
treats FAIL_UNAUTHORIZED as FAIL_NORETRY (drop + wake waiters).

OperationRepo: in removeOperationsWithoutExternalId(), clear local
existingOnesignalId on queued LoginUserOperations. When IV=ON arrives via
HYDRATE, anonymous CreateUserOperations are purged, orphaning the local ID
that LoginUserOperation.canStartExecute was waiting on translateIds to resolve.
Clearing it unblocks the operation and routes the executor through createUser().

LoginUserOperation: widen existingOnesignalId setter to internal.

Fix Operation.externalId KDoc to reflect that subclass constructors
set this field, not IOperationRepo at enqueue time.

Made-with: Cursor

Author: nan-li

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/Operation.kt

@@ -19,8 +19,8 @@ abstract class Operation(name: String) : Model() {
     /**
      * The external ID of the user this operation belongs to. Used by [IOperationRepo] to look up
      * the correct JWT when identity verification is enabled, and to gate anonymous operations.
-     * Stamped automatically by [IOperationRepo] at enqueue time from the current identity model
-     * when not already set by the concrete operation's constructor.
+     * Must be set by each concrete [Operation] subclass constructor — typically from the current
+     * identity model's externalId at the time the operation is created.
      */
     var externalId: String?
         get() = getOptStringProperty(::externalId.name)

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt

@@ -1,5 +1,6 @@
 package com.onesignal.core.internal.operations.impl
 
+import com.onesignal.common.IDManager
 import com.onesignal.common.threading.WaiterWithValue
 import com.onesignal.core.internal.config.ConfigModelStore
 import com.onesignal.core.internal.operations.ExecutionResult
@@ -13,6 +14,7 @@ import com.onesignal.debug.LogLevel
 import com.onesignal.debug.internal.logging.Logging
 import com.onesignal.user.internal.identity.IdentityModelStore
 import com.onesignal.user.internal.identity.JwtTokenStore
+import com.onesignal.user.internal.operations.LoginUserOperation
 import com.onesignal.user.internal.operations.impl.states.NewRecordsState
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
@@ -284,8 +286,9 @@ internal class OperationRepo(
                     ops.forEach { it.waiter?.wake(true) }
                 }
                 ExecutionResult.FAIL_UNAUTHORIZED -> {
+                    val identityVerificationEnabled = _configModelStore.model.useIdentityVerification == true
                     val externalId = startingOp.operation.externalId
-                    if (externalId != null) {
+                    if (identityVerificationEnabled && externalId != null) {
                         _jwtTokenStore.invalidateJwt(externalId)
                         Logging.warn("Operation execution failed with 401 Unauthorized, JWT invalidated for user: $externalId. Operations re-queued.")
                         // Unblock any enqueueAndWait callers so loginSuspend doesn't hang.
@@ -542,6 +545,21 @@ internal class OperationRepo(
             if (toRemove.isNotEmpty()) {
                 Logging.debug("OperationRepo: removed ${toRemove.size} anonymous operations (no externalId)")
             }
+
+            // Any LoginUserOperation whose existingOnesignalId is a local ID was
+            // waiting on a now-purged anonymous CreateUserOperation to translate it.
+            // Clear it so canStartExecute unblocks and the executor takes the
+            // createUser() path instead.
+            queue.forEach {
+                val op = it.operation
+                if (op is LoginUserOperation) {
+                    val existing = op.existingOnesignalId
+                    if (existing != null && IDManager.isLocalId(existing)) {
+                        op.existingOnesignalId = null
+                        Logging.debug("OperationRepo: cleared local existingOnesignalId on LoginUserOperation (was $existing)")
+                    }
+                }
+            }
         }
     }
 

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/operations/LoginUserOperation.kt

@@ -39,7 +39,7 @@ class LoginUserOperation() : Operation(LoginUserOperationExecutor.LOGIN_USER) {
      */
     var existingOnesignalId: String?
         get() = getOptStringProperty(::existingOnesignalId.name)
-        private set(value) {
+        internal set(value) {
             setOptStringProperty(::existingOnesignalId.name, value)
         }