Address Claude review bot feedback on IV PR

- Redact JWT from login/loginSuspend logs (show last 8 chars)
- Fix error message in updateUserJwtSuspend
- Add FAIL_UNAUTHORIZED to deleteSubscription and CustomEvent executors
- Drop TransferSubscriptionOperation when IV=ON
- Skip IAM fetch when JWT is invalidated (prevent rate-limit poisoning)
- Clear existingOnesignalId unconditionally in removeOperationsWithoutExternalId

Author: nan-li

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt

@@ -1,6 +1,5 @@
 package com.onesignal.core.internal.operations.impl
 
-import com.onesignal.common.IDManager
 import com.onesignal.common.threading.WaiterWithValue
 import com.onesignal.core.internal.config.ConfigModelStore
 import com.onesignal.core.internal.operations.ExecutionResult
@@ -546,18 +545,13 @@ internal class OperationRepo(
                 Logging.debug("OperationRepo: removed ${toRemove.size} anonymous operations (no externalId)")
             }
 
-            // Any LoginUserOperation whose existingOnesignalId is a local ID was
-            // waiting on a now-purged anonymous CreateUserOperation to translate it.
-            // Clear it so canStartExecute unblocks and the executor takes the
-            // createUser() path instead.
+            // IV=ON never transfers anonymous state; clear existingOnesignalId so
+            // the executor takes the createUser (upsert) path.
             queue.forEach {
                 val op = it.operation
-                if (op is LoginUserOperation) {
-                    val existing = op.existingOnesignalId
-                    if (existing != null && IDManager.isLocalId(existing)) {
-                        op.existingOnesignalId = null
-                        Logging.debug("OperationRepo: cleared local existingOnesignalId on LoginUserOperation (was $existing)")
-                    }
+                if (op is LoginUserOperation && op.existingOnesignalId != null) {
+                    Logging.debug("OperationRepo: cleared existingOnesignalId on LoginUserOperation (was ${op.existingOnesignalId})")
+                    op.existingOnesignalId = null
                 }
             }
         }

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/internal/OneSignalImp.kt

@@ -380,7 +380,7 @@ internal class OneSignalImp(
         externalId: String,
         jwtBearerToken: String?,
     ) {
-        Logging.log(LogLevel.DEBUG, "Calling deprecated login(externalId: $externalId, jwtBearerToken: $jwtBearerToken)")
+        Logging.log(LogLevel.DEBUG, "Calling deprecated login(externalId: $externalId, jwtBearerToken: ...${jwtBearerToken?.takeLast(8)})")
 
         if (isBackgroundThreadingEnabled) {
             waitForInit(operationName = "login")
@@ -425,7 +425,7 @@ internal class OneSignalImp(
         externalId: String,
         token: String,
     ) {
-        Logging.log(LogLevel.DEBUG, "updateUserJwt(externalId: $externalId, token: <redacted>)")
+        Logging.log(LogLevel.DEBUG, "updateUserJwt(externalId: $externalId, token: ...${token.takeLast(8)})")
 
         if (isBackgroundThreadingEnabled) {
             waitForInit(operationName = "updateUserJwt")
@@ -444,12 +444,12 @@ internal class OneSignalImp(
         externalId: String,
         token: String,
     ) = withContext(runtimeIoDispatcher) {
-        Logging.log(LogLevel.DEBUG, "updateUserJwtSuspend(externalId: $externalId, token: <redacted>)")
+        Logging.log(LogLevel.DEBUG, "updateUserJwtSuspend(externalId: $externalId, token: ...${token.takeLast(8)})")
 
         suspendUntilInit(operationName = "updateUserJwt")
 
         if (!isInitialized) {
-            throw IllegalStateException("'initWithContext failed' before 'updateUserJwt'")
+            throw IllegalStateException("Must call 'initWithContext' before 'updateUserJwt'")
         }
 
         jwtTokenStore.putJwt(externalId, token)
@@ -693,7 +693,7 @@ internal class OneSignalImp(
         externalId: String,
         jwtBearerToken: String?,
     ) = withContext(runtimeIoDispatcher) {
-        Logging.log(LogLevel.DEBUG, "login(externalId: $externalId, jwtBearerToken: $jwtBearerToken)")
+        Logging.log(LogLevel.DEBUG, "login(externalId: $externalId, jwtBearerToken: ...${jwtBearerToken?.takeLast(8)})")
 
         suspendUntilInit(operationName = "login")
 

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/operations/impl/executors/CustomEventOperationExecutor.kt

@@ -61,6 +61,8 @@ internal class CustomEventOperationExecutor(
             return when (responseType) {
                 NetworkUtils.ResponseStatusType.RETRYABLE ->
                     ExecutionResponse(ExecutionResult.FAIL_RETRY, retryAfterSeconds = ex.retryAfterSeconds)
+                NetworkUtils.ResponseStatusType.UNAUTHORIZED ->
+                    ExecutionResponse(ExecutionResult.FAIL_UNAUTHORIZED, retryAfterSeconds = ex.retryAfterSeconds)
                 else ->
                     ExecutionResponse(ExecutionResult.FAIL_NORETRY)
             }

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/operations/impl/executors/SubscriptionOperationExecutor.kt

@@ -252,6 +252,11 @@ internal class SubscriptionOperationExecutor(
 
     // TODO: whenever the end-user changes users, we need to add the read-your-write token here, currently no code to handle the re-fetch IAMs
     private suspend fun transferSubscription(startingOperation: TransferSubscriptionOperation): ExecutionResponse {
+        if (_configModelStore.model.useIdentityVerification == true) {
+            Logging.warn("TransferSubscriptionOperation is not supported when identity verification is enabled. Dropping.")
+            return ExecutionResponse(ExecutionResult.FAIL_NORETRY)
+        }
+
         val (aliasLabel, aliasValue) =
             IdentityConstants.resolveAlias(
                 _configModelStore.model.useIdentityVerification,
@@ -323,6 +328,8 @@ internal class SubscriptionOperationExecutor(
                 }
                 NetworkUtils.ResponseStatusType.RETRYABLE ->
                     ExecutionResponse(ExecutionResult.FAIL_RETRY, retryAfterSeconds = ex.retryAfterSeconds)
+                NetworkUtils.ResponseStatusType.UNAUTHORIZED ->
+                    ExecutionResponse(ExecutionResult.FAIL_UNAUTHORIZED, retryAfterSeconds = ex.retryAfterSeconds)
                 else ->
                     ExecutionResponse(ExecutionResult.FAIL_NORETRY)
             }

OneSignalSDK/onesignal/in-app-messages/src/main/java/com/onesignal/inAppMessages/internal/InAppMessagesManager.kt

@@ -302,9 +302,15 @@ internal class InAppMessagesManager(
         }
 
         val externalId = _identityModelStore.model.externalId
-        if (_configModelStore.model.useIdentityVerification == true && externalId == null) {
-            Logging.debug("InAppMessagesManager.fetchMessages: Skipping IAM fetch for anonymous user while identity verification is enabled.")
-            return
+        if (_configModelStore.model.useIdentityVerification == true) {
+            if (externalId == null) {
+                Logging.debug("InAppMessagesManager.fetchMessages: Skipping IAM fetch for anonymous user while identity verification is enabled.")
+                return
+            }
+            if (_jwtTokenStore.getJwt(externalId) == null) {
+                Logging.debug("InAppMessagesManager.fetchMessages: Skipping IAM fetch while JWT is invalidated for user: $externalId")
+                return
+            }
         }
 
         fetchIAMMutex.withLock {