Fix runtime 401 not notifying developer to provide a new JWT

When OperationRepo handled FAIL_UNAUTHORIZED it invalidated the JWT
and re-queued operations but never fired IUserJwtInvalidatedListener,
leaving the queue permanently stuck. Wire a callback from OperationRepo
through IdentityVerificationService to UserManager.fireJwtInvalidated()
so the developer is notified and can supply a fresh token.

Made-with: Cursor

Author: nan-li

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/config/impl/IdentityVerificationService.kt

@@ -29,6 +29,9 @@ internal class IdentityVerificationService(
 ) : IStartableService, ISingletonModelStoreChangeHandler<ConfigModel> {
     override fun start() {
         _configModelStore.subscribe(this)
+        _operationRepo.setJwtInvalidatedHandler { externalId ->
+            _userManager.fireJwtInvalidated(externalId)
+        }
     }
 
     override fun onModelReplaced(

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/IOperationRepo.kt

@@ -49,6 +49,13 @@ interface IOperationRepo {
      * purge operations that cannot be executed without an authenticated user.
      */
     fun removeOperationsWithoutExternalId()
+
+    /**
+     * Register a handler to be called when a runtime 401 Unauthorized response
+     * invalidates a JWT. This allows the caller to notify the developer so they
+     * can supply a fresh token via [OneSignal.updateUserJwt].
+     */
+    fun setJwtInvalidatedHandler(handler: ((String) -> Unit)?)
 }
 
 // Extension function so the syntax containsInstanceOf<Operation>() can be used over

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt

@@ -44,6 +44,8 @@ internal class OperationRepo(
         }
     }
 
+    private var _jwtInvalidatedHandler: ((String) -> Unit)? = null
+
     internal class LoopWaiterMessage(
         val force: Boolean,
         val previousWaitedTime: Long = 0,
@@ -284,6 +286,7 @@ internal class OperationRepo(
                     val externalId = startingOp.operation.externalId
                     if (externalId != null) {
                         _jwtTokenStore.invalidateJwt(externalId)
+                        _jwtInvalidatedHandler?.invoke(externalId)
                         Logging.warn("Operation execution failed with 401 Unauthorized, JWT invalidated for user: $externalId. Operations re-queued.")
                         synchronized(queue) {
                             ops.reversed().forEach { queue.add(0, it) }
@@ -512,4 +515,8 @@ internal class OperationRepo(
             }
         }
     }
+
+    override fun setJwtInvalidatedHandler(handler: ((String) -> Unit)?) {
+        _jwtInvalidatedHandler = handler
+    }
 }

OneSignalSDK/onesignal/core/src/test/java/com/onesignal/core/internal/operations/OperationRepoTests.kt

@@ -894,6 +894,88 @@ class OperationRepoTests : FunSpec({
         // Verify that the grouped execution happened with both operations
         // We can't easily verify the exact list content with MockK, but we verified it in the execution order tracking
     }
+
+    test("FAIL_UNAUTHORIZED invalidates JWT and fires handler for identified user") {
+        // Given
+        val configModelStore =
+            MockHelper.configModelStore {
+                it.useIdentityVerification = true
+            }
+        val identityModelStore =
+            MockHelper.identityModelStore {
+                it.externalId = "test-user"
+            }
+        val jwtTokenStore = mockk<JwtTokenStore>(relaxed = true)
+        every { jwtTokenStore.getJwt("test-user") } returns "valid-jwt"
+
+        val operationModelStore =
+            run {
+                val operationStoreList = mutableListOf<Operation>()
+                val mock = mockk<OperationModelStore>()
+                every { mock.loadOperations() } just runs
+                every { mock.list() } answers { operationStoreList.toList() }
+                every { mock.add(any()) } answers { operationStoreList.add(firstArg<Operation>()) }
+                every { mock.remove(any()) } answers {
+                    val id = firstArg<String>()
+                    operationStoreList.removeIf { it.id == id }
+                }
+                mock
+            }
+
+        val executor = mockk<IOperationExecutor>()
+        every { executor.operations } returns listOf("DUMMY_OPERATION")
+        coEvery { executor.execute(any()) } returns
+            ExecutionResponse(ExecutionResult.FAIL_UNAUTHORIZED) andThen
+            ExecutionResponse(ExecutionResult.SUCCESS)
+
+        val operationRepo =
+            spyk(
+                OperationRepo(
+                    listOf(executor),
+                    operationModelStore,
+                    configModelStore,
+                    Time(),
+                    getNewRecordState(configModelStore),
+                    jwtTokenStore,
+                    identityModelStore,
+                ),
+                recordPrivateCalls = true,
+            )
+
+        var handlerCalledWith: String? = null
+        operationRepo.setJwtInvalidatedHandler { externalId ->
+            handlerCalledWith = externalId
+        }
+
+        val operation = mockOperation()
+        every { operation.externalId } returns "test-user"
+
+        // When
+        operationRepo.start()
+        val response = operationRepo.enqueueAndWait(operation)
+
+        // Then
+        response shouldBe true
+        verify { jwtTokenStore.invalidateJwt("test-user") }
+        handlerCalledWith shouldBe "test-user"
+    }
+
+    test("FAIL_UNAUTHORIZED drops operations for anonymous user") {
+        // Given
+        val mocks = Mocks()
+        coEvery { mocks.executor.execute(any()) } returns ExecutionResponse(ExecutionResult.FAIL_UNAUTHORIZED)
+
+        val operation = mockOperation()
+        // externalId defaults to null in mockOperation
+
+        // When
+        mocks.operationRepo.start()
+        val response = mocks.operationRepo.enqueueAndWait(operation)
+
+        // Then
+        response shouldBe false
+        verify { mocks.operationModelStore.remove(operation.id) }
+    }
 }) {
     companion object {
         private fun mockOperation(