fix(android): interceptor order — auth before baseUrl (hotfix for v2026.06.02) #76

Merged
bvandeusen merged 1 commits from dev into main 2026-06-02 22:07:32 -04:00
Owner

Summary

Hotfix for v2026.06.02 connectivity bug: fresh installs land at the Welcome screen and can never sign in.

Root cause: NetworkModule.kt chained BaseUrlInterceptor before AuthCookieInterceptor. Both interceptors scope work on host == PLACEHOLDER_HOST (drift #568/#569, to keep the Minstrel session cookie off Coil image fetches to MusicBrainz / coverartarchive / Lidarr). With BaseUrl first, the URL was rewritten to the real Minstrel host before auth ran — so auth's placeholder check failed on every request, the session cookie was never attached on outgoing requests, and Set-Cookie from login was never captured.

The AuthCookieInterceptorTest chains the interceptors in the correct order (auth, then baseUrl), which is why the regression went undetected — only production was wrong.

Fix: swap to (auth, baseUrl, logging). Auth now sees placeholder.invalid, attaches/captures the cookie, then BaseUrl rewrites the host for transport.

Client-side only — no server change required. New APK needed.

Test Plan

  • CI green on dev (run #300 — already passed)
  • Fresh-install APK: sign-in succeeds, cookie captured, lands on Home
  • In-app update banner can both detect AND download the next release
## Summary Hotfix for v2026.06.02 connectivity bug: fresh installs land at the Welcome screen and can never sign in. **Root cause**: `NetworkModule.kt` chained `BaseUrlInterceptor` before `AuthCookieInterceptor`. Both interceptors scope work on `host == PLACEHOLDER_HOST` (drift #568/#569, to keep the Minstrel session cookie off Coil image fetches to MusicBrainz / coverartarchive / Lidarr). With BaseUrl first, the URL was rewritten to the real Minstrel host before auth ran — so auth's placeholder check failed on every request, the session cookie was never attached on outgoing requests, and `Set-Cookie` from login was never captured. The `AuthCookieInterceptorTest` chains the interceptors in the correct order (auth, then baseUrl), which is why the regression went undetected — only production was wrong. **Fix**: swap to `(auth, baseUrl, logging)`. Auth now sees `placeholder.invalid`, attaches/captures the cookie, then BaseUrl rewrites the host for transport. Client-side only — no server change required. New APK needed. ## Test Plan - [ ] CI green on dev (run #300 — already passed) - [ ] Fresh-install APK: sign-in succeeds, cookie captured, lands on Home - [ ] In-app update banner can both detect AND download the next release
bvandeusen added 1 commit 2026-06-02 22:07:25 -04:00
fix(android): interceptor order — auth before baseUrl
android / Build + lint + test (push) Successful in 4m24s
94b3b87785
Drift #568/#569 scoped AuthCookieInterceptor to PLACEHOLDER_HOST so
the shared OkHttp client wouldn't leak the session cookie to external
image fetches (Coil → musicbrainz, coverartarchive, Lidarr). The fix
was correct but assumed AuthCookieInterceptor would see the original
placeholder.invalid URL — production NetworkModule had BaseUrlInterceptor
running FIRST, so by the time auth's intercept() ran the host was
already rewritten to the real Minstrel server and the placeholder
check failed on every request.

Symptom on v2026.06.02: fresh install login appears to succeed but
no cookie is captured from Set-Cookie and no cookie is attached to
subsequent requests, so the user stays at the Welcome screen.

AuthCookieInterceptorTest already chains the interceptors in the
correct order, which is why the regression went undetected — only
production was wrong.

Fix: swap to (auth, baseUrl, logging). Auth now sees
placeholder.invalid, attaches/captures the cookie, then BaseUrl
rewrites the host for transport.
bvandeusen merged commit d9b2dd957c into main 2026-06-02 22:07:32 -04:00
Sign in to join this conversation.
No Reviewers
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: bvandeusen/minstrel#76