fix(auth): resolve hanging on connecting to organization

Author: eldinmiller

CHANGELOG.md

@@ -2,6 +2,18 @@
 
 All notable changes to BluePLM will be documented in this file.
 
+## [2.9.4] - 2025-12-17
+
+### Fixed
+- **Auth flow hanging on "Connecting to your organization"**: Removed `ensureUserOrgId()` RPC call that was causing the Supabase client to hang indefinitely. The `linkUserToOrganization()` function (which uses raw fetch) handles org_id setup correctly as a fallback.
+- **Added auth timeout safety net**: If organization connection takes longer than 30 seconds, the app will now timeout gracefully instead of hanging forever
+- **Added cancel button to connecting screen**: Users can now click "Cancel" to sign out and retry if the connection hangs
+
+### Changed
+- **Online users indicator styling**: Changed from bright green notification badge to a subtle neutral badge that doesn't look like a notification
+
+---
+
 ## [2.9.3] - 2025-12-17
 
 ### Fixed

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "blue-plm",
-  "version": "2.9.3",
+  "version": "2.9.4",
   "description": "Product Lifecycle Management for everyone who builds",
   "main": "dist-electron/main.js",
   "scripts": {
@@ -113,6 +113,12 @@
           "arch": [
             "universal"
           ]
+        },
+        {
+          "target": "zip",
+          "arch": [
+            "universal"
+          ]
         }
       ],
       "category": "public.app-category.developer-tools",

package.json

@@ -3,7 +3,7 @@ import { registerModule, unregisterModule } from '@/lib/telemetry'
 import { usePDMStore } from './stores/pdmStore'
 import { SettingsContent } from './components/SettingsContent'
 import type { SettingsTab } from './types/settings'
-import { supabase, getCurrentSession, isSupabaseConfigured, getFilesLightweight, getCheckedOutUsers, linkUserToOrganization, getUserProfile, setCurrentAccessToken, registerDeviceSession, startSessionHeartbeat, stopSessionHeartbeat, signOut, syncUserSessionsOrgId, ensureUserOrgId } from './lib/supabase'
+import { supabase, getCurrentSession, isSupabaseConfigured, getFilesLightweight, getCheckedOutUsers, linkUserToOrganization, getUserProfile, setCurrentAccessToken, registerDeviceSession, startSessionHeartbeat, stopSessionHeartbeat, signOut, syncUserSessionsOrgId } from './lib/supabase'
 import { subscribeToFiles, subscribeToActivity, subscribeToOrganization, unsubscribeAll } from './lib/realtime'
 import { getBackupStatus, isThisDesignatedMachine, updateHeartbeat } from './lib/backup'
 import { MenuBar } from './components/MenuBar'
@@ -317,12 +317,8 @@ function App() {
         setCurrentAccessToken(session.access_token)
 
         try {
-          // FIRST: Ensure user's org_id is correct in the database
-          // This fixes issues where users have NULL or wrong org_id
-          const orgIdResult = await ensureUserOrgId()
-          if (orgIdResult.fixed) {
-            console.log('[Auth] Fixed user org_id in database')
-          }
+          // NOTE: ensureUserOrgId() removed - it used client.rpc() which hangs
+          // linkUserToOrganization() handles org_id setup correctly as fallback
 
           // Fetch user profile from database to get role
           const { profile, error: profileError } = await getUserProfile(session.user.id)
@@ -385,20 +381,24 @@ function App() {
 
         if ((event === 'SIGNED_IN' || event === 'TOKEN_REFRESHED') && session?.user) {
           // Show connecting state while loading organization
+          // Add timeout to prevent infinite hanging if network/db is slow
+          let connectingTimeout: ReturnType<typeof setTimeout> | null = null
           if (event === 'SIGNED_IN') {
             setIsConnecting(true)
+            // Safety timeout: clear isConnecting after 30s to prevent infinite hang
+            connectingTimeout = setTimeout(() => {
+              console.warn('[Auth] Organization loading timeout - clearing connecting state')
+              setIsConnecting(false)
+              addToast('warning', 'Connection timed out. You may need to sign in again.')
+            }, 30000)
           }
 
           // Store access token for raw fetch calls (Supabase client methods hang)
           setCurrentAccessToken(session.access_token)
 
           try {
-            // FIRST: Ensure user's org_id is correct in the database
-            // This fixes issues where users have NULL or wrong org_id
-            const orgIdResult = await ensureUserOrgId()
-            if (orgIdResult.fixed) {
-              console.log('[Auth] Fixed user org_id in database during', event)
-            }
+            // NOTE: ensureUserOrgId() removed - it used client.rpc() which hangs
+            // linkUserToOrganization() handles org_id setup correctly as fallback
 
             // Fetch user profile from database to get role
             console.log('[Auth] Fetching user profile...')
@@ -434,6 +434,7 @@ function App() {
               window.electronAPI?.log?.('info', `[Auth] Organization loaded: ${(org as any).name}`)
               window.electronAPI?.log?.('info', `[Auth] Organization settings keys: ${Object.keys((org as any).settings || {}).join(', ')}`)
               window.electronAPI?.log?.('info', `[Auth] DM License key in settings: ${(org as any).settings?.solidworks_dm_license_key ? 'PRESENT (' + (org as any).settings.solidworks_dm_license_key.length + ' chars)' : 'NOT PRESENT'}`)
+              if (connectingTimeout) clearTimeout(connectingTimeout)
               setOrganization(org as any)
 
               // Update user's org_id in store if it wasn't set (triggers session re-registration with correct org_id)
@@ -448,10 +449,12 @@ function App() {
               syncUserSessionsOrgId(session.user.id, (org as any).id)
             } else {
               console.log('[Auth] No organization found:', orgError)
+              if (connectingTimeout) clearTimeout(connectingTimeout)
               setIsConnecting(false)
             }
           } catch (err) {
             console.error('[Auth] Error in auth state handler:', err)
+            if (connectingTimeout) clearTimeout(connectingTimeout)
             setIsConnecting(false)
           }
         } else if (event === 'SIGNED_OUT') {

src/App.tsx

@@ -117,10 +117,10 @@ export function OnlineUsersIndicator({ orgLogoUrl }: OnlineUsersIndicatorProps)
               <Users size={16} className="text-plm-fg-muted group-hover:text-plm-fg transition-colors" />
             )}
 
-            {/* Online count badge */}
+            {/* Online count - visible but not like a notification */}
             {onlineUsers.length > 0 && (
-              <div className="absolute -top-1 -right-1 min-w-[14px] h-[14px] flex items-center justify-center bg-plm-success rounded-full">
-                <span className="text-[9px] font-bold text-white px-0.5">
+              <div className="absolute -top-1 -right-1.5 min-w-[14px] h-[14px] flex items-center justify-center bg-plm-bg-lighter rounded-full border border-plm-border">
+                <span className="text-[9px] font-semibold text-plm-fg-dim group-hover:text-plm-fg transition-colors px-0.5">
                   {onlineUsers.length > 99 ? '99+' : onlineUsers.length}
                 </span>
               </div>

src/components/OnlineUsersIndicator.tsx

@@ -588,6 +588,12 @@ export function WelcomeScreen({ onOpenRecentVault }: WelcomeScreenProps) {
   // CONNECTING SCREEN (shown after sign-in while loading organization)
   // ============================================
   if (isAuthConnecting) {
+    const handleCancelConnecting = async () => {
+      uiLog('info', 'User cancelled connecting - signing out')
+      const { signOut: supabaseSignOut } = await import('../lib/supabase')
+      await supabaseSignOut()
+    }
+    
     return (
       <div className="flex-1 flex items-center justify-center bg-plm-bg overflow-auto">
         <div className="max-w-md w-full p-8 text-center">
@@ -620,6 +626,14 @@ export function WelcomeScreen({ onOpenRecentVault }: WelcomeScreenProps) {
 
           <Loader2 size={40} className="animate-spin text-plm-accent mx-auto mb-4" />
           <p className="text-plm-fg-muted">{t('welcome.connectingToOrg')}</p>
+          
+          {/* Cancel button - allows users to escape if connection hangs */}
+          <button
+            onClick={handleCancelConnecting}
+            className="mt-6 text-sm text-plm-fg-muted hover:text-plm-fg transition-colors underline"
+          >
+            {t('common.cancel')}
+          </button>
         </div>
       </div>
     )

src/components/WelcomeScreen.tsx

@@ -3984,14 +3984,26 @@ export async function syncUserSessionsOrgId(userId: string, orgId: string): Prom
  * Ensure the current user has the correct org_id in the database
  * This calls a database RPC that checks and fixes org_id based on email domain
  * Should be called on every app boot to prevent org_id mismatch issues
+ * 
+ * NOTE: This uses Supabase client.rpc() which can sometimes hang. We add a timeout
+ * to prevent blocking the auth flow. If it times out, we just skip it - the
+ * linkUserToOrganization function will handle setting org_id as a fallback.
  */
 export async function ensureUserOrgId(): Promise<{ success: boolean; fixed: boolean; org_id?: string; error?: string }> {
   const client = getSupabaseClient()
 
   console.log('[Auth] Ensuring user org_id is correct...')
 
+  // Wrap in a timeout since client.rpc() can hang
+  const timeoutMs = 5000 // 5 second timeout
+  
   try {
-    const { data, error } = await client.rpc('ensure_user_org_id' as never)
+    const rpcPromise = client.rpc('ensure_user_org_id' as never)
+    const timeoutPromise = new Promise<never>((_, reject) => 
+      setTimeout(() => reject(new Error('RPC timeout after 5s')), timeoutMs)
+    )
+    
+    const { data, error } = await Promise.race([rpcPromise, timeoutPromise]) as { data: unknown; error: { message: string } | null }
 
     if (error) {
       // RPC might not exist yet (before migration runs)
@@ -4014,8 +4026,14 @@ export async function ensureUserOrgId(): Promise<{ success: boolean; fixed: bool
       error: result.error
     }
   } catch (err) {
-    console.error('[Auth] ensureUserOrgId failed:', err)
-    return { success: false, fixed: false, error: String(err) }
+    // This catches both RPC errors and timeout
+    const errorMsg = String(err)
+    if (errorMsg.includes('timeout')) {
+      console.warn('[Auth] ensureUserOrgId timed out - skipping (not critical)')
+    } else {
+      console.error('[Auth] ensureUserOrgId failed:', err)
+    }
+    return { success: false, fixed: false, error: errorMsg }
   }
 }