fix: login race causes subsequent calls to target previous user

OneSignal.login() scheduled the user switch asynchronously via
suspendifyOnIO, so the API call returned before the identity model
was updated. Calls made right after login (e.g. addTag) applied to
the OLD user because the switch hadn't happened yet.

Split login into two phases:
- switchUser(): synchronous under the login/logout lock. Swaps the
  local identity/properties/subscription models immediately so
  subsequent SDK calls see the new user.
- enqueueLogin(): async. Enqueues the LoginUserOperation and awaits
  completion of the backend user creation.

Because switchUser returns before enqueueLogin runs, there's a small
window where RecoverFromDroppedLoginBug can observe the state (new
externalId, local onesignalId, no LoginUserOperation in queue) and
enqueue its own recovery login. When the real enqueueLogin then adds
another login op, the executor crashes on a grouped batch containing
two LoginUserOperations. Add a dedupe check in internalEnqueue: if a
LoginUserOperation for the same onesignalId is already queued, drop
the incoming one and wake its waiter optimistically with true so
loginSuspend callers don't hang on enqueueAndWait.

If the duplicate came from loadSavedOperations (addToStore = false),
also remove it from the operation model store so we don't leave an
orphan entry that lingers until the next cold start.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: nan-li

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt

@@ -11,6 +11,7 @@ import com.onesignal.core.internal.startup.IStartableService
 import com.onesignal.core.internal.time.ITime
 import com.onesignal.debug.LogLevel
 import com.onesignal.debug.internal.logging.Logging
+import com.onesignal.user.internal.operations.LoginUserOperation
 import com.onesignal.user.internal.operations.impl.states.NewRecordsState
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
@@ -161,6 +162,27 @@ internal class OperationRepo(
                 return
             }
 
+            // Dedupe LoginUserOperation for the same user — prevents RecoverFromDroppedLoginBug
+            // and the real login() call from both enqueuing a login op during the timing window.
+            // Wake the waiter optimistically with `true`: the already-queued op will do the work,
+            // but we don't await its real result (that would require waiter chaining). enqueueAndWait
+            // callers like loginSuspend would otherwise hang forever. The only caller today is
+            // LoginHelper.enqueueLogin which just logs on failure, so the lost signal is acceptable.
+            // If the op came from loadSavedOperations (addToStore = false) it's also a stale
+            // duplicate in the store; remove it to avoid an orphan entry that lingers until the
+            // next cold start.
+            val op = queueItem.operation
+            if (op is LoginUserOperation &&
+                queue.any { it.operation is LoginUserOperation && it.operation.onesignalId == op.onesignalId }
+            ) {
+                Logging.debug("OperationRepo: internalEnqueue - LoginUserOperation for onesignalId: ${op.onesignalId} already exists in the queue.")
+                if (!addToStore) {
+                    _operationModelStore.remove(queueItem.operation.id)
+                }
+                queueItem.waiter?.wake(true)
+                return
+            }
+
             if (index != null) {
                 queue.add(index, queueItem)
             } else {

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/internal/OneSignalImp.kt

@@ -378,14 +378,20 @@ internal class OneSignalImp(
 
         if (isBackgroundThreadingEnabled) {
             waitForInit(operationName = "login")
-            suspendifyOnIO { loginHelper.login(externalId, jwtBearerToken) }
         } else {
             if (!isInitialized) {
                 throw IllegalStateException("Must call 'initWithContext' before 'login'")
             }
+        }
+
+        val context = loginHelper.switchUser(externalId, jwtBearerToken) ?: return
+
+        if (isBackgroundThreadingEnabled) {
+            suspendifyOnIO { loginHelper.enqueueLogin(context) }
+        } else {
             Thread {
                 runBlocking(runtimeIoDispatcher) {
-                    loginHelper.login(externalId, jwtBearerToken)
+                    loginHelper.enqueueLogin(context)
                 }
             }.start()
         }
@@ -646,7 +652,8 @@ internal class OneSignalImp(
             throw IllegalStateException("'initWithContext failed' before 'login'")
         }
 
-        loginHelper.login(externalId, jwtBearerToken)
+        val context = loginHelper.switchUser(externalId, jwtBearerToken) ?: return@withContext
+        loginHelper.enqueueLogin(context)
     }
 
     override suspend fun logoutSuspend() =

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/LoginHelper.kt

@@ -13,37 +13,55 @@ class LoginHelper(
     private val configModel: ConfigModel,
     private val lock: Any,
 ) {
-    suspend fun login(
+    internal data class LoginEnqueueContext(
+        val appId: String,
+        val newIdentityOneSignalId: String,
+        val externalId: String,
+        val existingOneSignalId: String?,
+    )
+
+    /**
+     * Synchronously switches local user models under the login/logout lock so subsequent
+     * SDK calls (e.g. addTag) see the new user's identity immediately. Returns context
+     * needed for [enqueueLogin], or null if the user was already logged in with [externalId]
+     * (no switch needed).
+     */
+    internal fun switchUser(
         externalId: String,
         jwtBearerToken: String? = null,
-    ) {
-        var currentIdentityExternalId: String? = null
-        var currentIdentityOneSignalId: String? = null
-        var newIdentityOneSignalId: String = ""
-
+    ): LoginEnqueueContext? {
         synchronized(lock) {
-            currentIdentityExternalId = identityModelStore.model.externalId
-            currentIdentityOneSignalId = identityModelStore.model.onesignalId
+            val currentExternalId = identityModelStore.model.externalId
+            val currentOneSignalId = identityModelStore.model.onesignalId
 
-            if (currentIdentityExternalId == externalId) {
-                return
+            if (currentExternalId == externalId) {
+                return null
             }
 
             // TODO: Set JWT Token for all future requests.
             userSwitcher.createAndSwitchToNewUser { identityModel, _ ->
                 identityModel.externalId = externalId
             }
 
-            newIdentityOneSignalId = identityModelStore.model.onesignalId
+            val newOneSignalId = identityModelStore.model.onesignalId
+            val existingOneSignalId =
+                if (currentExternalId == null) currentOneSignalId else null
+
+            return LoginEnqueueContext(configModel.appId, newOneSignalId, externalId, existingOneSignalId)
         }
+    }
 
+    /**
+     * Enqueues the [LoginUserOperation] and suspends until it completes.
+     */
+    internal suspend fun enqueueLogin(context: LoginEnqueueContext) {
         val result =
             operationRepo.enqueueAndWait(
                 LoginUserOperation(
-                    configModel.appId,
-                    newIdentityOneSignalId,
-                    externalId,
-                    if (currentIdentityExternalId == null) currentIdentityOneSignalId else null,
+                    context.appId,
+                    context.newIdentityOneSignalId,
+                    context.externalId,
+                    context.existingOneSignalId,
                 ),
             )
 

OneSignalSDK/onesignal/core/src/test/java/com/onesignal/user/internal/LoginHelperTests.kt

@@ -61,7 +61,8 @@ class LoginHelperTests : FunSpec({
 
         // When
         runBlocking {
-            loginHelper.login(currentExternalId)
+            val context = loginHelper.switchUser(currentExternalId)
+            if (context != null) loginHelper.enqueueLogin(context)
         }
 
         // Then - should return early without any operations
@@ -113,7 +114,8 @@ class LoginHelperTests : FunSpec({
 
         // When
         runBlocking {
-            loginHelper.login(newExternalId)
+            val context = loginHelper.switchUser(newExternalId)
+            if (context != null) loginHelper.enqueueLogin(context)
         }
 
         // Then - should switch users and enqueue login operation
@@ -178,7 +180,8 @@ class LoginHelperTests : FunSpec({
 
         // When
         runBlocking {
-            loginHelper.login(newExternalId)
+            val context = loginHelper.switchUser(newExternalId)
+            if (context != null) loginHelper.enqueueLogin(context)
         }
 
         // Then - should provide existing OneSignal ID for anonymous user conversion
@@ -239,7 +242,8 @@ class LoginHelperTests : FunSpec({
 
         // When
         runBlocking {
-            loginHelper.login(newExternalId)
+            val context = loginHelper.switchUser(newExternalId)
+            if (context != null) loginHelper.enqueueLogin(context)
         }
 
         // Then - should still switch users but operation fails