From 928867a9e2ad2ac9a9aea355dee5b982ec5c8631 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Sat, 11 Apr 2026 08:33:08 -0400
Subject: [PATCH] fix(encryptid): show all known usernames at login, reduce
 post-auth redirects

- getAllKnownUsernames() now pulls from 4 sources: current session,
  rspace-username cache, known-personas list, and encryptid-known-accounts
- On specific space: stay on that page (reload only, no redirect away)
- On landing: go straight to dashboard (hardcode "rspace" module)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 shared/components/rstack-identity.ts | 49 +++++++++++++++-------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/shared/components/rstack-identity.ts b/shared/components/rstack-identity.ts
index 1eb7104e..cabbcc6d 100644
--- a/shared/components/rstack-identity.ts
+++ b/shared/components/rstack-identity.ts
@@ -256,27 +256,33 @@ function getKnownPersonas(): KnownPersona[] {
 	} catch { return []; }
 }
 
-/** Merge personas from both localStorage keys into a deduplicated list by username. */
+/** Merge usernames from all localStorage sources into a deduplicated list. */
 function getAllKnownUsernames(): string[] {
 	const seen = new Set<string>();
 	const result: string[] = [];
-	// Primary: persona list (has DID, most reliable)
-	for (const p of getKnownPersonas()) {
-		if (p.username && !seen.has(p.username)) {
-			seen.add(p.username);
-			result.push(p.username);
-		}
-	}
-	// Secondary: encryptid login-button known accounts
+	const add = (u: string) => { if (u && !seen.has(u)) { seen.add(u); result.push(u); } };
+
+	// 1. Current session username (always first if logged in)
 	try {
-		const accounts: { username: string }[] = JSON.parse(localStorage.getItem(KNOWN_ACCOUNTS_KEY) || "[]");
-		for (const a of accounts) {
-			if (a.username && !seen.has(a.username)) {
-				seen.add(a.username);
-				result.push(a.username);
-			}
+		const raw = localStorage.getItem(SESSION_KEY);
+		if (raw) {
+			const session = JSON.parse(raw) as SessionState;
+			if (session?.claims?.username) add(session.claims.username);
 		}
 	} catch { /* ignore */ }
+
+	// 2. Cached username shortcut
+	try { add(localStorage.getItem("rspace-username") || ""); } catch { /* ignore */ }
+
+	// 3. Persona list (has DID, most reliable historical source)
+	for (const p of getKnownPersonas()) add(p.username);
+
+	// 4. encryptid login-button known accounts
+	try {
+		const accounts: { username: string }[] = JSON.parse(localStorage.getItem(KNOWN_ACCOUNTS_KEY) || "[]");
+		for (const a of accounts) add(a.username);
+	} catch { /* ignore */ }
+
 	return result;
 }
 
@@ -309,19 +315,19 @@ function removeKnownPersona(did: string): void {
 function autoResolveSpace(token: string, username: string): void {
 	if (!username) return;
 
-	// Detect current space
 	const currentSpace = _getCurrentSpace();
 
 	if (currentSpace !== "demo") {
-		// User followed a link to a specific space (e.g., orgname.rspace.online).
-		// Provision their personal space silently, then reload to apply the
-		// authenticated session (clears access gates, reconnects CRDT sync, etc.).
+		// User is on a specific space (their own or someone else's).
+		// Provision their personal space silently in the background.
+		// Don't redirect — they chose to be here. Just reload so the
+		// authenticated session takes effect (access gates, CRDT sync).
 		autoProvisionSpace(token);
 		window.location.reload();
 		return;
 	}
 
-	// On demo/landing — provision personal space and redirect there
+	// On demo/landing — provision personal space and redirect to dashboard
 	fetch("/api/spaces/auto-provision", {
 		method: "POST",
 		headers: {
@@ -332,8 +338,7 @@ function autoResolveSpace(token: string, username: string): void {
 		.then((r) => r.json())
 		.then((data) => {
 			if (!data.slug) return;
-			const moduleId = _getCurrentModule();
-			window.location.replace(_navUrl(data.slug, moduleId));
+			window.location.replace(_navUrl(data.slug, "rspace"));
 		})
 		.catch(() => {});
 }