From 63931763c49a256fa391dfdf2f9afae5cb6d482c Mon Sep 17 00:00:00 2001
From: Flaminel <flm.marius@gmail.com>
Date: Mon, 2 Mar 2026 13:34:20 +0200
Subject: [PATCH] Fix session invalidation for local auth bypass (#487)

---
 code/frontend/src/app/core/auth/auth.service.ts    | 1 -
 code/frontend/src/app/core/realtime/hub.service.ts | 7 ++++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/code/frontend/src/app/core/auth/auth.service.ts b/code/frontend/src/app/core/auth/auth.service.ts
index 1b5c1075..76a4292a 100644
--- a/code/frontend/src/app/core/auth/auth.service.ts
+++ b/code/frontend/src/app/core/auth/auth.service.ts
@@ -169,7 +169,6 @@ export class AuthService {
 
     const storedRefreshToken = localStorage.getItem('refresh_token');
     if (!storedRefreshToken) {
-      this.clearAuth();
       return of(null);
     }
 
diff --git a/code/frontend/src/app/core/realtime/hub.service.ts b/code/frontend/src/app/core/realtime/hub.service.ts
index be5b9ade..ee81b0f6 100644
--- a/code/frontend/src/app/core/realtime/hub.service.ts
+++ b/code/frontend/src/app/core/realtime/hub.service.ts
@@ -29,6 +29,10 @@ export abstract class HubService implements OnDestroy {
     this.connection = new signalR.HubConnectionBuilder()
       .withUrl(hubUrl, {
         accessTokenFactory: async () => {
+          // No tokens stored — trusted network bypass, no token needed
+          if (!this.authService.getAccessToken() && !localStorage.getItem('refresh_token')) {
+            return '';
+          }
           if (this.authService.isTokenExpired(30)) {
             const result = await firstValueFrom(this.authService.refreshToken());
             if (result) {
@@ -72,7 +76,8 @@ export abstract class HubService implements OnDestroy {
       this.connected.set(true);
       this.reconnectAttempts = 0;
       this.onConnected();
-    } catch {
+    } catch (err) {
+      console.warn('[SignalR] Connection failed:', err);
       this.scheduleReconnect();
     }
   }