codeant-ai-for-open-source[bot] commented on code in PR #40097:
URL: https://github.com/apache/superset/pull/40097#discussion_r3243922024
##########
superset-frontend/src/components/ErrorMessage/OAuth2RedirectMessage.tsx:
##########
@@ -107,43 +100,50 @@ export function OAuth2RedirectMessage({
const dispatch = useDispatch();
useEffect(() => {
- /* Listen for messages from the OAuth2 tab.
- *
- * After OAuth2 is successful the opened tab will send a message before
- * closing itself. Once we receive the message we can retrigger the
- * original query in SQL Lab, explore, or in a dashboard.
- */
- const redirectUrl = new URL(extra.redirect_uri);
- const handleMessage = (event: MessageEvent) => {
- if (
- event.origin === redirectUrl.origin &&
- event.data.tabId === extra.tab_id &&
- event.source === oAuthTab.current
- ) {
- if (source === 'sqllab' && query) {
- dispatch(reRunQuery(query));
- } else if (source === 'explore' && chartId) {
- dispatch(triggerQuery(true, chartId));
- } else if (source === 'dashboard') {
- dispatch(onRefresh(chartList.map(Number), true, 0, dashboardId));
- }
+ const handleOAuthComplete = (tabId?: string) => {
+ if (tabId !== extra.tab_id) {
+ return;
+ }
+ if (source === 'sqllab' && query) {
+ dispatch(reRunQuery(query));
+ } else if (source === 'explore' && chartId) {
+ dispatch(triggerQuery(true, chartId));
+ } else if (source === 'dashboard') {
+ dispatch(onRefresh(chartList.map(Number), true, 0, dashboardId));
}
};
- window.addEventListener('message', handleMessage);
+
+ const channel =
+ typeof BroadcastChannel !== 'undefined'
+ ? new BroadcastChannel(OAUTH_CHANNEL_NAME)
+ : null;
+
+ if (channel) {
+ channel.onmessage = event => {
+ handleOAuthComplete(event.data?.tabId);
+ };
+ }
+
+ const handleStorage = (event: StorageEvent) => {
+ if (event.key !== OAUTH_STORAGE_EVENT_KEY || !event.newValue) {
+ return;
+ }
+
+ try {
+ const message = JSON.parse(event.newValue) as { tabId?: string };
+ handleOAuthComplete(message.tabId);
+ } catch {
Review Comment:
**🟠Architect Review — HIGH**
Both the BroadcastChannel handler and the storage-event handler call
handleOAuthComplete independently, while oauth2.html always emits both signals
in browsers that support BroadcastChannel. This causes the same OAuth
completion to re-trigger reRunQuery/triggerQuery/onRefresh twice for a single
tab_id, resulting in duplicate queries/refreshes.
**Suggestion:** Make OAuth completion handling idempotent per tab_id (e.g.,
track a handled flag and ignore subsequent messages for the same tab_id), or
make the sender-side fallback mutually exclusive (only emit the storage signal
when BroadcastChannel is unavailable) so each OAuth flow triggers at most one
rerun.
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt=This%20is%20an%20%2A%2AArchitect%20%2F%20Logical%20Review%2A%2A%20comment%20left%20during%20a%20code%20review.%20These%20reviews%20are%20first-class%2C%20important%20findings%20%E2%80%94%20not%20optional%20suggestions.%20Do%20NOT%20dismiss%20this%20as%20a%20%27big%20architectural%20change%27%20just%20because%20the%20title%20says%20architect%20review%3B%20most%20of%20these%20can%20be%20resolved%20with%20a%20small%2C%20localized%20fix%20once%20the%20intent%20is%20understood.%0A%0A%2A%2APath%3A%2A%2A%20superset-frontend%2Fsrc%2Fcomponents%2FErrorMessage%2FOAuth2RedirectMessage.tsx%0A%2A%2ALine%3A%2A%2A%20121%3A135%0A%2A%2AComment%3A%2A%2A%0A%09%2AHIGH%3A%20Both%20the%20BroadcastChannel%20handler%20and%20the%20storage-event%20handler%20call%20handleOAuthComplete%20independently%2C%20while%20oauth2.html%20always%20emits%20both%20signals%20in%20browsers%20that%20support%20BroadcastChannel.%20This%20causes%20the%20same%
20OAuth%20completion%20to%20re-trigger%20reRunQuery%2FtriggerQuery%2FonRefresh%20twice%20for%20a%20single%20tab_id%2C%20resulting%20in%20duplicate%20queries%2Frefreshes.%0A%0AValidate%20the%20correctness%20of%20the%20flagged%20issue.%20If%20correct%2C%20How%20can%20I%20resolve%20this%3F%20If%20you%20propose%20a%20fix%2C%20implement%20it%20and%20please%20make%20it%20concise.%0AIf%20a%20suggested%20approach%20is%20provided%20above%2C%20use%20it%20as%20the%20authoritative%20instruction.%20If%20no%20explicit%20code%20suggestion%20is%20given%2C%20you%20MUST%20still%20draft%20and%20apply%20your%20own%20minimal%2C%20localized%20fix%20%E2%80%94%20do%20not%20punt%20back%20with%20%27no%20suggestion%20provided%2C%20review%20manually%27.%20Keep%20the%20change%20as%20small%20as%20possible%3A%20add%20a%20guard%20clause%2C%20gate%20on%20a%20loading%20state%2C%20reorder%20an%20await%2C%20wrap%20in%20a%20conditional%2C%20etc.%20Do%20not%20refactor%20surrounding%20code%20or%20expand%20scope%20beyond%
20the%20finding.%0AOnce%20fix%20is%20implemented%2C%20also%20check%20other%20comments%20on%20the%20same%20PR%2C%20and%20ask%20user%20if%20the%20user%20wants%20to%20fix%20the%20rest%20of%20the%20comments%20as%20well.%20if%20said%20yes%2C%20then%20fetch%20all%20the%20comments%20validate%20the%20correctness%20and%20implement%20a%20minimal%20fix%0A)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt=This%20is%20an%20%2A%2AArchitect%20%2F%20Logical%20Review%2A%2A%20comment%20left%20during%20a%20code%20review.%20These%20reviews%20are%20first-class%2C%20important%20findings%20%E2%80%94%20not%20optional%20suggestions.%20Do%20NOT%20dismiss%20this%20as%20a%20%27big%20architectural%20change%27%20just%20because%20the%20title%20says%20architect%20review%3B%20most%20of%20these%20can%20be%20resolved%20with%20a%20small%2C%20localized%20fix%20once%20the%20intent%20is%20understood.%0A%0A%2A%2APath%3A%2A%2A%20superset-frontend%2Fsrc%2Fcomponents%2FErrorMessage%2FOAuth
2RedirectMessage.tsx%0A%2A%2ALine%3A%2A%2A%20121%3A135%0A%2A%2AComment%3A%2A%2A%0A%09%2AHIGH%3A%20Both%20the%20BroadcastChannel%20handler%20and%20the%20storage-event%20handler%20call%20handleOAuthComplete%20independently%2C%20while%20oauth2.html%20always%20emits%20both%20signals%20in%20browsers%20that%20support%20BroadcastChannel.%20This%20causes%20the%20same%20OAuth%20completion%20to%20re-trigger%20reRunQuery%2FtriggerQuery%2FonRefresh%20twice%20for%20a%20single%20tab_id%2C%20resulting%20in%20duplicate%20queries%2Frefreshes.%0A%0AValidate%20the%20correctness%20of%20the%20flagged%20issue.%20If%20correct%2C%20How%20can%20I%20resolve%20this%3F%20If%20you%20propose%20a%20fix%2C%20implement%20it%20and%20please%20make%20it%20concise.%0AIf%20a%20suggested%20approach%20is%20provided%20above%2C%20use%20it%20as%20the%20authoritative%20instruction.%20If%20no%20explicit%20code%20suggestion%20is%20given%2C%20you%20MUST%20still%20draft%20and%20apply%20your%20own%20minimal%2C%20localized%20fix%20
%E2%80%94%20do%20not%20punt%20back%20with%20%27no%20suggestion%20provided%2C%20review%20manually%27.%20Keep%20the%20change%20as%20small%20as%20possible%3A%20add%20a%20guard%20clause%2C%20gate%20on%20a%20loading%20state%2C%20reorder%20an%20await%2C%20wrap%20in%20a%20conditional%2C%20etc.%20Do%20not%20refactor%20surrounding%20code%20or%20expand%20scope%20beyond%20the%20finding.%0AOnce%20fix%20is%20implemented%2C%20also%20check%20other%20comments%20on%20the%20same%20PR%2C%20and%20ask%20user%20if%20the%20user%20wants%20to%20fix%20the%20rest%20of%20the%20comments%20as%20well.%20if%20said%20yes%2C%20then%20fetch%20all%20the%20comments%20validate%20the%20correctness%20and%20implement%20a%20minimal%20fix%0A)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is an **Architect / Logical Review** comment left during a code review.
These reviews are first-class, important findings — not optional suggestions.
Do NOT dismiss this as a 'big architectural change' just because the title says
architect review; most of these can be resolved with a small, localized fix
once the intent is understood.
**Path:**
superset-frontend/src/components/ErrorMessage/OAuth2RedirectMessage.tsx
**Line:** 121:135
**Comment:**
*HIGH: Both the BroadcastChannel handler and the storage-event handler
call handleOAuthComplete independently, while oauth2.html always emits both
signals in browsers that support BroadcastChannel. This causes the same OAuth
completion to re-trigger reRunQuery/triggerQuery/onRefresh twice for a single
tab_id, resulting in duplicate queries/refreshes.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative
instruction. If no explicit code suggestion is given, you MUST still draft and
apply your own minimal, localized fix — do not punt back with 'no suggestion
provided, review manually'. Keep the change as small as possible: add a guard
clause, gate on a loading state, reorder an await, wrap in a conditional, etc.
Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
