SG-39788 Fix data persistence issue after re-authentication

[carlos-villavicencio-adsk]

Problem

When a user re-authenticates with a different account after session expiry, the Flow Production Tracking Desktop UI was still showing the previous user's name, email, and projects - a security concern.

Security Impact

• Information Disclosure: New user can see project names they shouldn't have access to
• User Confusion: UI shows wrong user's name/email
• Data Integrity: User-specific fields (favorites, last accessed) show incorrect data

How the Fix Works

1. Reactive Detection: When refresh_user_credentials() is called (before launching apps, opening folders, etc.), the fix detects if a different user authenticated and updates the UI immediately.
2. Proactive Validation: When the project model data is refreshed or when the user navigates back to the projects view, the fix validates that the cached user matches the current authenticated user and refreshes the UI if there's a mismatch.
3. Complete UI Refresh: When a user change is detected:
   • User name and site URL in the menu are updated
   • User thumbnail/avatar is updated
   • Project model is hard-refreshed to show correct projects for the new user

[Copilot]

Pull request overview

This PR fixes a security issue where the Flow Production Tracking Desktop UI would display the previous user's information (name, email, projects) after re-authentication with a different account following session expiry.

Changes:

• Added user change detection and UI refresh logic to update displayed information when a different user re-authenticates
• Implemented proactive validation to check for user mismatches when project data is refreshed or when navigating back to the projects view
• Updated code formatting by simplifying tuple unpacking syntax and multi-line string formatting throughout the codebase

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
python/tk_desktop/desktop_engine_site_implementation.py	Added user change detection in refresh_user_credentials() and new method to check and update current user
python/tk_desktop/desktop_window.py	Added user change callback, user info refresh methods, and validation checks; stored user menu actions as instance attributes
python/tk_desktop/project_model.py	Simplified tuple unpacking syntax
python/tk_desktop/rpc.py	Simplified tuple unpacking syntax
python/tk_desktop/update_project_config.py	Simplified tuple unpacking syntax
python/tk_desktop/thumb_widget.py	Simplified multi-line string formatting
python/tk_desktop/notifications/configuration_update_notification.py	Simplified tuple unpacking syntax
python/tk_desktop/command_panel/section_header.py	Simplified multi-line string formatting
python/tk_desktop/setup_project.py	Removed extra blank line
python/tk_desktop/console.py	Removed extra blank line
python/tk_desktop/banner_widget.py	Removed extra blank line
bootstrap.py	Simplified tuple unpacking syntax
add_desktop_to_project.py	Simplified tuple unpacking syntax
.pre-commit-config.yaml	Updated pre-commit hook versions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

❌ Patch coverage is 27.47253% with 66 lines in your changes missing coverage. Please review.
✅ Project coverage is 20.04%. Comparing base (2709f76) to head (7bfd73f).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
python/tk_desktop/desktop_window.py	0.00%	56 Missing ⚠️
...n/tk_desktop/desktop_engine_site_implementation.py	87.50%	3 Missing ⚠️
bootstrap.py	0.00%	2 Missing ⚠️
python/tk_desktop/thumb_widget.py	0.00%	2 Missing ⚠️
add_desktop_to_project.py	0.00%	1 Missing ⚠️
python/tk_desktop/project_model.py	0.00%	1 Missing ⚠️
python/tk_desktop/update_project_config.py	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #211      +/-   ##
==========================================
+ Coverage   18.75%   20.04%   +1.28%     
==========================================
  Files          69       69              
  Lines        4713     4785      +72     
==========================================
+ Hits          884      959      +75     
+ Misses       3829     3826       -3     

Flag	Coverage Δ
Linux	19.39% <27.47%> (+1.23%)	⬆️
Python-3.10	19.97% <27.47%> (+1.30%)	⬆️
Python-3.11	19.89% <27.47%> (+1.13%)	⬆️
Python-3.13	20.00% <27.47%> (?)
Python-3.9	19.98% <27.47%> (+1.64%)	⬆️
Windows	19.58% <26.37%> (+1.24%)	⬆️
macOS	19.56% <27.47%> (+1.41%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[julien-lang]

I'm not crazy about surouding entire functions by global try/catch. Can we improve that?

[julien-lang]

Ok so that's the fix. I mean calling this method in the right context fixes the issue.

But we are in the "site view" here. What about the project view? Do we have to fix it there too?

[carlos-villavicencio-adsk]

In that case, it's already handled.

• If the project can be accessed by the incoming user, then it's all good.
• If the project cannot be accessed by the incoming user, then an error is shown, and the user can go back to the site view to select a project they can access.