fix: treat TLS config errors as permanent in both IMAP and JMAP sync loops

TlsModeMismatchException and TlsCertificateException now short-circuit _isPermanentError() in both sync loop implementations, stopping the retry loop immediately instead of hammering a misconfigured server. Surfaces via the existing syncLastErrorProvider error banner. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
test(T3): add contract test suites for Account/Mailbox/Email repositories (#43 )
2026-05-14 10:25:42 +02:00 · 2026-05-14 10:20:32 +02:00 · 2026-05-14 10:20:25 +02:00
3 changed files with 86 additions and 16 deletions
@@ -11,6 +11,7 @@ import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
 import 'package:sharedinbox/core/utils/logger.dart';
 import 'package:sharedinbox/data/imap/imap_client_factory.dart'
    show ImapConnectFn, connectImap, verboseLogKey;
+import 'package:sharedinbox/data/imap/tls_error.dart' show isTlsConfigError;

 typedef OnNewMailCallback = Future<void> Function(String accountEmail);

@@ -291,6 +292,7 @@ class _AccountSync implements _SyncLoop {
  }

  bool _isPermanentError(Object e) {
+    if (isTlsConfigError(e)) return true;
    final s = e.toString().toLowerCase();
    // enough_mail doesn't always have typed exceptions for auth, so we check strings.
    return s.contains('invalid credentials') ||
@@ -528,6 +530,7 @@ class _JmapAccountSync implements _SyncLoop {
  }

  bool _isPermanentError(Object e) {
+    if (isTlsConfigError(e)) return true;
    final s = e.toString().toLowerCase();
    return s.contains('invalid credentials') ||
        s.contains('authentication failed') ||
@@ -21,15 +21,52 @@ class TlsModeMismatchException implements Exception {
      'STARTTLS). Original error: $original';
 }

-/// If [error] is a TLS handshake failure caused by a wrong-version-number
-/// (i.e. the server is not speaking TLS), throw a [TlsModeMismatchException]
-/// with [host]/[port] context. Otherwise rethrow [error] unchanged.
+/// Wraps a TLS certificate verification failure into a user-actionable message.
+///
+/// Thrown when the server's certificate cannot be verified — either because it
+/// is self-signed, expired, or the CA chain has changed since the account was
+/// set up.
+class TlsCertificateException implements Exception {
+  TlsCertificateException(this.host, this.port, this.original);
+  final String host;
+  final int port;
+  final Object original;
+
+  @override
+  String toString() =>
+      'TLS certificate error on $host:$port — the server certificate could '
+      'not be verified. The certificate may have changed or expired. '
+      'Please re-check your account settings or contact your mail provider. '
+      'Original error: $original';
+}
+
+/// Returns true if [error] is a permanent TLS configuration error that will
+/// not resolve on its own and requires user action.
+bool isTlsConfigError(Object error) =>
+    error is TlsModeMismatchException || error is TlsCertificateException;
+
+/// If [error] is a recognisable TLS handshake failure, wraps it in a typed
+/// exception and throws it.  Otherwise rethrows [error] unchanged.
+///
+/// Recognised patterns:
+/// - `WRONG_VERSION_NUMBER` → [TlsModeMismatchException] (port/mode mismatch)
+/// - `CERTIFICATE_VERIFY_FAILED` / `HandshakeException` → [TlsCertificateException]
 Never rethrowAsTlsHint(Object error, StackTrace stack, String host, int port) {
-  if (error.toString().contains('WRONG_VERSION_NUMBER')) {
+  final s = error.toString();
+  if (s.contains('WRONG_VERSION_NUMBER')) {
    Error.throwWithStackTrace(
      TlsModeMismatchException(host, port, error),
      stack,
    );
  }
+  if (s.contains('CERTIFICATE_VERIFY_FAILED') ||
+      s.contains('HandshakeException') ||
+      s.contains('CERTIFICATE_EXPIRED') ||
+      s.contains('CERTIFICATE_UNKNOWN')) {
+    Error.throwWithStackTrace(
+      TlsCertificateException(host, port, error),
+      stack,
+    );
+  }
  Error.throwWithStackTrace(error, stack);
 }
@@ -4,6 +4,7 @@
 import json
 import os
 import sys
+import time

 import google_auth_httplib2
 import httplib2
@@ -15,6 +16,14 @@ PACKAGE_NAME = "de.sharedinbox.mua"
 AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
 TRACK = "internal"
 _TIMEOUT = 300  # seconds — AAB uploads can be large
+_MAX_UPLOAD_ATTEMPTS = 3
+
+
+def _make_service(creds):
+    authorized_http = google_auth_httplib2.AuthorizedHttp(
+        creds, http=httplib2.Http(timeout=_TIMEOUT)
+    )
+    return build("androidpublisher", "v3", http=authorized_http)


 def main():
@@ -32,22 +41,43 @@ def main():
        scopes=["https://www.googleapis.com/auth/androidpublisher"],
    )

-    authorized_http = google_auth_httplib2.AuthorizedHttp(
-        creds, http=httplib2.Http(timeout=_TIMEOUT)
-    )
-    service = build("androidpublisher", "v3", http=authorized_http)
+    service = _make_service(creds)

    edit = service.edits().insert(body={}, packageName=PACKAGE_NAME).execute(num_retries=3)
    edit_id = edit["id"]

-    media = MediaFileUpload(AAB_PATH, mimetype="application/octet-stream", resumable=True)
-    bundle = (
-        service.edits()
-        .bundles()
-        .upload(packageName=PACKAGE_NAME, editId=edit_id, media_body=media)
-        .execute(num_retries=3)
-    )
-    version_code = bundle["versionCode"]
+    # The resumable upload can fail with RedirectMissingLocation on transient
+    # network hiccups. Retry the upload (with a fresh MediaFileUpload each
+    # time) using exponential backoff before giving up.
+    version_code = None
+    last_exc = None
+    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
+        try:
+            media = MediaFileUpload(
+                AAB_PATH, mimetype="application/octet-stream", resumable=True
+            )
+            bundle = (
+                service.edits()
+                .bundles()
+                .upload(packageName=PACKAGE_NAME, editId=edit_id, media_body=media)
+                .execute(num_retries=3)
+            )
+            version_code = bundle["versionCode"]
+            break
+        except httplib2.error.RedirectMissingLocation as exc:
+            last_exc = exc
+            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
+                delay = 10 * (2 ** attempt)
+                print(
+                    f"Upload attempt {attempt + 1} failed (redirect error), "
+                    f"retrying in {delay}s…"
+                )
+                time.sleep(delay)
+    else:
+        raise RuntimeError(
+            f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
+        ) from last_exc
+
    print(f"Uploaded AAB, version code: {version_code}")

    service.edits().tracks().update(
Author	SHA1	Message	Date
Thomas SharedInboxandClaude Sonnet 4.6	48322f38cb	fix: treat TLS config errors as permanent in both IMAP and JMAP sync loops TlsModeMismatchException and TlsCertificateException now short-circuit _isPermanentError() in both sync loop implementations, stopping the retry loop immediately instead of hammering a misconfigured server. Surfaces via the existing syncLastErrorProvider error banner. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 10:25:42 +02:00
Bot of Thomas Güttler	546b06ba5a	test(T3): add contract test suites for Account/Mailbox/Email repositories (#43 )	2026-05-14 10:20:32 +02:00
Bot of Thomas Güttler	5ba24a66e0	fix: retry AAB upload on httplib2 RedirectMissingLocation error (#44 )	2026-05-14 10:20:25 +02:00