fix: expired session not redirecting to login page

[juliajforesti]

SUP-1052

Proposed changes (including videos or screenshots)

When a session expires the user is not taken to the login page.
When a user's login token is deleted from the database (expired after 7 days, admin action, etc), the client still has the token in localStorage. When the user tries to perform actions (open room, send message), the app receives 401 errors but stays in a "pending" state instead of redirecting to the login page.

Solution:

• added auth error detection in ddpOverREST.ts for DDP method calls
• added auth error detection in RestApiClient.ts for direct REST API calls
• fixed REST client middleware to preserve HTTP status codes (401/403) on auth errors, automatically clear expired credentials from localStorage and trigger redirect to login page
• added E2E tests simulating token expiration via MongoDB manipulation

Issue(s)

Steps to test or reproduce

Further comments

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 68b3a9d9-dea0-4dae-9f06-036ede90db2a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 4909a0e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codecov]

Codecov Report

❌ Patch coverage is 80.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.86%. Comparing base (db0b1ad) to head (4909a0e).
⚠️ Report is 29 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #40849      +/-   ##
===========================================
- Coverage    70.19%   69.86%   -0.34%     
===========================================
  Files         3340     3390      +50     
  Lines       123638   125109    +1471     
  Branches     22055    22575     +520     
===========================================
+ Hits         86789    87402     +613     
- Misses       33507    34310     +803     
- Partials      3342     3397      +55     

Flag	Coverage Δ
unit	70.59% <ø> (-0.44%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.