fix: [SDK-4388] subscription state permanently stuck at "Never Subscribed" when login() is called before requestPermission()

[abdulraqeeb33]

Summary

Fixes SDK-4388. On a fresh install, when OneSignal.login(externalId) is called after initWithContext but before requestPermission(), the server-side subscription gets permanently stuck at enabled:false, notification_types:0 ("Never Subscribed / Permission Not Granted") even though the device is fully subscribed locally (optedIn == true).

Cherry-picked from @fadii925's fadi/sdk-4388-... branch (which is based on 5.7-main) onto main. Authorship preserved.

Repro (from the ticket)

1. Fresh install → initWithContext runs, SDK POSTs /apps/.../users → server responds 201 with a server-assigned subscriptionId.
2. FCM returns a push token → SDK enqueues update-subscription(NO_PERMISSION).
3. App calls OneSignal.login(externalId) → SDK runs createAndSwitchToNewUser(), which enqueues create-subscription reusing the server-assigned subscriptionId + login-user with existingOnesignalId.
4. App calls requestPermission() → user grants → SDK enqueues update-subscription(SUBSCRIBED).
5. Op queue flushes:
   • update-subscription(NO_PERMISSION) → PATCH /subscriptions/{id} → 200. Server: enabled:false, notification_types:0.
   • login-user → PATCH .../identity → SUCCESS_STARTING_ONLY. Remaining ops translated from local user onto server user.
   • create-subscription + update-subscription(SUBSCRIBED) batched into one POST .../subscriptions with { id:"<server-uuid>", enabled:true, notification_types:1 } → 200 {} (no-op, subscription already exists). The enabled:true is silently discarded.
6. No further PATCH is issued → server stays at enabled:false, notification_types:0 permanently.

Root cause

SubscriptionOperationExecutor.createSubscription was always issuing a POST /subscriptions for CreateSubscriptionOperation, regardless of whether the carried subscriptionId was local or already a server-assigned UUID. When the id is already known to the backend, POST is silently treated as a no-op and the merged enabled/address/status payload is dropped.

This happens specifically on login() because UserSwitcher.createAndSwitchToNewUser reuses the existing push subscription's id under the new local user, and SubscriptionModelStoreListener.getAddOperation mechanically converts the resulting model add into a CreateSubscriptionOperation carrying that real id. Combined with GroupComparisonType.ALTER grouping it with the follow-up update-subscription(SUBSCRIBED), the executor ends up POSTing a doomed batch.

Fix

In SubscriptionOperationExecutor.execute(), branch on IDManager.isLocalId(startingOp.subscriptionId) for CreateSubscriptionOperation:

• Local id (genuinely new subscription): keep existing createSubscription path → POST /subscriptions.
• Non-local id (subscription already on backend): route through new updateExistingSubscriptionFromCreate helper which collapses the merged final state (enabled/address/status from the last UpdateSubscriptionOperation if present, otherwise from the create op) into an UpdateSubscriptionOperation and dispatches via updateSubscription → PATCH /subscriptions/{id}.

This implements option (a) from the ticket. Option (b) (drop the create op) was rejected because it would no-op when there's no follow-up UpdateSubscriptionOperation in the batch.

The delete short-circuit (if (operations.any { it is DeleteSubscriptionOperation }) return SUCCESS) is preserved in the new helper.

Customer impact

• App ID: e198f6f8-f233-4073-8380-4a3c79ae64e7
• Affected SDK: Android Native 5.7.7 and earlier (likely all 5.x versions with this code path)
• Customer workaround: call requestPermission() before login(), or REST-API correct stuck subscriptions via PATCH /apps/{app_id}/subscriptions/{subscription_id} with {"subscription": {"notification_types": 1}}.

Test plan

• New unit test "create subscription with non-local id PATCHes instead of POSTing when grouped with update" reproduces the SDK-4388 scenario (Create(NO_PERMISSION) + Update(SUBSCRIBED) with non-local id) and asserts a single PATCH with enabled:true, notificationTypes=SUBSCRIBED, zero POSTs.
• Existing test "create subscription includes the subscription ID if non-local" rewritten to assert PATCH (the previous "POST with existing id" behavior is no longer correct).
• Pre-existing test coverage for create-subscription with local id, transfer, delete, and update paths preserved unchanged.
• CI: ./gradlew :OneSignal:core:testReleaseUnitTest green.
• Manual: repro the ticket flow on a fresh install (initWithContext → login → requestPermission) and verify the server-side subscription ends at enabled:true, notification_types:1.

Followups (not in this PR)

The root modeling issue is that UserSwitcher.createAndSwitchToNewUser re-attaches an existing server-assigned subscription model under a new local user, which the model-store listener interprets as a brand-new subscription needing creation. A follow-up should consider either:

1. Emitting a TransferSubscriptionOperation (or no-op) instead of CreateSubscriptionOperation in the listener when IDManager.isLocalId(model.id) is false, or
2. Handling the re-attach with NO_PROPOGATE in createAndSwitchToNewUser and explicitly enqueuing a transfer op.

There is also a sibling code path in LoginUserOperationExecutor.createSubscriptionsFromOperation(CreateSubscriptionOperation, ...) that does the same if (!isLocalId) operation.subscriptionId else null trick when sending to /users (the non-SUCCESS_STARTING_ONLY path), and is not addressed here.

Backport

This fix should also land on 5.7-main for the next 5.7.x patch release. @fadii925's original branch is already based on 5.7-main and can be PR'd there directly: https://github.com/OneSignal/OneSignal-Android-SDK/tree/fadi/sdk-4388-android-sdk-subscription-state-permanently-stuck-at-never

[Copilot]

Pull request overview

Fixes SDK-4388 where calling OneSignal.login() before requestPermission() could leave the backend push subscription permanently stuck in a “Never Subscribed / Permission Not Granted” state by ensuring “create with non-local subscriptionId” is executed as an update (PATCH) rather than a create (POST).

Changes:

• Route CreateSubscriptionOperation with a non-local subscriptionId through a new “update existing subscription” path (PATCH) instead of POSTing /subscriptions.
• Stop including subscriptionId in the create-subscription request payload (always POST with id = null) for the local-id create path.
• Update/extend unit tests to assert PATCH behavior for non-local create, including the grouped create+update repro.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/operations/impl/executors/SubscriptionOperationExecutor.kt	Adds branching + helper to PATCH when CreateSubscriptionOperation carries a non-local subscription id; ensures POST create path doesn’t send an id.
OneSignalSDK/onesignal/core/src/test/java/com/onesignal/user/internal/operations/SubscriptionOperationExecutorTests.kt	Updates existing test expectations and adds a repro test for grouped create+update to ensure a single PATCH and no POST.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[nan-li]

await review

[github-actions]

📊 Diff Coverage Report

Diff Coverage Report (Changed Lines Only)

Gate: aggregate coverage on changed executable lines must be ≥ 80% (JaCoCo line data for lines touched in the diff).

Changed Files Coverage

• SubscriptionOperationExecutor.kt: 0/27 touched executable lines (0.0%) (58 touched lines in diff)
  • 27 uncovered touched lines in this file

Overall (aggregate gate)

0/27 touched executable lines covered (0.0% — requires ≥ 80%)

Per-file detail (informational; gate is aggregate above):

• SubscriptionOperationExecutor.kt: 0.0% (27 uncovered touched lines)

❌ Coverage Check Failed

Aggregate coverage on touched lines is 0.0% (minimum 80%).

📥 View workflow run