Sign out on 401 from /subscriptions (#4650)

Task/Issue URL:
https://app.asana.com/0/1205648422731273/1207492658883339/f

### Description

Sign user out when request to /subscriptions returns 401 response code.

### Steps to test this PR

See task.

### No UI changes

subscriptions/subscriptions-impl/src/main/java/com/duckduckgo/subscriptions/impl/SubscriptionsManager.kt

@@ -96,7 +96,7 @@ interface SubscriptionsManager {
     /**
      * Fetches subscription and account data from the BE and stores it
      */
-    suspend fun fetchAndStoreAllData(authToken: String? = null): Subscription?
+    suspend fun fetchAndStoreAllData(): Subscription?
 
     /**
      * Gets the subscription details from internal storage
@@ -109,7 +109,7 @@ interface SubscriptionsManager {
     suspend fun getAccount(): Account?
 
     /**
-     * Exchanges the auth token for an access token and stores it
+     * Exchanges the auth token for an access token and stores both tokens
      */
     suspend fun exchangeAuthToken(authToken: String): String
 
@@ -375,15 +375,24 @@ class RealSubscriptionsManager @Inject constructor(
     override suspend fun exchangeAuthToken(authToken: String): String {
         val accessToken = authService.accessToken("Bearer $authToken").accessToken
         authRepository.setAccessToken(accessToken)
+        authRepository.saveAuthToken(authToken)
         return accessToken
     }
 
-    override suspend fun fetchAndStoreAllData(authToken: String?): Subscription? {
+    override suspend fun fetchAndStoreAllData(): Subscription? {
         try {
-            authToken?.let { authRepository.saveAuthToken(it) }
             if (!isUserAuthenticated()) return null
-            val token = (authToken ?: authRepository.getAccessToken()) ?: return null
-            val subscription = subscriptionsService.subscription("Bearer $token")
+            val token = checkNotNull(authRepository.getAccessToken()) { "Access token should not be null when user is authenticated." }
+            val subscription = try {
+                subscriptionsService.subscription("Bearer $token")
+            } catch (e: HttpException) {
+                if (e.code() == 401) {
+                    logcat { "Token invalid, signing out" }
+                    signOut()
+                    return null
+                }
+                throw e
+            }
             val accountData = validateToken(token).account
             authRepository.saveExternalId(accountData.externalId)
             authRepository.saveSubscriptionData(subscription, accountData.entitlements.toEntitlements(), accountData.email)
@@ -392,6 +401,7 @@ class RealSubscriptionsManager @Inject constructor(
             _isSignedIn.emit(isUserAuthenticated())
             return authRepository.getSubscription()
         } catch (e: Exception) {
+            logcat { "Failed to fetch subscriptions data: ${e.stackTraceToString()}" }
             return null
         }
     }

subscriptions/subscriptions-impl/src/main/java/com/duckduckgo/subscriptions/impl/messaging/SubscriptionMessagingInterface.kt

@@ -204,7 +204,7 @@ class SubscriptionMessagingInterface @Inject constructor(
                 val token = jsMessage.params.getString("token")
                 appCoroutineScope.launch(dispatcherProvider.io()) {
                     subscriptionsManager.exchangeAuthToken(token)
-                    subscriptionsManager.fetchAndStoreAllData(token)
+                    subscriptionsManager.fetchAndStoreAllData()
                     subscriptionsChecker.runChecker()
                     pixelSender.reportRestoreUsingEmailSuccess()
                     pixelSender.reportSubscriptionActivated()

subscriptions/subscriptions-impl/src/test/java/com/duckduckgo/subscriptions/impl/RealSubscriptionsManagerTest.kt

@@ -37,6 +37,7 @@ import com.duckduckgo.subscriptions.impl.services.ValidateTokenResponse
 import com.duckduckgo.subscriptions.impl.store.SubscriptionsDataStore
 import java.lang.Exception
 import kotlinx.coroutines.flow.MutableSharedFlow
+import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.flow.flowOf
 import kotlinx.coroutines.test.TestScope
 import kotlinx.coroutines.test.runTest
@@ -228,6 +229,21 @@ class RealSubscriptionsManagerTest {
         assertNull(subscriptionsManager.fetchAndStoreAllData())
     }
 
+    @Test
+    fun whenFetchAndStoreAllDataIfSubscriptionFailsWith401ThenSignOutAndReturnNull() = runTest {
+        givenUserIsAuthenticated()
+        givenSubscriptionFails(httpResponseCode = 401)
+
+        val subscription = subscriptionsManager.fetchAndStoreAllData()
+
+        assertNull(subscription)
+        assertFalse(subscriptionsManager.isSignedIn.first())
+        assertNull(subscriptionsManager.getSubscription())
+        assertNull(subscriptionsManager.getAccount())
+        assertNull(authRepository.getAuthToken())
+        assertNull(authRepository.getAccessToken())
+    }
+
     @Test
     fun whenPurchaseFlowIfUserNotAuthenticatedAndNotPurchaseStoredThenCreateAccount() = runTest {
         givenUserIsNotAuthenticated()
@@ -974,9 +990,9 @@ class RealSubscriptionsManagerTest {
         whenever(subscriptionsService.portal(any())).thenThrow(HttpException(Response.error<String>(400, exception)))
     }
 
-    private suspend fun givenSubscriptionFails() {
+    private suspend fun givenSubscriptionFails(httpResponseCode: Int = 400) {
         val exception = "failure".toResponseBody("text/json".toMediaTypeOrNull())
-        whenever(subscriptionsService.subscription(any())).thenThrow(HttpException(Response.error<String>(400, exception)))
+        whenever(subscriptionsService.subscription(any())).thenThrow(HttpException(Response.error<String>(httpResponseCode, exception)))
     }
 
     private suspend fun givenSubscriptionSucceedsWithoutEntitlements(status: String = "Auto-Renewable") {