Fix referral ID missing in hyperlinks for external login users

[Copilot]

Issue

When users log in via external providers (GitHub, Microsoft), the REFERRAL_ID JavaScript variable is null, causing copied hyperlinks to be missing referrer information. This breaks the referral tracking system for externally authenticated users.

Root Cause

In the external login flow, EnsureReferralIdAsync was called AFTER the user was already signed in. While this correctly adds the referral ID claim to the user's stored claims in the database, it doesn't update the current HttpContext.User.Claims for the already-signed-in session.

The flow was:

1. User signs in via signInManager.ExternalLoginSignInAsync()
2. HttpContext.User.Claims is populated with existing claims (no referral ID)
3. EnsureReferralIdAsync() adds referral ID to database
4. Problem: Current session still has old claims without referral ID
5. HomeController reads null referral ID from current session claims
6. Frontend gets REFERRAL_ID = null

Solution

For existing users: Call RefreshSignInAsync() after EnsureReferralIdAsync() to refresh the current session's claims.

For new users: Call EnsureReferralIdAsync() BEFORE signing in the user so the referral ID is included from the start.

Changes

• Added await signInManager.RefreshSignInAsync(user); after ensuring referral ID for existing external login users
• Moved await referralService.EnsureReferralIdAsync(user); before sign-in for new external login users

Verification

• ✅ Build passes
• ✅ All tests pass (except unrelated network connectivity issue)
• ✅ Minimal, surgical changes (4 lines of code added)
• ✅ No breaking changes
• ✅ Backwards compatible

Now when users log in via external providers, their referral ID will be properly available in the REFERRAL_ID JavaScript variable, ensuring copied hyperlinks include the correct referrer information.

Fixes #742.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.hcaptcha.com
  • Triggering command: /home/REDACTED/.dotnet/dotnet exec --runtimeconfig /home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Debug/net9.0/EssentialCSharp.Web.Tests.runtimeconfig.json --depsfile /home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Debug/net9.0/EssentialCSharp.Web.Tests.deps.json /home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Debug/net9.0/testhost.dll --port 44825 --endpoint 127.0.0.1:044825 --role client --parentprocessid 3952 --telemetryoptedin false (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[Copilot]

Pull Request Overview

This PR ensures that users authenticated via external providers have their referral ID properly included in session claims to support referral tracking.

• Refreshes the sign-in session for existing external login users after adding the referral ID claim
• Moves referral ID assignment to before sign-in for new external login users

Comments suppressed due to low confidence (1)

EssentialCSharp.Web/Areas/Identity/Pages/Account/ExternalLogin.cshtml.cs:195

• There don't appear to be automated tests verifying that the referral ID claim is correctly added to both existing and new external login sessions. Adding integration or unit tests for these flows would help catch future regressions.

        await referralService.EnsureReferralIdAsync(user);

[Copilot]

[nitpick] The logic to ensure referral ID and then refresh or sign in the user is duplicated in both existing and new user flows. Consider extracting this into a shared helper method to reduce duplication and improve readability.