# Navigation Module `proton_navigation.rs` (180 lines) — URL interception handlers for the Proton SSO and authentication flow. This is **not a general-purpose URL router**. It handles three specific scenarios in the authentication lifecycle. ## Three Handlers ### 1. `unsupported_app_redirect_url` When an SSO flow from `account.proton.me` lands on an unsupported Proton app (mail, calendar, contacts, docs, pass, wallet, VPN), redirect to the Drive app instead. - Intercepts hosts like `mail.proton.me`, `calendar.proton.me`, etc. - Skips `/api/` and `/captcha/` paths (these are pass-through) - Redirects to `tauri://localhost/u//` (user-scoped Drive root) ### 2. `account_login_complete_redirect_url` Detects when the account app finishes SSO and lands on a user-scoped Drive route. - Matches `account.proton.me/u/*/drive` or `tauri://localhost/account/u/*/drive` - Redirects to `tauri://localhost/` (not a deep user path — WebKitGTK breaks on deep `tauri://` paths after 2FA) ### 3. `captcha_completion_token` Extracts the human-verification token when CAPTCHA completes. - Only accepts explicit `hv_token` + `hv_type` query params on `tauri://localhost/account/` - Rejects inferred completion from navigation events (caused post-2FA freezes in earlier versions) ## Supporting Functions | Function | Purpose | |---|---| | `drive_root_for_user_path` | Extracts user ID from `/u//...` for scoped routing | | `is_unsupported_proton_app_host` | Matches 7 known Proton app hosts | | `is_account_login_complete_host` | Matches `account.proton.me` / `account.localhost` | | `is_local_app_host` | Matches `localhost` / `tauri.localhost` | ## Test Coverage The module includes 8 unit tests covering all handler paths: - Redirects unsupported apps to user-scoped Drive root - Skips API and CAPTCHA paths - Ignores supported Drive host - SSO handoff to local Drive root - Incomplete account routes - Explicit CAPTCHA token extraction only - Rejects internal captcha navigation as completion