🐛(sso) prevent flash when trying to autologin

the issue was we return the fetchUser promise to react query too early
(before the browser reloaded the page). now we make sure react query
doesn't get the info

src/frontend/src/features/auth/api/fetchUser.ts

@@ -1,7 +1,7 @@
 import { ApiError } from '@/api/ApiError'
 import { fetchApi } from '@/api/fetchApi'
 import { type ApiUser } from './ApiUser'
-import { attemptSilentLogin } from "@/features/auth";
+import { attemptSilentLogin, canAttemptSilentLogin } from '../utils/silentLogin'
 
 /**
  * fetch the logged-in user from the api.
@@ -17,8 +17,13 @@ export const fetchUser = (): Promise<ApiUser | false> => {
       .catch((error) => {
         // we assume that a 401 means the user is not logged in
         if (error instanceof ApiError && error.statusCode === 401) {
-          attemptSilentLogin(3600)
-          resolve(false)
+          // make sure to not resolve the promise while trying to silent login
+          // so that consumers of fetchUser don't think the work already ended
+          if (canAttemptSilentLogin()) {
+            attemptSilentLogin(3600)
+          } else {
+            resolve(false)
+          }
         } else {
           reject(error)
         }