fix: block race condition causing logout during impersonation handoff

- Introduced isReloadingForImpersonation flag to temporarily disable the logout function while tokens are being swapped before the hard reload.

components/Layout.tsx

@@ -216,10 +216,7 @@ export const Layout: React.FC<{ children: React.ReactNode }> = ({ children }) =>
             {localStorage.getItem('ctms_super_admin_token') && (
               <button
                 onClick={() => {
-                  if (returnToSuperAdmin()) {
-                    window.location.hash = '#/super-admin';
-                    window.location.reload();
-                  }
+                  returnToSuperAdmin();
                 }}
                 className="w-full flex items-center justify-center gap-2 py-2 px-3 bg-zinc-900 dark:bg-brand-yellow text-white dark:text-zinc-950 rounded-lg text-xs font-bold hover:opacity-90 transition-colors"
               >

pages/SuperAdmin.tsx

@@ -100,9 +100,6 @@ export const SuperAdmin: React.FC = () => {
         return;
       }
       await impersonateTenant(tenantId);
-      // Force a full reload to clear any cached context/state in the React app
-      window.location.hash = '#/';
-      window.location.reload(); 
     } catch (err: any) {
       alert(err.message || 'Erro ao tentar entrar na organização.');
     }

services/dataService.ts

@@ -357,7 +357,11 @@ export const deleteTenant = async (id: string): Promise<boolean> => {
 
 // --- Auth Functions ---
 
+// Flag to prevent background fetches from throwing 401 and logging out during impersonation handoffs
+export let isReloadingForImpersonation = false;
+
 export const logout = () => {
+  if (isReloadingForImpersonation) return; // Prevent logout if we are just switching tokens
   localStorage.removeItem('ctms_token');
   localStorage.removeItem('ctms_user_id');
   localStorage.removeItem('ctms_tenant_id');
@@ -401,6 +405,8 @@ export const impersonateTenant = async (tenantId: string): Promise<any> => {
     throw new Error(errorData.error || 'Erro ao assumir identidade');
   }
 
+  isReloadingForImpersonation = true; // Block logouts
+
   const data = await response.json();
   const oldToken = localStorage.getItem('ctms_token');
   if (oldToken) {
@@ -410,6 +416,10 @@ export const impersonateTenant = async (tenantId: string): Promise<any> => {
   localStorage.setItem('ctms_token', data.token);
   localStorage.setItem('ctms_user_id', data.user.id);
   localStorage.setItem('ctms_tenant_id', data.user.tenant_id || '');
+  
+  window.location.hash = '#/';
+  window.location.reload();
+  
   return data;
 };
 
@@ -417,13 +427,31 @@ export const returnToSuperAdmin = (): boolean => {
   const superAdminToken = localStorage.getItem('ctms_super_admin_token');
   if (superAdminToken) {
     try {
-      const payload = JSON.parse(atob(superAdminToken.split('.')[1]));
+      isReloadingForImpersonation = true; // Block logouts
+
+      // Correctly decode Base64Url JWT payload with proper padding
+      const base64Url = superAdminToken.split('.')[1];
+      let base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
+      const pad = base64.length % 4;
+      if (pad) {
+        base64 += '='.repeat(4 - pad);
+      }
+      
+      const jsonPayload = decodeURIComponent(atob(base64).split('').map(function(c) {
+          return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
+      }).join(''));
+      const payload = JSON.parse(jsonPayload);
+
       localStorage.setItem('ctms_token', superAdminToken);
       localStorage.setItem('ctms_user_id', payload.id);
       localStorage.setItem('ctms_tenant_id', payload.tenant_id || 'system');
       localStorage.removeItem('ctms_super_admin_token');
+      
+      window.location.hash = '#/super-admin';
+      window.location.reload();
       return true;
     } catch (e) {
+      isReloadingForImpersonation = false;
       console.error("Failed to restore super admin token", e);
       return false;
     }