Use the USER_CHANGED event

h/static/scripts/directive/annotation.coffee

 ### global -validate ###
 
+events = require('../events')
+
 # Validate an annotation.
 # Annotations must be attributed to a user or marked as deleted.
 # A public annotation is valid only if they have a body.
@@ -59,6 +61,8 @@ AnnotationController = [
 
     model = $scope.annotationGet()
 
+    model.user ?= session.state.userid
+
     # Set the group of new annotations.
     if not model.group
       model.group = groups.focused().id
@@ -374,17 +378,15 @@ AnnotationController = [
       this.render()
     , true
 
-    # Watch the current user
-    # TODO: fire events instead since watchers are not free and auth is rare
-    $scope.$watch (-> session.state.userid), (userid) ->
-      model.user ?= userid
+    $scope.$on(events.USER_CHANGED, ->
+      model.user ?= session.state.userid
 
       # Set model.permissions on sign in, if it isn't already set.
       # This is because you can create annotations when signed out and they
       # will have model.permissions = null, then when you sign in we set the
       # permissions correctly here.
       model.permissions = model.permissions or permissions.default(model.group)
-
+    )
 
     # Start editing brand new annotations immediately
     unless model.id? or (this.isHighlight() and highlight) then this.edit()

h/static/scripts/directive/test/annotation-test.coffee

 {module, inject} = angular.mock
 
+events = require('../../events')
+
 describe 'annotation', ->
   $compile = null
   $document = null
@@ -148,6 +150,7 @@ describe 'annotation', ->
       $scope.$digest()
       assert.notCalled annotation.$create
       fakeSession.state.userid = 'acct:ted@wyldstallyns.com'
+      $scope.$broadcast(events.USER_CHANGED, {})
       $scope.$digest()
       assert.calledOnce annotation.$create
 
@@ -645,6 +648,14 @@ describe("AnnotationController", ->
     )
   )
 
+  it("sets the user of new annotations", ->
+    annotation = {}
+
+    {session} = createAnnotationDirective({annotation: annotation})
+
+    assert.equal(annotation.user, session.state.userid)
+  )
+
   it("sets the permissions of new annotations", ->
     # This is a new annotation, doesn't have any permissions yet.
     annotation = {group: "test-group"}
@@ -720,6 +731,29 @@ describe("AnnotationController", ->
   )
 
   describe("when the user signs in", ->
+    it("sets the user of unsaved annotations", ->
+      # This annotation has no user yet, because that's what happens
+      # when you create a new annotation while not signed in.
+      annotation = {}
+      session = {state: {userid: null}}  # Not signed in.
+
+      {$rootScope} = createAnnotationDirective(
+        {annotation: annotation, session:session})
+
+      # At this point we would not expect the user to have been set,
+      # even though the annotation has been created, because the user isn't
+      # signed in.
+      assert(!annotation.user)
+
+      # Sign the user in.
+      session.state.userid = "acct:fred@hypothes.is"
+
+      # The session service would broadcast USER_CHANGED after sign in.
+      $rootScope.$broadcast(events.USER_CHANGED, {})
+
+      assert.equal(annotation.user, session.state.userid)
+    )
+
     it("sets the permissions of unsaved annotations", ->
       # This annotation has no permissions yet, because that's what happens
       # when you create a new annotation while not signed in.
@@ -749,7 +783,8 @@ describe("AnnotationController", ->
       # is signed in.
       permissions.default = -> "__default_permissions__"
 
-      $rootScope.$digest()  # Trigger the $scope.$watch().
+      # The session service would broadcast USER_CHANGED after sign in.
+      $rootScope.$broadcast(events.USER_CHANGED, {})
 
       assert.equal(annotation.permissions, "__default_permissions__")
     )