fix(auth): surface .sentryclirc source in self-hosted login errors#976
Merged
Conversation
When auth login rejects a non-SaaS URL that arrived via the .sentryclirc shim, the error now names the file that provided the URL and gives the exact command to fix it, rather than a generic "--url was not provided" message. Also shows a one-line tip when the user runs auth login without --token but .sentryclirc already has a token — pointing them at the faster token path instead of silently starting the OAuth device flow. Closes #975
Contributor
|
Contributor
Codecov Results 📊✅ 6980 passed | Total: 6980 | Pass Rate: 100% | Execution Time: 0ms 📊 Comparison with Base Branch
All tests are passing successfully. ✅ Patch coverage is 81.16%. Project has 14092 uncovered lines. Files with missing lines (1)
Coverage diff@@ Coverage Diff @@
## main #PR +/-##
==========================================
+ Coverage 77.14% 77.15% +0.01%
==========================================
Files 320 320 —
Lines 61615 61664 +49
Branches 0 0 —
==========================================
+ Hits 47530 47572 +42
- Misses 14085 14092 +7
- Partials 0 0 —Generated by Codecov Action |
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
Partial tokens in error messages and log output can end up in CI logs, terminal recordings, and bug reports. Use placeholder strings instead. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
log.info fires before the OAuth flow starts — wrong timing and wrong visual weight. Return the tip as a hint instead so it appears as a muted footer after login completes, consistent with how every other command surfaces follow-up suggestions. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
…nType> Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
urlFromRc is undefined when --url is passed explicitly, so gating on it silently dropped --url from the hint, pointing users at SaaS. Gate on !isSaaSTrustOrigin(effectiveHost) instead so the hint is always correct regardless of how the host was supplied. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 52c14dd. Configure here.
If .sentryclirc has a URL that doesn't match effectiveHost the stored token belongs to a different instance. Showing the hint would suggest using it for the wrong host, which would always fail with an auth error. No API call needed — the host mismatch is detectable from rcConfig.url. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Two fixes: - resolveRcContext now uses this.cwd (injected via SentryContext) instead of process.cwd(), making rc-related login behavior testable - rcTokenHint now suppresses the hint when .sentryclirc has no URL and effectiveHost is self-hosted — a bare token in rc is almost certainly a SaaS token and pairing it with a self-hosted --url would always fail Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Covers the five branches that were implicated in review bugs: no token, SaaS match, self-hosted rc URL match, rc URL mismatch, and bare SaaS token against a self-hosted host. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Static imports are hoisted and evaluate before mock.module() runs, so login.ts would bind the real consola logger instead of fakeLog — breaking the interactive prompt tests. Pull rcTokenHint into the existing dynamic import block that was already there for this reason. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When
sentry auth loginrejects a self-hosted URL that came from.sentryclirc, the old error just said--url was not provided— which doesn't tell you why it was blocked or where the URL came from. Now it names the exact file and gives you the fix in one line:The rc context logic is extracted into small helpers (
resolveRcContext,maybeWarnRcToken) to keepfunc's cyclomatic complexity in check.Relates to #975.