From cb37e3c1432178155587e8a335cc4af782f348b6 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Thu, 21 Sep 2023 13:26:36 -0700 Subject: [PATCH 1/3] [auth] change GetSession so it returns ok --- pkg/sandbox/auth/auth.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkg/sandbox/auth/auth.go b/pkg/sandbox/auth/auth.go index a626aa5b..4b17b33a 100644 --- a/pkg/sandbox/auth/auth.go +++ b/pkg/sandbox/auth/auth.go @@ -55,9 +55,16 @@ func (c *Client) LogoutFlow() error { return c.RevokeSession() } -func (c *Client) GetSession() *session.Token { - // TODO: automatically refresh token as needed - return c.store.ReadToken(c.issuer, c.clientID) +// GetSession returns the current valid session token, if any. If token is expired, +// it will attempt to refresh it. If no token is found, or is unable to be refreshed, +// it will return nil and false. +// TODO: automatically refresh token as needed +func (c *Client) GetSession() (*session.Token, bool) { + tok := c.store.ReadToken(c.issuer, c.clientID) + if tok == nil || !tok.Valid() { + return nil, false + } + return tok, true } func (c *Client) RefreshSession() *session.Token { From fa31ee0f789a05d0716c10b6da508dd616b9492d Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Thu, 21 Sep 2023 13:37:32 -0700 Subject: [PATCH 2/3] [envsec] Better error messages when no valid token (#159) ## Summary Stacked on https://github.com/jetpack-io/opensource/pull/158 This uses new GetSession interface to show better errors when ID token doesn't exist, is expired, or otherwise invalid. ## How was it tested? ``` envsec auth logout envsec init ``` --- envsec/internal/envcli/auth.go | 8 ++++---- envsec/internal/envcli/flags.go | 5 +++-- envsec/internal/envcli/init.go | 5 ++++- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/envsec/internal/envcli/auth.go b/envsec/internal/envcli/auth.go index ca51f474..89f9beba 100644 --- a/envsec/internal/envcli/auth.go +++ b/envsec/internal/envcli/auth.go @@ -6,6 +6,7 @@ package envcli import ( "fmt" + "github.com/pkg/errors" "github.com/spf13/cobra" "go.jetpack.io/envsec/internal/envvar" "go.jetpack.io/pkg/sandbox/auth" @@ -101,10 +102,9 @@ func whoAmICmd() *cobra.Command { return err } - tok := client.GetSession() - if tok == nil { - fmt.Fprintln(cmd.OutOrStdout(), "Not logged in") - return nil + tok, ok := client.GetSession() + if !ok { + return errors.New("Not logged in. Run `envsec auth login` to log in.") } idClaims := tok.IDClaims() diff --git a/envsec/internal/envcli/flags.go b/envsec/internal/envcli/flags.go index d8c3bf5b..70075a09 100644 --- a/envsec/internal/envcli/flags.go +++ b/envsec/internal/envcli/flags.go @@ -81,6 +81,7 @@ type cmdConfig struct { func (f *configFlags) genConfig(ctx context.Context) (*cmdConfig, error) { var tok *session.Token + var ok bool var err error if f.orgID == "" { @@ -89,8 +90,8 @@ func (f *configFlags) genConfig(ctx context.Context) (*cmdConfig, error) { return nil, err } - tok = client.GetSession() - if tok == nil { + tok, ok = client.GetSession() + if !ok { return nil, errors.Errorf( "To use envsec you must log in (`envsec auth login`) or specify --project-id and --org-id", ) diff --git a/envsec/internal/envcli/init.go b/envsec/internal/envcli/init.go index 1acc90fb..68540d60 100644 --- a/envsec/internal/envcli/init.go +++ b/envsec/internal/envcli/init.go @@ -19,7 +19,10 @@ func initCmd() *cobra.Command { if err != nil { return err } - tok := client.GetSession() + tok, ok := client.GetSession() + if !ok { + return errors.New("not logged in, run `envsec auth login`") + } wd, err := os.Getwd() if err != nil { From be6850168984a7685160c1263bc26cb889ca3042 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Thu, 21 Sep 2023 13:39:28 -0700 Subject: [PATCH 3/3] Fix error message --- envsec/internal/envcli/auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envsec/internal/envcli/auth.go b/envsec/internal/envcli/auth.go index 89f9beba..9144d907 100644 --- a/envsec/internal/envcli/auth.go +++ b/envsec/internal/envcli/auth.go @@ -104,7 +104,7 @@ func whoAmICmd() *cobra.Command { tok, ok := client.GetSession() if !ok { - return errors.New("Not logged in. Run `envsec auth login` to log in.") + return errors.New("not logged in. Run `envsec auth login` to log in") } idClaims := tok.IDClaims()