Tighten token validation handling

[jonmartin721]

Summary

• only persist GitHub tokens after successful validation
• prevent stale validation responses from mutating the current token UI
• add targeted coverage for token validation result handling

Testing

• eslint on changed files
• tsc --noEmit -p jsconfig.json
• jest tests/options-token-controller.test.js --runInBand

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly refines the handling of GitHub API tokens within the application. It introduces robust validation logic to ensure that tokens are only stored and displayed as valid after a successful authentication check. A key improvement is the prevention of UI updates from outdated validation requests, enhancing user experience and data integrity. Additionally, the changes include expanded test coverage to ensure the reliability of the new validation mechanisms.

Highlights

• Token Persistence: Only persist GitHub tokens after successful validation.
• UI Consistency: Prevent stale validation responses from mutating the current token UI.
• Test Coverage: Add targeted coverage for token validation result handling.

Changelog

• options/controllers/token-controller.js
  • The validateToken function now accepts an options object, allowing for conditional application of validation results to the UI.
  • It now consistently returns a structured object indicating validation status and details, regardless of whether UI updates are applied.
  • Introduced a shouldApplyResult callback to prevent stale validation responses from updating the UI.
• options/options.html
  • Added rel="noopener noreferrer" to the GitHub token creation link for improved security.
• options/options.js
  • Modified token input handling to use a request ID system, ensuring only the most recent validation attempt updates the UI and persists the token.
  • Tokens are now only saved to local storage if they are successfully validated.
  • The loadSettings function now also checks the validity of an existing token before marking it as valid and storing it.
  • Imported clearToken from storage-helpers.js as clearStoredToken to explicitly manage token persistence.
• popup/views/onboarding-view.js
  • Added rel="noopener noreferrer" to the GitHub token creation link in the onboarding view for improved security.
• tests/options-token-controller.test.js
  • Enhanced test coverage for validateToken to include scenarios where UI updates are skipped for stale responses.
  • Updated existing tests to assert on the returned validation result object.
  • Unskipped a test case for clearToken functionality.

Activity

• No specific activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sentry]

Codecov Report

❌ Patch coverage is 96.36364% with 2 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
options/options.js	95.00%	2 Missing ⚠️

📢 Thoughts on this report? Let us know!

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 80879827ff

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve stored token on transient validation failures

In loadSettings, the fallback branch clears persisted credentials for any !validationResult.isValid, but validateToken now returns isValid: false for transient network and non-401 HTTP failures as well. That means simply opening the options page while offline (or during a GitHub API outage) erases an otherwise valid token from storage, turning a temporary connectivity issue into permanent credential loss.

Useful? React with 👍 / 👎.

[jonmartin721]

Addressed in ad03f05. loadSettings() now only clears persisted credentials for an explicit invalid-token result (reason === "invalid"). Network and non-401 HTTP failures leave the stored token in place.

[chatgpt-codex-connector]

Delay clearing current token until replacement validates

The input handler removes the currently stored token as soon as the field value differs from lastValidatedToken, before the new token has passed validation. If a user begins editing a working token but abandons the change, closes the page, or the new value fails validation, the previous valid credential has already been deleted, leaving the extension unauthenticated without an explicit clear action.

Useful? React with 👍 / 👎.

[jonmartin721]

Addressed in ad03f05. The options page now keeps the existing stored token while a replacement is being typed and validated. The old token is only replaced after a successful validation, or cleared explicitly via the clear action.

[gemini-code-assist]

Code Review

This pull request significantly improves the token validation logic by preventing stale validation responses from affecting the UI and ensuring tokens are only persisted after successful validation. The changes are well-implemented and include good test coverage.

I've left a few comments:

• A suggestion to refactor the validateToken function to reduce code duplication and improve maintainability.
• A fix for a property name inconsistency in options.js that was causing a bug in the token handling logic.

Overall, these are great improvements to the robustness of the token handling.

[gemini-code-assist]

There's an inconsistency in the property name used here. You're using lastValidatedToken, but the NotificationManager class (which toastManager is an instance of) defines and uses lastValidToken. This typo will cause the logic for handling token state to fail. Please correct it to lastValidToken for consistency and to fix the bug.

Suggested change

	toastManager.lastValidatedToken = null;
	toastManager.lastValidToken = null;

[jonmartin721]

Addressed in ad03f05. I removed the extra lastValidatedToken state entirely and switched this flow to a dedicated module-scoped persistedToken, so it no longer depends on a second token-tracking property on the toast manager.

[gemini-code-assist]

There's an inconsistency in the property name used here. You're using lastValidatedToken, but the NotificationManager class defines and uses lastValidToken. This should be corrected to lastValidToken to ensure the logic works as expected.

Suggested change

	if (toastManager.lastValidatedToken && toastManager.lastValidatedToken !== token) {
	if (toastManager.lastValidToken && toastManager.lastValidToken !== token) {

[jonmartin721]

Addressed in ad03f05 by removing lastValidatedToken from this path. The replacement-token flow now uses a dedicated persistedToken state in options.js instead of a second notification-manager property.

[gemini-code-assist]

There's an inconsistency in the property name used here. You're using lastValidatedToken, but the NotificationManager class defines and uses lastValidToken. This should be corrected to lastValidToken.

Suggested change

	toastManager.lastValidatedToken = token;
	toastManager.lastValidToken = token;

[jonmartin721]

Addressed in ad03f05. This write now updates the module-scoped persistedToken after a successful replacement validation rather than introducing another token-tracking field on toastManager.

[gemini-code-assist]

There's an inconsistency in the property name used here. You're using lastValidatedToken, but the NotificationManager class defines and uses lastValidToken. This should be corrected to lastValidToken.

Suggested change

	toastManager.lastValidatedToken = githubToken;
	toastManager.lastValidToken = githubToken;

[jonmartin721]

Addressed in ad03f05. loadSettings() now tracks the stored credential through persistedToken and only removes it for the explicit invalid-token case.

[gemini-code-assist]

The validateToken function has a lot of repeated logic, specifically the if (!shouldApplyResult()) { return ... } check in every if/else if/else/catch block. This makes the function harder to read and maintain.

You can refactor this to first determine the validation result, and then, in a single place, decide whether to apply the UI changes based on shouldApplyResult(). This would separate the concerns of validation and UI updates, leading to cleaner and more maintainable code.

Here's an example of how it could be refactored:

export async function validateToken(token, toastManager, options = {}) {
  const statusEl = document.getElementById('tokenStatus');
  const shouldApplyResult = options.shouldApplyResult ?? (() => true);

  let validationResult;

  try {
    const response = await fetch('https://api.github.com/user', {
      headers: createHeaders(token),
    });

    if (response.ok) {
      const user = await response.json();
      validationResult = { isValid: true, user: user.login };
    } else if (response.status === 401) {
      validationResult = { isValid: false, reason: 'invalid' };
    } else {
      validationResult = { isValid: false, reason: 'http', status: response.status };
    }
  } catch (_error) {
    validationResult = { isValid: false, reason: 'network' };
  }

  if (!shouldApplyResult()) {
    return validationResult;
  }

  // Apply UI changes based on the result
  if (validationResult.isValid) {
    statusEl.textContent = `✓ Valid (${validationResult.user})`;
    statusEl.className = 'token-status valid';
    // ... other success UI updates from the original function
    if (!toastManager.lastValidToken || toastManager.lastValidToken !== token) {
      if (toastManager.isManualTokenEntry) {
        notifications.success(`GitHub token validated successfully for user: ${validationResult.user}`);
      }
      toastManager.lastValidToken = token;
    }
    toastManager.isManualTokenEntry = false;
  } else {
    // Handle different failure reasons
    switch (validationResult.reason) {
      case 'invalid':
        statusEl.textContent = '✗ Invalid token';
        // ... invalid token UI updates
        if (!toastManager.lastInvalidToken || toastManager.lastInvalidToken !== token) {
          notifications.error('Invalid GitHub token. Please check your token and try again.');
          toastManager.lastInvalidToken = token;
        }
        break;
      case 'http':
        statusEl.textContent = `✗ Error (${validationResult.status})`;
        // ... http error UI updates
        if (!toastManager.lastApiError || toastManager.lastApiError !== validationResult.status) {
          notifications.error(`GitHub API error (${validationResult.status}). Please try again later.`);
          toastManager.lastApiError = validationResult.status;
        }
        break;
      case 'network':
        statusEl.textContent = '✗ Network error';
        // ... network error UI updates
        notifications.error('Network error while validating token. Please check your connection and try again.');
        break;
    }
    statusEl.className = 'token-status invalid';
    document.getElementById('clearTokenBtn').style.display = 'none';
    // ... other common failure UI updates from the original function
  }

  return validationResult;
}

[jonmartin721]

Kept the current structure for now. I agreed with the behavioral issues and fixed those in ad03f05, but I left the broader refactor as follow-up cleanup so this PR stays focused on the persistence and stale-response bugs.