feat(auth): improve login scope handling and messages

[JackZhao10086]

Summary

Improve the login experience by making scope-related authorization results clearer and easier to interpret.
This change adds the authorized account display, refines scope mismatch wording, and reorganizes output to better reflect partially successful authorization flows.

Changes

• Add an authorized account message to show which user completed the login flow
• Refine login and scope mismatch messages to better describe the final authorization result
• Reorder non-JSON login output so scope issues are shown before follow-up details
• Remove the redundant success message when scope issues are present
• Update tests to cover the new login message format and output behavior

Test Plan

• Unit tests pass
• Manually verify related lark auth login commands work locally

Related Issues

Summary by CodeRabbit

• Bug Fixes
  • Changed success wording to emphasize authorization success and scope validation.
  • Reworded scope-mismatch messaging to indicate an abnormal authorization result.
  • Show the currently authorized account in login output when available.
  • Updated tests and localized prompts to match the revised user-facing messages.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8c1072e6-fc21-4be1-a652-3d03b634f4ac

📥 Commits

Reviewing files that changed from the base of the PR and between 2e04c14 and d424367.

📒 Files selected for processing (1)

• cmd/auth/login_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• cmd/auth/login_test.go

---

📝 Walkthrough

Walkthrough

Added an AuthorizedUser field to login messages; revised localized login and scope-mismatch strings; changed non-JSON scope-issue printing to emit a single issue message and optionally the authorized-account line when present; updated tests to match revised outputs.

Changes

Cohort / File(s)	Summary
Message definitions & tests cmd/auth/login_messages.go, cmd/auth/login_messages_test.go	Added AuthorizedUser string to loginMsg; updated loginMsgZh / loginMsgEn texts (AuthSuccess, LoginSuccess, ScopeMismatch) and added AuthorizedUser format "%s (%s)"; tests now validate AuthorizedUser format.
Scope-issue handling cmd/auth/login_result.go	Reworked handleLoginScopeIssue non-JSON path to always print issue.Message once; when login succeeded and msg.AuthorizedUser is non-empty, print a formatted authorized-account line; removed duplicated success print in this path.
Test expectations cmd/auth/login_test.go	Updated assertions to reflect changed wording (e.g., "authorization result is abnormal", "授权成功"/"Authorization successful") and to expect the new authorized-account output instead of the previous success banner.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: improve login scope validation and success output #317 — Modifies the same auth login messaging and scope-issue handling files (cmd/auth/login_messages.go, cmd/auth/login_result.go), likely overlapping intent and changes.

Suggested reviewers

• liangshuo-1

Poem

🐇 I hopped through login lines with cheer,
New strings and scopes now crystal clear,
If auth behaves a tad askew,
I'll show the user who signed through,
A carrot-coding rabbit gives a cheer! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 12.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: improving login scope handling and messages, which is the core focus of the PR.
Description check	✅ Passed	The description includes all required template sections with adequate detail: a clear summary, comprehensive changes list, test plan with checkboxes, and a related issues section.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/login_response_content_opt

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

cmd/auth/login_test.go (1)

621-639: ⚠️ Potential issue | 🟠 Major

Test expectation inconsistent with updated ScopeMismatch message - test will fail.

Line 623 expects the old message "授权完成，但以下请求 scopes 未被授予: im:message:send", but login_messages.go line 65 changed ScopeMismatch to "授权结果异常：以下请求 scopes 未被授予: %s". This test calls the full authLoginRun flow which uses ensureRequestedScopesGranted, which formats msg.ScopeMismatch with the missing scopes.

🐛 Proposed fix to align test expectation with new message

 	for _, want := range []string{
 		"OK: 登录成功! 用户: tester (ou_user)",
-		"授权完成，但以下请求 scopes 未被授予: im:message:send",
+		"授权结果异常：以下请求 scopes 未被授予: im:message:send",
 		"本次请求 scopes: im:message:send",
 		"本次未授予 scopes: im:message:send",
 		"以上结果是本次授权请求用户最终确认后的结果，请勿持续重试",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/auth/login_test.go` around lines 621 - 639, Update the test expectations
to match the new ScopeMismatch message format used by
ensureRequestedScopesGranted/authLoginRun: replace the old literal "授权完成，但以下请求
scopes 未被授予: im:message:send" with the updated formatted message "授权结果异常：以下请求
scopes 未被授予: im:message:send" (i.e., match login_messages.go's ScopeMismatch
string); ensure other expected lines still appear in the output and keep the
negative assertions for "最终已授权 scopes:" and "ERROR:" unchanged.

🧹 Nitpick comments (1)

cmd/auth/login_result.go (1)

194-196: Simplify nested format calls.

The nested fmt.Sprintf inside fmt.Fprintf is redundant. You can format directly with Fprintf.

♻️ Suggested simplification

 	if msg.AuthorizedUser != "" {
-		fmt.Fprintf(f.IOStreams.ErrOut, "%s\n", fmt.Sprintf(msg.AuthorizedUser, userName, openId))
+		fmt.Fprintf(f.IOStreams.ErrOut, msg.AuthorizedUser+"\n", userName, openId)
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/auth/login_result.go` around lines 194 - 196, The code currently calls
fmt.Fprintf(f.IOStreams.ErrOut, "%s\n", fmt.Sprintf(msg.AuthorizedUser,
userName, openId)), which nests fmt.Sprintf unnecessarily; replace the nested
call by writing directly to the error stream using
fmt.Fprintf(f.IOStreams.ErrOut, msg.AuthorizedUser+"\n", userName, openId)
(keeping the existing check for msg.AuthorizedUser != "" and the same arguments
userName and openId) so the formatting is done in a single call.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@cmd/auth/login_test.go`:
- Around line 621-639: Update the test expectations to match the new
ScopeMismatch message format used by ensureRequestedScopesGranted/authLoginRun:
replace the old literal "授权完成，但以下请求 scopes 未被授予: im:message:send" with the
updated formatted message "授权结果异常：以下请求 scopes 未被授予: im:message:send" (i.e.,
match login_messages.go's ScopeMismatch string); ensure other expected lines
still appear in the output and keep the negative assertions for "最终已授权 scopes:"
and "ERROR:" unchanged.

---

Nitpick comments:
In `@cmd/auth/login_result.go`:
- Around line 194-196: The code currently calls fmt.Fprintf(f.IOStreams.ErrOut,
"%s\n", fmt.Sprintf(msg.AuthorizedUser, userName, openId)), which nests
fmt.Sprintf unnecessarily; replace the nested call by writing directly to the
error stream using fmt.Fprintf(f.IOStreams.ErrOut, msg.AuthorizedUser+"\n",
userName, openId) (keeping the existing check for msg.AuthorizedUser != "" and
the same arguments userName and openId) so the formatting is done in a single
call.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4a1e7d61-811c-428e-ab38-0ef5bc71f6cd

📥 Commits

Reviewing files that changed from the base of the PR and between 35a8288 and 1e27393.

📒 Files selected for processing (4)

• cmd/auth/login_messages.go
• cmd/auth/login_messages_test.go
• cmd/auth/login_result.go
• cmd/auth/login_test.go

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@d424367394803da577f8828af48f0894efc80ef8

🧩 Skill update

npx skills add larksuite/cli#feat/login_response_content_opt -y -g

[coderabbitai]

🧹 Nitpick comments (2)

cmd/auth/login_messages.go (1)

98-101: Nit: English ScopeMismatch phrasing reads a bit awkward.

"authorization result is abnormal: these requested scopes were not granted: %s" is understandable but stilted. Since every error message is parsed by humans and AI agents per coding guidelines, a slightly tighter phrasing reads better, e.g.:

✏️ Suggested wording

-	ScopeMismatch:      "authorization result is abnormal: these requested scopes were not granted: %s",
+	ScopeMismatch:      "abnormal authorization result: the following requested scopes were not granted: %s",

Feel free to ignore if the current wording is intentional.

As per coding guidelines: "Design CLI flags, help text, and error messages with AI agent consumption in mind; every error message will be parsed by AI agents".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/auth/login_messages.go` around lines 98 - 101, The ScopeMismatch message
is worded awkwardly; update the ScopeMismatch constant in the login_messages.go
diff to a tighter, clearer sentence such as "The following requested scopes were
not granted: %s" (or similar concise wording) so it reads naturally for humans
and AI agents; change the value for the ScopeMismatch key to the new phrasing in
the AuthSuccess/LoginSuccess/AuthorizedUser block.

cmd/auth/login_result.go (1)

191-199: Minor refactor: de-duplicate the issue.Message print and drop the double-format.

Both branches of the if loginSucceeded { … } else { … } print issue.Message identically, so the branch only gates the extra AuthorizedUser line. You can hoist the common print. Additionally, line 195 wraps a fmt.Sprintf inside a fmt.Fprintf("%s\n", …), which is an unnecessary double format pass — Fprintln or a single Fprintf handles it directly.

♻️ Suggested simplification

 	fmt.Fprintln(f.IOStreams.ErrOut)
-	if loginSucceeded {
-		fmt.Fprintln(f.IOStreams.ErrOut, issue.Message)
-		if msg.AuthorizedUser != "" {
-			fmt.Fprintf(f.IOStreams.ErrOut, "%s\n", fmt.Sprintf(msg.AuthorizedUser, userName, openId))
-		}
-	} else {
-		fmt.Fprintln(f.IOStreams.ErrOut, issue.Message)
-	}
+	fmt.Fprintln(f.IOStreams.ErrOut, issue.Message)
+	if loginSucceeded && msg.AuthorizedUser != "" {
+		fmt.Fprintln(f.IOStreams.ErrOut, fmt.Sprintf(msg.AuthorizedUser, userName, openId))
+	}

Note: since both loginMsgZh and loginMsgEn always initialize AuthorizedUser, the != "" guard is effectively defensive — fine to keep, just flagging for awareness.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/auth/login_result.go` around lines 191 - 199, Hoist the common
fmt.Fprintln(f.IOStreams.ErrOut, issue.Message) out of the if/else so it is
printed once regardless of loginSucceeded, then only conditionally emit the
extra AuthorizedUser line when loginSucceeded and msg.AuthorizedUser != "";
replace the double-format pattern fmt.Fprintf(f.IOStreams.ErrOut, "%s\n",
fmt.Sprintf(msg.AuthorizedUser, userName, openId)) with a single formatting call
such as fmt.Fprintf(f.IOStreams.ErrOut, msg.AuthorizedUser+"\n", userName,
openId) (or fmt.Fprintln with a single fmt.Sprintf) so you remove the
unnecessary nested formatting and keep the same outputs for f.IOStreams.ErrOut,
loginSucceeded, issue.Message, msg.AuthorizedUser, userName and openId.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@cmd/auth/login_messages.go`:
- Around line 98-101: The ScopeMismatch message is worded awkwardly; update the
ScopeMismatch constant in the login_messages.go diff to a tighter, clearer
sentence such as "The following requested scopes were not granted: %s" (or
similar concise wording) so it reads naturally for humans and AI agents; change
the value for the ScopeMismatch key to the new phrasing in the
AuthSuccess/LoginSuccess/AuthorizedUser block.

In `@cmd/auth/login_result.go`:
- Around line 191-199: Hoist the common fmt.Fprintln(f.IOStreams.ErrOut,
issue.Message) out of the if/else so it is printed once regardless of
loginSucceeded, then only conditionally emit the extra AuthorizedUser line when
loginSucceeded and msg.AuthorizedUser != ""; replace the double-format pattern
fmt.Fprintf(f.IOStreams.ErrOut, "%s\n", fmt.Sprintf(msg.AuthorizedUser,
userName, openId)) with a single formatting call such as
fmt.Fprintf(f.IOStreams.ErrOut, msg.AuthorizedUser+"\n", userName, openId) (or
fmt.Fprintln with a single fmt.Sprintf) so you remove the unnecessary nested
formatting and keep the same outputs for f.IOStreams.ErrOut, loginSucceeded,
issue.Message, msg.AuthorizedUser, userName and openId.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9d6d3f97-2ce3-433d-afed-9beee74cf505

📥 Commits

Reviewing files that changed from the base of the PR and between 4ff6a6f and 2e04c14.

📒 Files selected for processing (4)

• cmd/auth/login_messages.go
• cmd/auth/login_messages_test.go
• cmd/auth/login_result.go
• cmd/auth/login_test.go

✅ Files skipped from review due to trivial changes (1)

• cmd/auth/login_messages_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• cmd/auth/login_test.go

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 59.05%. Comparing base (6ad25cd) to head (d424367).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/auth/login_result.go	66.66%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #523   +/-   ##
=======================================
  Coverage   59.05%   59.05%           
=======================================
  Files         384      384           
  Lines       32636    32636           
=======================================
  Hits        19274    19274           
- Misses      11553    11554    +1     
+ Partials     1809     1808    -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.