-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix issue where CLI commands making more than one request to rubygems.org needing an OTP code would crash or ask for the code twice #4162
Conversation
Fixes failed commands with access updates: ``` You have enabled multi-factor authentication. Please enter OTP code. Code: 320292 Added yank_rubygem scope to the existing API key You have enabled multifactor authentication but no OTP code provided. Please fill it and retry. ```
The first invocation has one more quirk, which exists in previous versions as well:
It asks for OTP twice because |
It seems ok to me! Something I don't understand is how the scope is getting updated in the current version if it needs an otp code too? |
update scope was promoting for otp, through |
Aahhhh right, sorry, I get it now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me!
Another quirk I see (I haven't tried it but I think it happes from reading the code) is that if --opt
is given on the command line, the given code will be used for sign_in, but then other requests will still ask for an otp code, right?
If we implement your instance variable suggestion, we're it's filled up lazily from either options[:otp]
or asking the user, I think both cases would be fixed?
In any case, this PR keeps existing behaviour and fixes an issue, so if you want to merge this now and fix the other cases later, I'm good with it!
@sonalkr132 Not sure if you're still there, but if you give me the OK now, I'll sneak this into the 3.2.2 release. |
not really. for them the otp is passed from the command file itself (1).
|
options[:otp] gets shared between sigin_in and actual invocation of the command, which previously prompting user twice to enter otp. we can't use `request.add_field` for OTP as it appends values.
44c5fa8
to
b09e932
Compare
assert_match "Password:", @ui.output | ||
assert_match "Signed in with API key:", @ui.output | ||
assert_match response_success, @ui.output | ||
assert_equal '11111', @fetcher.last_request['OTP'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this assert fails with nil
without b09e932
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me @sonalkr132!
I'd like to rename the PR to something more close to the user problem being fixed, maybe: "Fix issue where CLI commands making more than one request to rubygems.org needing an OTP code would crash or ask for the code twice"? |
Anyways, merging. Thanks for fixing this and improving the code all around! |
To clarify why I'd like to rename the PR, our scripts use the PR title to generate the changelog, so the title of the PR is what the users will see when checking the changelog. So the idea would be that PR titles are end user focused. No big deal though! |
Reuse otp passed by user in api request retry (cherry picked from commit ac12b74)
What was the end-user or developer problem that led to this PR?
Fixes failed commands with access update or fist invocation (no local API key):
What is your fix for the problem, implemented in this PR?
reuse otp passed by the user in api request retry
Make sure the following tasks are checked