merge with main and adjust endpoint string to URL

Author: peterguy

cmd/src/login.go

@@ -5,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"net/url"
 	"os"
 
 	"github.com/sourcegraph/src-cli/internal/api"
@@ -49,25 +50,25 @@ Examples:
 			return err
 		}
 
+		var loginEndpointURL *url.URL
 		if flagSet.NArg() >= 1 {
 			arg := flagSet.Arg(0)
-			parsed, err := parseEndpoint(arg)
+			u, err := parseEndpoint(arg)
 			if err != nil {
 				return cmderrors.Usage(fmt.Sprintf("invalid endpoint URL: %s", arg))
 			}
-			if parsed.String() != cfg.endpointURL.String() {
-				return cmderrors.Usage(fmt.Sprintf("The configured endpoint is %s, not %s", cfg.endpointURL, parsed))
-			}
+			loginEndpointURL = u
 		}
 
 		client := cfg.apiClient(apiFlags, io.Discard)
 
 		return loginCmd(context.Background(), loginParams{
-			cfg:         cfg,
-			client:      client,
-			out:         os.Stdout,
-			apiFlags:    apiFlags,
-			oauthClient: oauth.NewClient(oauth.DefaultClientID),
+			cfg:              cfg,
+			client:           client,
+			out:              os.Stdout,
+			apiFlags:         apiFlags,
+			oauthClient:      oauth.NewClient(oauth.DefaultClientID),
+			loginEndpointURL: loginEndpointURL,
 		})
 	}
 
@@ -79,11 +80,12 @@ Examples:
 }
 
 type loginParams struct {
-	cfg         *config
-	client      api.Client
-	out         io.Writer
-	apiFlags    *api.Flags
-	oauthClient oauth.Client
+	cfg              *config
+	client           api.Client
+	out              io.Writer
+	apiFlags         *api.Flags
+	oauthClient      oauth.Client
+	loginEndpointURL *url.URL
 }
 
 type loginFlow func(context.Context, loginParams) error
@@ -93,6 +95,7 @@ type loginFlowKind int
 const (
 	loginFlowOAuth loginFlowKind = iota
 	loginFlowMissingAuth
+	loginFlowEndpointConflict
 	loginFlowValidate
 )
 
@@ -108,6 +111,9 @@ func loginCmd(ctx context.Context, p loginParams) error {
 
 // selectLoginFlow decides what login flow to run based on configured AuthMode.
 func selectLoginFlow(p loginParams) (loginFlowKind, loginFlow) {
+	if p.loginEndpointURL != nil && p.loginEndpointURL.String() != p.cfg.endpointURL.String() {
+		return loginFlowEndpointConflict, runEndpointConflictLogin
+	}
 	switch p.cfg.AuthMode() {
 	case AuthModeOAuth:
 		return loginFlowOAuth, runOAuthLogin
@@ -122,7 +128,7 @@ func printLoginProblem(out io.Writer, problem string) {
 	fmt.Fprintf(out, "❌ Problem: %s\n", problem)
 }
 
-func loginAccessTokenMessage(endpoint string) string {
+func loginAccessTokenMessage(endpointURL *url.URL) string {
 	return fmt.Sprintf("\n"+`🛠  To fix: Create an access token by going to %s/user/settings/tokens, then set the following environment variables in your terminal:
 
    export SRC_ENDPOINT=%s
@@ -131,5 +137,5 @@ func loginAccessTokenMessage(endpoint string) string {
    To verify that it's working, run the login command again.
 
    Alternatively, you can try logging in interactively by running: src login %s
-`, endpoint, endpoint, endpoint)
+`, endpointURL, endpointURL, endpointURL)
 }

cmd/src/login_oauth.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net/url"
 	"os/exec"
 	"runtime"
 	"time"
@@ -16,15 +17,14 @@ import (
 var loadStoredOAuthToken = oauth.LoadToken
 
 func runOAuthLogin(ctx context.Context, p loginParams) error {
-	endpoint := p.cfg.endpointURL.String()
-	client, err := oauthLoginClient(ctx, p, endpoint)
+	client, err := oauthLoginClient(ctx, p)
 	if err != nil {
 		printLoginProblem(p.out, fmt.Sprintf("OAuth Device flow authentication failed: %s", err))
-		fmt.Fprintln(p.out, loginAccessTokenMessage(endpoint))
+		fmt.Fprintln(p.out, loginAccessTokenMessage(p.cfg.endpointURL))
 		return cmderrors.ExitCode1
 	}
 
-	if err := validateCurrentUser(ctx, client, p.out, endpoint); err != nil {
+	if err := validateCurrentUser(ctx, client, p.out, p.cfg.endpointURL); err != nil {
 		return err
 	}
 
@@ -37,13 +37,13 @@ func runOAuthLogin(ctx context.Context, p loginParams) error {
 // oauthLoginClient returns a api.Client with the OAuth token set. It will check secret storage for a token
 // and use it if one is present.
 // If no token is found, it will start a OAuth Device flow to get a token and storage in secret storage.
-func oauthLoginClient(ctx context.Context, p loginParams, endpoint string) (api.Client, error) {
+func oauthLoginClient(ctx context.Context, p loginParams) (api.Client, error) {
 	// if we have a stored token, used it. Otherwise run the device flow
-	if token, err := loadStoredOAuthToken(ctx, endpoint); err == nil {
-		return newOAuthAPIClient(p, endpoint, token), nil
+	if token, err := loadStoredOAuthToken(ctx, p.cfg.endpointURL); err == nil {
+		return newOAuthAPIClient(p, token), nil
 	}
 
-	token, err := runOAuthDeviceFlow(ctx, endpoint, p.out, p.oauthClient)
+	token, err := runOAuthDeviceFlow(ctx, p.cfg.endpointURL, p.out, p.oauthClient)
 	if err != nil {
 		return nil, err
 	}
@@ -53,10 +53,10 @@ func oauthLoginClient(ctx context.Context, p loginParams, endpoint string) (api.
 		fmt.Fprintf(p.out, "⚠️  Warning: Failed to store token in keyring store: %q. Continuing with this session only.\n", err)
 	}
 
-	return newOAuthAPIClient(p, endpoint, token), nil
+	return newOAuthAPIClient(p, token), nil
 }
 
-func newOAuthAPIClient(p loginParams, endpoint string, token *oauth.Token) api.Client {
+func newOAuthAPIClient(p loginParams, token *oauth.Token) api.Client {
 	return api.NewClient(api.ClientOpts{
 		EndpointURL:       p.cfg.endpointURL,
 		AdditionalHeaders: p.cfg.additionalHeaders,
@@ -68,8 +68,8 @@ func newOAuthAPIClient(p loginParams, endpoint string, token *oauth.Token) api.C
 	})
 }
 
-func runOAuthDeviceFlow(ctx context.Context, endpoint string, out io.Writer, client oauth.Client) (*oauth.Token, error) {
-	authResp, err := client.Start(ctx, endpoint, nil)
+func runOAuthDeviceFlow(ctx context.Context, endpointURL *url.URL, out io.Writer, client oauth.Client) (*oauth.Token, error) {
+	authResp, err := client.Start(ctx, endpointURL, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -93,12 +93,12 @@ func runOAuthDeviceFlow(ctx context.Context, endpoint string, out io.Writer, cli
 		interval = 5 * time.Second
 	}
 
-	resp, err := client.Poll(ctx, endpoint, authResp.DeviceCode, interval, authResp.ExpiresIn)
+	resp, err := client.Poll(ctx, endpointURL, authResp.DeviceCode, interval, authResp.ExpiresIn)
 	if err != nil {
 		return nil, err
 	}
 
-	token := resp.Token(endpoint)
+	token := resp.Token(endpointURL)
 	token.ClientID = client.ClientID()
 	return token, nil
 }

cmd/src/login_test.go

@@ -97,7 +97,7 @@ func TestLogin(t *testing.T) {
 		}))
 		defer s.Close()
 
-		restoreStoredOAuthLoader(t, func(context.Context, string) (*oauth.Token, error) {
+		restoreStoredOAuthLoader(t, func(_ context.Context, _ *url.URL) (*oauth.Token, error) {
 			return &oauth.Token{
 				Endpoint:    s.URL,
 				ClientID:    oauth.DefaultClientID,
@@ -142,18 +142,18 @@ func (f fakeOAuthClient) ClientID() string {
 	return oauth.DefaultClientID
 }
 
-func (f fakeOAuthClient) Discover(context.Context, string) (*oauth.OIDCConfiguration, error) {
+func (f fakeOAuthClient) Discover(context.Context, *url.URL) (*oauth.OIDCConfiguration, error) {
 	return nil, fmt.Errorf("unexpected call to Discover")
 }
 
-func (f fakeOAuthClient) Start(context.Context, string, []string) (*oauth.DeviceAuthResponse, error) {
+func (f fakeOAuthClient) Start(context.Context, *url.URL, []string) (*oauth.DeviceAuthResponse, error) {
 	if f.startCalled != nil {
 		*f.startCalled = true
 	}
 	return nil, f.startErr
 }
 
-func (f fakeOAuthClient) Poll(context.Context, string, string, time.Duration, int) (*oauth.TokenResponse, error) {
+func (f fakeOAuthClient) Poll(context.Context, *url.URL, string, time.Duration, int) (*oauth.TokenResponse, error) {
 	return nil, fmt.Errorf("unexpected call to Poll")
 }
 
@@ -191,7 +191,7 @@ func TestSelectLoginFlow(t *testing.T) {
 	})
 }
 
-func restoreStoredOAuthLoader(t *testing.T, loader func(context.Context, string) (*oauth.Token, error)) {
+func restoreStoredOAuthLoader(t *testing.T, loader func(context.Context, *url.URL) (*oauth.Token, error)) {
 	t.Helper()
 
 	prev := loadStoredOAuthToken

cmd/src/login_validate.go

@@ -4,26 +4,32 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net/url"
 	"strings"
 
 	"github.com/sourcegraph/src-cli/internal/api"
 	"github.com/sourcegraph/src-cli/internal/cmderrors"
 )
 
 func runMissingAuthLogin(_ context.Context, p loginParams) error {
-	endpoint := p.cfg.endpointURL.String()
-
 	fmt.Fprintln(p.out)
 	printLoginProblem(p.out, "No access token is configured.")
-	fmt.Fprintln(p.out, loginAccessTokenMessage(endpoint))
+	fmt.Fprintln(p.out, loginAccessTokenMessage(p.cfg.endpointURL))
+	return cmderrors.ExitCode1
+}
+
+func runEndpointConflictLogin(_ context.Context, p loginParams) error {
+	fmt.Fprintln(p.out)
+	printLoginProblem(p.out, fmt.Sprintf("The configured endpoint is %s, not %s.", p.cfg.endpointURL, p.loginEndpointURL))
+	fmt.Fprintln(p.out, loginAccessTokenMessage(p.loginEndpointURL))
 	return cmderrors.ExitCode1
 }
 
 func runValidatedLogin(ctx context.Context, p loginParams) error {
-	return validateCurrentUser(ctx, p.client, p.out, p.cfg.endpointURL.String())
+	return validateCurrentUser(ctx, p.client, p.out, p.cfg.endpointURL)
 }
 
-func validateCurrentUser(ctx context.Context, client api.Client, out io.Writer, endpoint string) error {
+func validateCurrentUser(ctx context.Context, client api.Client, out io.Writer, endpointURL *url.URL) error {
 	query := `query CurrentUser { currentUser { username } }`
 	var result struct {
 		CurrentUser *struct{ Username string }
@@ -32,21 +38,21 @@ func validateCurrentUser(ctx context.Context, client api.Client, out io.Writer,
 		if strings.HasPrefix(err.Error(), "error: 401 Unauthorized") || strings.HasPrefix(err.Error(), "error: 403 Forbidden") {
 			printLoginProblem(out, "Invalid access token.")
 		} else {
-			printLoginProblem(out, fmt.Sprintf("Error communicating with %s: %s", endpoint, err))
+			printLoginProblem(out, fmt.Sprintf("Error communicating with %s: %s", endpointURL, err))
 		}
-		fmt.Fprintln(out, loginAccessTokenMessage(endpoint))
+		fmt.Fprintln(out, loginAccessTokenMessage(endpointURL))
 		fmt.Fprintln(out, "   (If you need to supply custom HTTP request headers, see information about SRC_HEADER_* and SRC_HEADERS env vars at https://github.com/sourcegraph/src-cli/blob/main/AUTH_PROXY.md)")
 		return cmderrors.ExitCode1
 	}
 
 	if result.CurrentUser == nil {
 		// This should never happen; we verified there is an access token, so there should always be
 		// a user.
-		printLoginProblem(out, fmt.Sprintf("Unable to determine user on %s.", endpoint))
+		printLoginProblem(out, fmt.Sprintf("Unable to determine user on %s.", endpointURL))
 		return cmderrors.ExitCode1
 	}
 	fmt.Fprintln(out)
-	fmt.Fprintf(out, "✔︎ Authenticated as %s on %s\n", result.CurrentUser.Username, endpoint)
+	fmt.Fprintf(out, "✔︎ Authenticated as %s on %s\n", result.CurrentUser.Username, endpointURL)
 	fmt.Fprintln(out)
 	return nil
 }

cmd/src/main.go

@@ -136,7 +136,7 @@ type config struct {
 	proxyURL          *url.URL
 	proxyPath         string
 	configFilePath    string
-	endpointURL       *url.URL
+	endpointURL       *url.URL // always non-nil; defaults to https://sourcegraph.com via readConfig
 }
 
 // configFromFile holds the config as read from the config file,
@@ -176,7 +176,7 @@ func (c *config) apiClient(flags *api.Flags, out io.Writer) api.Client {
 
 	// Only use OAuth if we do not have SRC_ACCESS_TOKEN set
 	if c.accessToken == "" {
-		if t, err := oauth.LoadToken(context.Background(), c.endpointURL.String()); err == nil {
+		if t, err := oauth.LoadToken(context.Background(), c.endpointURL); err == nil {
 			opts.OAuthToken = t
 		}
 	}