feat: Validate that auth token provided when needed #1951
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
szokeasaurusrex
commented
Feb 20, 2024
| @@ -251,6 +256,10 @@ pub enum ApiErrorKind { | |||
| CompressionFailed, | |||
| #[error("region overrides cannot be applied to absolute urls")] | |||
| InvalidRegionRequest, | |||
| #[error( | |||
| "Auth token is required for this request. Please run `sentry-cli login` and try again!" | |||
There was a problem hiding this comment.
What do you think of this error message?
loewenheim
approved these changes
Feb 26, 2024
src/commands/info.rs
Outdated
| Err(QuietExit(1).into()) | ||
| } else { | ||
| Ok(()) | ||
| Err(err) => Err(anyhow::anyhow!(err)), |
There was a problem hiding this comment.
I would suggest replacing this entire match:
let info = info_rv?;
if let Some(ref user) = info.user {
println!(" User: {}", user.email);
}
if let Some(ref auth) = info.auth {
println!(" Scopes:");
for scope in &auth.scopes {
println!(" - {scope}");
}
}
Ok(())
There was a problem hiding this comment.
Nice, yeah that looks much cleaner!
Co-authored-by: Sebastian Zivota <[email protected]>
This was referenced Mar 14, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously, if users ran a Sentry CLI command that required authentication via an auth token, the CLI would make the API request, which would fail with a 403 error because the user did not provide any authentication. With this change, we locally validate that the auth token is present whenever it is required, and if it is missing, we do not perform the API request.
This change is implemented by creating a new struct called
AuthenticatedApiin theapi.rsfile. TheAuthenticatedApiholds a reference to anApistruct, whose config has been verified to have a non-None auth. Anauthenticatedfunction has been added to theApistruct. This function ensures theApiit is called on has an auth, and if it does, it returns anOkcontaining anAuthenticatedApiwrapping the&Api; otherwise,authenticatedreturns an error.All high-level
Apifunctions, which call API endpoints requiring authentication (most of the high-levelApifunctions require authentication), have been moved toAuthenticatedApi.Apinow only implements the low-level API functions and the high-level functions that call endpoints which don't require token authentication. All calls to the moved high-level functions have been updated by adding anauthenticated()?call before calling methods requiring authentication.Fixes GH-1905