fix: terminate after success for force auth (#55)

pfitzseb · web-flow · commit 4326b89f1a38 · 2025-10-15T01:18:45.000+13:00
* fix: terminate after success for force auth

* chore: also test on 1.11

* fix: test with force=true and tries=2

* fix: correct mock server counting impl

* chore: bump version to v2.3.1
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -34,6 +34,7 @@ jobs:
           - '1.8'
           - '1.9'
           - '1.10'
+          - '1.11'
           - '1' # automatically expands to the latest stable 1.x release
           - 'nightly'
         os:
diff --git a/Project.toml b/Project.toml
@@ -1,7 +1,7 @@
 name = "PkgAuthentication"
 uuid = "4722fa14-9d28-45f9-a1e2-a38605bd88f0"
 authors = ["Sebastian Pfitzner", "contributors"]
-version = "2.3.0"
+version = "2.3.1"
 
 [deps]
 Downloads = "f43a241f-c20a-4ad4-852c-f6b1247861c6"
diff --git a/src/PkgAuthentication.jl b/src/PkgAuthentication.jl
@@ -118,7 +118,7 @@ function authenticate(;
 
     local state
 
-    for i in 1:tries
+    for _ in 1:tries
         initial = force ? NoAuthentication : NeedAuthentication
 
         state = initial(server, auth_suffix)
@@ -131,7 +131,7 @@ function authenticate(;
             state = GenericError((err, catch_backtrace()))
         end
         if state isa Success
-            continue
+            break
         end
     end
 
@@ -766,7 +766,7 @@ function get_server_dir(
     server_dir_pkg = Pkg.PlatformEngines.get_server_dir(url, server)
     if server_dir_pkgauth != server_dir_pkg
         msg =
-            "The PkgAuthentication server directory is not equal to the Pkg server directory." *
+            "The PkgAuthentication server directory is not equal to the Pkg server directory. " *
             "Unexpected behavior may occur."
         @warn msg server_dir_pkgauth server_dir_pkg
     end
diff --git a/test/authserver.jl b/test/authserver.jl
@@ -6,10 +6,17 @@ const CHALLENGE_EXPIRY = 10
 const PORT = 8888
 @enum AuthFlowMode CLASSIC_MODE DEVICE_FLOW_MODE DEVICE_FLOW_NO_SCOPE_MODE
 
-const ID_TOKEN = Random.randstring(100)
 const TOKEN = Ref(Dict())
 const MODE = Ref(CLASSIC_MODE)
 
+const REQUEST_SET = Set()
+# this counts the number of distinct authentication requests made against the server
+function id_token(key)
+    push!(REQUEST_SET, key)
+    token = length(REQUEST_SET)
+    return string(token)
+end
+
 challenge_response_map = Dict()
 challenge_timeout = Dict()
 response_challenge_map = Dict()
@@ -42,8 +49,8 @@ function response_handler(req)
     TOKEN[] = Dict(
         "user_name" => "firstname lastname",
         "user_email" => "user@email.com",
-        "id_token" => "full-" * ID_TOKEN,
-        "access_token" => "full-" * ID_TOKEN,
+        "id_token" => "full-" * id_token(response),
+        "access_token" => "full-" * id_token(response),
         "refresh_token" => refresh_token,
         "refresh_url" => "http://localhost:$(PORT)/auth/renew/token.toml/v2/",
         "expires_in" => EXPIRY,
@@ -89,8 +96,8 @@ function renew_handler(req)
 
     TOKEN[]["refresh_token"] = Random.randstring(10)
     TOKEN[]["expires_at"] = ceil(Int, time() + EXPIRY)
-    TOKEN[]["id_token"] = "refresh-" * ID_TOKEN
-    TOKEN[]["access_token"] = "refresh-" * ID_TOKEN
+    TOKEN[]["id_token"] = "refresh-" * id_token(auth)
+    TOKEN[]["access_token"] = "refresh-" * id_token(auth)
 
     return HTTP.Response(200, sprint(TOML.print, TOKEN[]))
 end
@@ -167,11 +174,11 @@ function auth_device(req)
     end
     authenticated[device_code] = true
     refresh_token = Random.randstring(10)
-    TOKEN[]["access_token"] = "device-$ID_TOKEN"
+    TOKEN[]["access_token"] = "device-$(id_token(user_code))"
     TOKEN[]["token_type"] = "bearer"
     TOKEN[]["expires_in"] = EXPIRY
     TOKEN[]["refresh_token"] = refresh_token
-    TOKEN[]["id_token"] = "device-$ID_TOKEN"
+    TOKEN[]["id_token"] = "device-$(id_token(user_code))"
     return HTTP.Response(200)
 end
 
diff --git a/test/tests.jl b/test/tests.jl
@@ -175,4 +175,24 @@ end
     @test result == (true, true)
 end
 
+@testset "no retries" begin
+    delete_token()
+
+    success = PkgAuthentication.authenticate(test_pkg_server; force=true, tries=2)
+    @test success isa PkgAuthentication.Success
+    m = match(r"^\w+\-(\d+)$", success.token["id_token"])
+    @test !isnothing(m)
+    id1 = tryparse(Int, m.captures[1])
+    @test id1 !== nothing
+
+    success2 = PkgAuthentication.authenticate(test_pkg_server; force=true, tries=2)
+    @test success2 isa PkgAuthentication.Success
+    m2 = match(r"^\w+\-(\d+)$", success2.token["id_token"])
+    @test !isnothing(m2)
+    id2 = tryparse(Int, m2.captures[1])
+
+    @test id2 !== nothing
+    @test id2 == id1 + 1
+end
+
 kill(p)
