JA-17729 - Provide ability to disable refresh token

arshjotk · arshjotk · commit 2b202274ae35 · 2025-09-24T13:10:47.000+05:30
diff --git a/plugins/common/server.go b/plugins/common/server.go
@@ -61,6 +61,7 @@ func CreateServerDetailsFromFlags(c *components.Context) (details *config.Server
 		details.ServerId = os.Getenv(coreutils.ServerID)
 	}
 	details.InsecureTls = c.GetBoolFlagValue("insecure-tls")
+	details.DisableTokenRefresh = c.GetBoolFlagValue("disable-token-refresh")
 	return
 }
 
diff --git a/utils/config/config.go b/utils/config/config.go
@@ -601,6 +601,7 @@ type ServerDetails struct {
 	IsDefault                       bool   `json:"isDefault,omitempty"`
 	InsecureTls                     bool   `json:"-"`
 	WebLogin                        bool   `json:"webLogin,omitempty"`
+	DisableTokenRefresh             bool   `json:"disableTokenRefresh,omitempty"`
 }
 
 // Deprecated
@@ -802,7 +803,7 @@ func (serverDetails *ServerDetails) createAuthConfig(details auth.ServiceDetails
 	// If refresh token is not empty, set a refresh handler and skip other credentials.
 	// First we check access's token, if empty we check artifactory's token.
 	switch {
-	case serverDetails.RefreshToken != "":
+	case serverDetails.RefreshToken != "" && !serverDetails.DisableTokenRefresh:
 		// Save serverId for refreshing if needed. If empty serverId is saved, default will be used.
 		tokenRefreshServerId = serverDetails.ServerId
 		details.AppendPreRequestFunction(AccessTokenRefreshPreRequestInterceptor)
diff --git a/utils/config/config_test.go b/utils/config/config_test.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/log"
+	artifactoryAuth "github.com/jfrog/jfrog-client-go/artifactory/auth"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/stretchr/testify/assert"
 )
@@ -421,3 +422,104 @@ func assertCertsMigration(t *testing.T) {
 	// Verify only the certs were moved
 	assert.Len(t, files, 2)
 }
+
+func TestCreateAuthConfigAppendPreRequestFunctionBehavior(t *testing.T) {
+	test := []struct {
+		name                       string
+		serverDetails              *ServerDetails
+		shouldCallAppendPreRequest bool
+	}{
+		{
+			name: "DisableTokenRefreshTrue_NoRefreshTokens",
+			serverDetails: &ServerDetails{
+				ServerId:            "test-server",
+				AccessToken:         "access-token-123",
+				User:                "testuser",
+				Password:            "testpass",
+				DisableTokenRefresh: true,
+			},
+			shouldCallAppendPreRequest: false,
+		},
+		{
+			name: "DisableTokenRefreshTrue_WithRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:            "test-server",
+				AccessToken:         "access-token-123",
+				RefreshToken:        "refresh-token-456",
+				User:                "testuser",
+				Password:            "testpass",
+				DisableTokenRefresh: true,
+			},
+			shouldCallAppendPreRequest: false,
+		},
+		{
+			name: "DisableTokenRefreshFalse_WithRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:            "test-server",
+				AccessToken:         "access-token-123",
+				RefreshToken:        "refresh-token-456",
+				User:                "testuser",
+				Password:            "testpass",
+				DisableTokenRefresh: false,
+			},
+			shouldCallAppendPreRequest: true,
+		},
+		{
+			name: "DisableTokenRefreshDefault_WithRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:     "test-server",
+				AccessToken:  "access-token-123",
+				RefreshToken: "refresh-token-456",
+				User:         "testuser",
+				Password:     "testpass",
+			},
+			shouldCallAppendPreRequest: true,
+		},
+		{
+			name: "DisableTokenRefreshTrue_WithArtifactoryRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:                "test-server",
+				AccessToken:             "access-token-123",
+				ArtifactoryRefreshToken: "artifactory-refresh-token-789",
+				User:                    "testuser",
+				Password:                "testpass",
+				DisableTokenRefresh:     true,
+			},
+			shouldCallAppendPreRequest: true,
+		},
+		{
+			name: "DisableTokenRefreshFalse_WithArtifactoryRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:                "test-server",
+				AccessToken:             "access-token-123",
+				ArtifactoryRefreshToken: "artifactory-refresh-token-789",
+				User:                    "testuser",
+				Password:                "testpass",
+				DisableTokenRefresh:     false,
+			},
+			shouldCallAppendPreRequest: true,
+		},
+	}
+
+	for _, tt := range test {
+		t.Run(tt.name, func(t *testing.T) {
+			artDetails := artifactoryAuth.NewArtifactoryDetails()
+			artDetails.SetUrl("https://test.com/artifactory/")
+
+			result, err := tt.serverDetails.createAuthConfig(artDetails)
+
+			assert.NoError(t, err)
+			assert.Equal(t, artDetails, result)
+
+			if tt.shouldCallAppendPreRequest {
+				// AppendPreRequestFunction was called - should use token refresh, not basic auth
+				assert.Equal(t, "", result.GetUser(), "User should be empty when AppendPreRequestFunction is called (token refresh enabled)")
+				assert.Equal(t, "", result.GetPassword(), "Password should be empty when AppendPreRequestFunction is called (token refresh enabled)")
+			} else {
+				// AppendPreRequestFunction was NOT called - should use basic auth
+				assert.Equal(t, tt.serverDetails.User, result.GetUser(), "User should be set when AppendPreRequestFunction is NOT called (basic auth)")
+				assert.Equal(t, tt.serverDetails.Password, result.GetPassword(), "Password should be set when AppendPreRequestFunction is NOT called (basic auth)")
+			}
+		})
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@ func CreateServerDetailsFromFlags(c components.Context) (details config.Server`
`61`	`61`	`details.ServerId = os.Getenv(coreutils.ServerID)`
`62`	`62`	`}`
`63`	`63`	`details.InsecureTls = c.GetBoolFlagValue("insecure-tls")`
	`64`	`+ details.DisableTokenRefresh = c.GetBoolFlagValue("disable-token-refresh")`
`64`	`65`	`return`
`65`	`66`	`}`
`66`	`67`