CLOUDP-329791: Refactor auth check (#4034)

Author: cveticm

internal/cli/root/builder.go

@@ -67,13 +67,11 @@ import (
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/homebrew"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/latestrelease"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/log"
-	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/plugin"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/prerun"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/sighandle"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/telemetry"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/terminal"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/usage"
-	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/validate"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/version"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
@@ -88,18 +86,6 @@ type Notifier struct {
 	writer         io.Writer
 }
 
-type AuthRequirements int64
-
-const (
-	// NoAuth command does not require authentication.
-	NoAuth AuthRequirements = 0
-	// RequiredAuth command requires authentication.
-	RequiredAuth AuthRequirements = 1
-	// OptionalAuth command can work with or without authentication,
-	// and if access token is found, try to refresh it.
-	OptionalAuth AuthRequirements = 2
-)
-
 func handleSignal() {
 	sighandle.Notify(func(sig os.Signal) {
 		telemetry.FinishTrackingCommand(telemetry.TrackOptions{
@@ -149,29 +135,7 @@ Use the --help flag with any command for more info on that command.`,
 				config.SetService(config.CloudService)
 			}
 
-			authReq := shouldCheckCredentials(cmd)
-			if authReq == NoAuth {
-				return nil
-			}
-
-			if err := prerun.ExecuteE(
-				opts.InitFlow(config.Default()),
-				func() error {
-					err := opts.RefreshAccessToken(cmd.Context())
-					if err != nil && authReq == RequiredAuth {
-						return err
-					}
-					return nil
-				},
-			); err != nil {
-				return err
-			}
-
-			if authReq == RequiredAuth {
-				return validate.Credentials()
-			}
-
-			return nil
+			return prerun.ExecuteE(opts.InitFlow(config.Default()))
 		},
 		// PersistentPostRun only runs if the command is successful
 		PersistentPostRun: func(cmd *cobra.Command, _ []string) {
@@ -289,43 +253,6 @@ func shouldSetService(cmd *cobra.Command) bool {
 	return true
 }
 
-func shouldCheckCredentials(cmd *cobra.Command) AuthRequirements {
-	searchByName := []string{
-		"__complete",
-		"help",
-	}
-	for _, n := range searchByName {
-		if cmd.Name() == n {
-			return NoAuth
-		}
-	}
-	customRequirements := map[string]AuthRequirements{
-		fmt.Sprintf("%s %s", atlas, "completion"):  NoAuth,       // completion commands do not require credentials
-		fmt.Sprintf("%s %s", atlas, "config"):      NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "auth"):        NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "register"):    NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "login"):       NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "logout"):      NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "whoami"):      NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "setup"):       NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "register"):    NoAuth,       // user wants to set credentials
-		fmt.Sprintf("%s %s", atlas, "plugin"):      NoAuth,       // plugin functionality requires no authentication
-		fmt.Sprintf("%s %s", atlas, "quickstart"):  NoAuth,       // command supports login
-		fmt.Sprintf("%s %s", atlas, "deployments"): OptionalAuth, // command supports local and Atlas
-	}
-	for p, r := range customRequirements {
-		if strings.HasPrefix(cmd.CommandPath(), p) {
-			return r
-		}
-	}
-
-	if plugin.IsPluginCmd(cmd) || pluginCmd.IsFirstClassPluginCmd(cmd) {
-		return OptionalAuth
-	}
-
-	return RequiredAuth
-}
-
 func formattedVersion() string {
 	return fmt.Sprintf(verTemplate,
 		version.Version,

internal/store/store.go

@@ -55,11 +55,11 @@ type Store struct {
 }
 
 func (s *Store) httpClient(httpTransport http.RoundTripper) (*http.Client, error) {
-	if s.username != "" && s.password != "" {
+	switch {
+	case s.username != "" && s.password != "":
 		t := transport.NewDigestTransport(s.username, s.password, httpTransport)
 		return t.Client()
-	}
-	if s.accessToken != nil {
+	case s.accessToken != nil:
 		tr, err := transport.NewAccessTokenTransport(s.accessToken, httpTransport, func(t *atlasauth.Token) error {
 			config.SetAccessToken(t.AccessToken)
 			config.SetRefreshToken(t.RefreshToken)
@@ -69,10 +69,11 @@ func (s *Store) httpClient(httpTransport http.RoundTripper) (*http.Client, error
 			return nil, err
 		}
 
+		return &http.Client{Transport: tr}, nil
+	default:
+		tr := &transport.AuthRequiredRoundTripper{Base: httpTransport}
 		return &http.Client{Transport: tr}, nil
 	}
-
-	return &http.Client{Transport: httpTransport}, nil
 }
 
 func (s *Store) transport() *http.Transport {

internal/transport/transport.go

@@ -15,13 +15,15 @@
 package transport
 
 import (
+	"fmt"
 	"net"
 	"net/http"
 	"time"
 
 	"github.com/mongodb-forks/digest"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/config"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/oauth"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/validate"
 	atlasauth "go.mongodb.org/atlas/auth"
 )
 
@@ -110,3 +112,24 @@ func (tr *tokenTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 
 	return tr.base.RoundTrip(req)
 }
+
+type AuthRequiredRoundTripper struct {
+	Base http.RoundTripper
+}
+
+func (tr *AuthRequiredRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	resp, err := tr.Base.RoundTrip(req)
+	if resp != nil && resp.StatusCode == http.StatusUnauthorized {
+		return nil, fmt.Errorf(
+			`%w
+
+To log in using your Atlas username and password, run: atlas auth login
+To set credentials using API keys, run: atlas config init`,
+			validate.ErrMissingCredentials,
+		)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}

test/e2e/brew/brew_test.go

@@ -28,7 +28,7 @@ import (
 
 const (
 	profileString = "PROFILE NAME"
-	errorMessage  = "Error: this action requires authentication"
+	errorMessage  = "this action requires authentication"
 )
 
 func TestAtlasCLIConfig(t *testing.T) {