Print project link eagerly from credentials file if possible (#1393)

alexmojaki · web-flow · commit c0efeb093600 · 2025-09-10T14:08:47.000Z
diff --git a/logfire/_internal/config.py b/logfire/_internal/config.py
@@ -897,26 +897,47 @@ def add_span_processor(span_processor: SpanProcessor) -> None:
                 metric_readers = list(self.metrics.additional_readers)
 
             if self.send_to_logfire:
-                credentials: LogfireCredentials | None = None
                 show_project_link: bool = self.console and self.console.show_project_link or False
 
-                # try loading credentials (and thus token) from file if a token is not already available
-                # this takes the lowest priority, behind the token passed to `configure` and the environment variable
-                if not self.token:
+                # Try loading credentials from a file.
+                # If that works, we can use it to immediately print the project link.
+                try:
                     credentials = LogfireCredentials.load_creds_file(self.data_dir)
-
-                    # if we still don't have a token, try initializing a new project and writing a new creds file
+                except Exception:
+                    # If we have a token configured by other means, e.g. the env, no need to worry about the creds file.
+                    if not self.token:
+                        raise
+                    credentials = None
+
+                if not self.token and self.send_to_logfire is True and credentials is None:
+                    # If we don't have a token or credentials from a file,
+                    # try initializing a new project and writing a new creds file.
                     # note, we only do this if `send_to_logfire` is explicitly `True`, not 'if-token-present'
-                    if self.send_to_logfire is True and credentials is None:
-                        client = LogfireClient.from_url(self.advanced.base_url)
-                        credentials = LogfireCredentials.initialize_project(client=client)
-                        credentials.write_creds_file(self.data_dir)
+                    client = LogfireClient.from_url(self.advanced.base_url)
+                    credentials = LogfireCredentials.initialize_project(client=client)
+                    credentials.write_creds_file(self.data_dir)
 
-                    if credentials is not None:
-                        self.token = credentials.token
-                        self.advanced.base_url = self.advanced.base_url or credentials.logfire_api_url
+                if credentials is not None:
+                    # Get token and base_url from credentials if not already set.
+                    # This means that e.g. a token in an env var takes priority over a token in a creds file.
+                    self.token = self.token or credentials.token
+                    self.advanced.base_url = self.advanced.base_url or credentials.logfire_api_url
 
                 if self.token:
+                    if credentials and self.token == credentials.token and show_project_link:
+                        # The creds file contains the project link, so we can display it immediately.
+                        # We do this if the token comes from the creds file or if it was explicitly configured
+                        # and happens to match the creds file anyway.
+                        credentials.print_token_summary()
+                        # Don't print it again in check_token below.
+                        show_project_link = False
+
+                    # Regardless of where the token comes from, check that it's valid.
+                    # Even if it comes from a creds file, it could be revoked or expired.
+                    # If it's valid and we haven't already printed a project link, print it here.
+                    # This may happen some time later in a background thread which can be annoying,
+                    # hence we try to print it eagerly above.
+                    # But we only have the link if we have a creds file, otherwise we only know the token at this point.
 
                     def check_token():
                         assert self.token is not None
diff --git a/tests/test_configure.py b/tests/test_configure.py
@@ -1161,12 +1161,15 @@ def test_initialize_project_create_project(tmp_dir_cwd: Path, tmp_path: Path, ca
         )
 
         logfire.configure(send_to_logfire=True)
+        assert capsys.readouterr().err == 'Logfire project URL: fake_project_url\n'
 
-        for request in request_mocker.request_history[:-1]:
+        for request in request_mocker.request_history[:5]:
             assert request.headers['Authorization'] == 'fake_user_token'
+        assert len(request_mocker.request_history) in (5, 6)
 
         # we check that fake_token is valid now when we configure the project
         wait_for_check_token_thread()
+        assert len(request_mocker.request_history) == 6
         assert request_mocker.request_history[-1].headers['Authorization'] == 'fake_token'
 
         assert request_mocker.request_history[2].json() == create_existing_project_request_json
@@ -1203,7 +1206,6 @@ def test_initialize_project_create_project(tmp_dir_cwd: Path, tmp_path: Path, ca
                 'Project initialized successfully. You will be able to view it at: fake_project_url\nPress Enter to continue',
             ),
         ]
-        assert capsys.readouterr().err == 'Logfire project URL: fake_project_url\n'
 
         assert json.loads((tmp_dir_cwd / '.logfire/logfire_credentials.json').read_text()) == {
             **create_project_response['json'],
@@ -1399,9 +1401,9 @@ def test_send_to_logfire_if_token_present_in_logfire_dir(tmp_path: Path, capsys:
             json={'project_name': 'myproject', 'project_url': 'https://logfire-us.pydantic.dev'},
         )
         configure(send_to_logfire='if-token-present', data_dir=tmp_path)
+        assert capsys.readouterr().err == 'Logfire project URL: https://logfire-us.pydantic.dev\n'
         wait_for_check_token_thread()
         assert len(request_mocker.request_history) == 1
-        assert capsys.readouterr().err == 'Logfire project URL: https://logfire-us.pydantic.dev\n'
 
 
 def test_configure_unknown_token_region(capsys: pytest.CaptureFixture[str]) -> None:
@@ -1422,7 +1424,51 @@ def test_load_creds_file_invalid_json_content(tmp_path: Path):
     creds_file.write_text('invalid-data')
 
     with pytest.raises(LogfireConfigError, match='Invalid credentials file:'):
-        LogfireCredentials.load_creds_file(creds_dir=tmp_path)
+        logfire.configure(data_dir=tmp_path, send_to_logfire=True)
+
+
+def test_load_creds_file_invalid_json_content_with_token_present(tmp_path: Path, capsys: pytest.CaptureFixture[str]):
+    creds_file = tmp_path / 'logfire_credentials.json'
+    creds_file.write_text('invalid-data')
+
+    with patch.dict(os.environ, {'LOGFIRE_TOKEN': 'fake_token'}), requests_mock.Mocker() as request_mocker:
+        request_mocker.get(
+            'https://logfire-us.pydantic.dev/v1/info',
+            json={'project_name': 'myproject', 'project_url': 'fake_project_url'},
+        )
+        logfire.configure(data_dir=tmp_path, send_to_logfire=True)
+        wait_for_check_token_thread()
+        assert len(request_mocker.request_history) == 1
+        assert request_mocker.request_history[0].headers['Authorization'] == 'fake_token'
+        assert capsys.readouterr().err == 'Logfire project URL: fake_project_url\n'
+
+
+def test_load_creds_file_with_token_different_from_env(tmp_path: Path, capsys: pytest.CaptureFixture[str]):
+    creds_file = tmp_path / 'logfire_credentials.json'
+    creds_file.write_text(
+        """
+        {
+            "token": "foobar",
+            "project_name": "myproject",
+            "project_url": "https://logfire-us.pydantic.dev",
+            "logfire_api_url": "https://logfire-us.pydantic.dev"
+        }
+        """
+    )
+
+    with patch.dict(os.environ, {'LOGFIRE_TOKEN': 'fake_token'}), requests_mock.Mocker() as request_mocker:
+        request_mocker.get(
+            'https://logfire-us.pydantic.dev/v1/info',
+            json={'project_name': 'myproject', 'project_url': 'fake_project_url'},
+        )
+        logfire.configure(data_dir=tmp_path, send_to_logfire=True)
+        # not 'foobar' from the creds file. The token in the env var takes precedence.
+        assert logfire.DEFAULT_LOGFIRE_INSTANCE.config.token == 'fake_token'
+
+        wait_for_check_token_thread()
+        assert len(request_mocker.request_history) == 1
+        assert request_mocker.request_history[0].headers['Authorization'] == 'fake_token'
+        assert capsys.readouterr().err == 'Logfire project URL: fake_project_url\n'
 
 
 def test_load_creds_file_legacy_key(tmp_path: Path):
@@ -1447,7 +1493,7 @@ def test_load_creds_file_invalid_key(tmp_path: Path):
     creds_file.write_text('{"test": "test"}')
 
     with pytest.raises(LogfireConfigError, match='Invalid credentials file:'):
-        LogfireCredentials.load_creds_file(creds_dir=tmp_path)
+        logfire.configure(data_dir=tmp_path, send_to_logfire=True)
 
 
 def test_initialize_credentials_from_token_unreachable():
