Add stackit auth logout command (#416)

DiogoFerrao · web-flow · commit 9bac68084a5c · 2024-07-19T11:18:18.000+01:00
* initial implementation

* Improve testing

* address PR comments
diff --git a/internal/cmd/auth/auth.go b/internal/cmd/auth/auth.go
@@ -3,6 +3,7 @@ package auth
 import (
 	activateserviceaccount "github.com/stackitcloud/stackit-cli/internal/cmd/auth/activate-service-account"
 	"github.com/stackitcloud/stackit-cli/internal/cmd/auth/login"
+	"github.com/stackitcloud/stackit-cli/internal/cmd/auth/logout"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/args"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/print"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/utils"
@@ -24,5 +25,6 @@ func NewCmd(p *print.Printer) *cobra.Command {
 
 func addSubcommands(cmd *cobra.Command, p *print.Printer) {
 	cmd.AddCommand(login.NewCmd(p))
+	cmd.AddCommand(logout.NewCmd(p))
 	cmd.AddCommand(activateserviceaccount.NewCmd(p))
 }
diff --git a/internal/cmd/auth/logout/logout.go b/internal/cmd/auth/logout/logout.go
@@ -0,0 +1,36 @@
+package logout
+
+import (
+	"fmt"
+
+	"github.com/stackitcloud/stackit-cli/internal/pkg/args"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/auth"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/examples"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/print"
+
+	"github.com/spf13/cobra"
+)
+
+func NewCmd(p *print.Printer) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "logout",
+		Short: "Logs the user account out of the STACKIT CLI",
+		Long:  "Logs the user account out of the STACKIT CLI.",
+		Args:  args.NoArgs,
+		Example: examples.Build(
+			examples.NewExample(
+				`Log out of the STACKIT CLI.`,
+				"$ stackit auth logout"),
+		),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			err := auth.LogoutUser()
+			if err != nil {
+				return fmt.Errorf("log out failed: %w", err)
+			}
+
+			p.Info("Successfully logged out of the STACKIT CLI.\n")
+			return nil
+		},
+	}
+	return cmd
+}
diff --git a/internal/cmd/config/profile/delete/delete.go b/internal/cmd/config/profile/delete/delete.go
@@ -76,9 +76,9 @@ func NewCmd(p *print.Printer) *cobra.Command {
 				return fmt.Errorf("delete profile: %w", err)
 			}
 
-			err = auth.DeleteProfileFromKeyring(model.Profile)
+			err = auth.DeleteProfileAuth(model.Profile)
 			if err != nil {
-				return fmt.Errorf("delete profile from keyring: %w", err)
+				return fmt.Errorf("delete profile authentication: %w", err)
 			}
 
 			p.Info("Successfully deleted profile %q\n", model.Profile)
diff --git a/internal/pkg/auth/storage.go b/internal/pkg/auth/storage.go
@@ -62,6 +62,15 @@ var authFieldKeys = []authFieldKey{
 	authFlowType,
 }
 
+// All fields that are set when a user logs in
+// These fields should match the ones in LoginUser, which is ensured by the tests
+var loginAuthFieldKeys = []authFieldKey{
+	SESSION_EXPIRES_AT_UNIX,
+	ACCESS_TOKEN,
+	REFRESH_TOKEN,
+	USER_EMAIL,
+}
+
 func SetAuthFlow(value AuthFlow) error {
 	return SetAuthField(authFlowType, string(value))
 }
@@ -105,6 +114,65 @@ func setAuthFieldInKeyring(activeProfile string, key authFieldKey, value string)
 	return keyring.Set(keyringService, string(key), value)
 }
 
+func DeleteAuthField(key authFieldKey) error {
+	activeProfile, err := config.GetProfile()
+	if err != nil {
+		return fmt.Errorf("get profile: %w", err)
+	}
+	return deleteAuthFieldWithProfile(activeProfile, key)
+}
+
+func deleteAuthFieldWithProfile(profile string, key authFieldKey) error {
+	err := deleteAuthFieldInKeyring(profile, key)
+	if err != nil {
+		// if the key is not found, we can ignore the error
+		if !errors.Is(err, keyring.ErrNotFound) {
+			errFallback := deleteAuthFieldInEncodedTextFile(profile, key)
+			if errFallback != nil {
+				return fmt.Errorf("delete from keyring failed (%w), try deleting from encoded text file: %w", err, errFallback)
+			}
+		}
+	}
+	return nil
+}
+
+func deleteAuthFieldInEncodedTextFile(activeProfile string, key authFieldKey) error {
+	err := createEncodedTextFile(activeProfile)
+	if err != nil {
+		return err
+	}
+
+	textFileDir := config.GetProfileFolderPath(activeProfile)
+	textFilePath := filepath.Join(textFileDir, textFileName)
+
+	contentEncoded, err := os.ReadFile(textFilePath)
+	if err != nil {
+		return fmt.Errorf("read file: %w", err)
+	}
+	contentBytes, err := base64.StdEncoding.DecodeString(string(contentEncoded))
+	if err != nil {
+		return fmt.Errorf("decode file: %w", err)
+	}
+	content := map[authFieldKey]string{}
+	err = json.Unmarshal(contentBytes, &content)
+	if err != nil {
+		return fmt.Errorf("unmarshal file: %w", err)
+	}
+
+	delete(content, key)
+
+	contentBytes, err = json.Marshal(content)
+	if err != nil {
+		return fmt.Errorf("marshal file: %w", err)
+	}
+	contentEncoded = []byte(base64.StdEncoding.EncodeToString(contentBytes))
+	err = os.WriteFile(textFilePath, contentEncoded, 0o600)
+	if err != nil {
+		return fmt.Errorf("write file: %w", err)
+	}
+	return nil
+}
+
 func deleteAuthFieldInKeyring(activeProfile string, key authFieldKey) error {
 	keyringServiceLocal := keyringService
 	if activeProfile != config.DefaultProfileName {
@@ -273,7 +341,32 @@ func GetProfileEmail(profile string) string {
 	return email
 }
 
-func DeleteProfileFromKeyring(profile string) error {
+func LoginUser(email, accessToken, refreshToken, sessionExpiresAtUnix string) error {
+	authFields := map[authFieldKey]string{
+		SESSION_EXPIRES_AT_UNIX: sessionExpiresAtUnix,
+		ACCESS_TOKEN:            accessToken,
+		REFRESH_TOKEN:           refreshToken,
+		USER_EMAIL:              email,
+	}
+
+	err := SetAuthFieldMap(authFields)
+	if err != nil {
+		return fmt.Errorf("set auth fields: %w", err)
+	}
+	return nil
+}
+
+func LogoutUser() error {
+	for _, key := range loginAuthFieldKeys {
+		err := DeleteAuthField(key)
+		if err != nil {
+			return fmt.Errorf("delete auth field \"%s\": %w", key, err)
+		}
+	}
+	return nil
+}
+
+func DeleteProfileAuth(profile string) error {
 	err := config.ValidateProfile(profile)
 	if err != nil {
 		return fmt.Errorf("validate profile: %w", err)
@@ -284,12 +377,9 @@ func DeleteProfileFromKeyring(profile string) error {
 	}
 
 	for _, key := range authFieldKeys {
-		err := deleteAuthFieldInKeyring(profile, key)
+		err := deleteAuthFieldWithProfile(profile, key)
 		if err != nil {
-			// if the key is not found, we can ignore the error
-			if !errors.Is(err, keyring.ErrNotFound) {
-				return fmt.Errorf("delete auth field \"%s\" from keyring: %w", key, err)
-			}
+			return fmt.Errorf("delete auth field \"%s\": %w", key, err)
 		}
 	}
 
diff --git a/internal/pkg/auth/storage_test.go b/internal/pkg/auth/storage_test.go
diff --git a/internal/pkg/auth/user_login.go b/internal/pkg/auth/user_login.go

Original file line number	Diff line number	Diff line change
`@@ -76,9 +76,9 @@ func NewCmd(p print.Printer) cobra.Command {`
`76`	`76`	`return fmt.Errorf("delete profile: %w", err)`
`77`	`77`	`}`
`78`	`78`
`79`		`- err = auth.DeleteProfileFromKeyring(model.Profile)`
	`79`	`+ err = auth.DeleteProfileAuth(model.Profile)`
`80`	`80`	`if err != nil {`
`81`		`- return fmt.Errorf("delete profile from keyring: %w", err)`
	`81`	`+ return fmt.Errorf("delete profile authentication: %w", err)`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`p.Info("Successfully deleted profile %q\n", model.Profile)`