fix(auth): refresh token before token view

Author: goncalossilva

src/commands/auth/auth.test.ts

@@ -284,16 +284,54 @@ describe('auth command', () => {
             vi.unstubAllEnvs()
         })
 
-        it('prints exactly the stored token to stdout with no envelope (pipe-safe)', async () => {
+        it('prints exactly the current token snapshot to stdout with no envelope (pipe-safe)', async () => {
             vi.stubEnv(TOKEN_ENV_VAR, '')
             storeMocks.active.mockResolvedValue(STORED_SNAPSHOT)
+            mockGetApiTokenSnapshot.mockResolvedValue(STORED_SNAPSHOT)
 
             await createProgram().parseAsync(['node', 'tdc', 'auth', 'token', 'view'])
 
+            expect(mockGetApiTokenSnapshot).toHaveBeenCalledWith(undefined)
             expect(stdoutPayload()).toBe('tk_stored_1234567890')
             expect(consoleSpy).not.toHaveBeenCalled()
         })
 
+        it('refreshes an expired OAuth token before printing', async () => {
+            vi.stubEnv(TOKEN_ENV_VAR, '')
+            const oauthAccount: CommsAccount = {
+                ...STORED_ACCOUNT,
+                oauthClientId: 'tdd_123',
+                authBaseUrl: 'https://todoist.com',
+                authResource: 'https://comms.todoist.com',
+            }
+            storeMocks.active.mockResolvedValue({
+                token: 'tk_expired_1234567890',
+                account: oauthAccount,
+            })
+            mockGetApiTokenSnapshot.mockResolvedValue({
+                token: 'tk_refreshed_1234567890',
+                account: oauthAccount,
+            })
+
+            await createProgram().parseAsync(['node', 'tdc', 'auth', 'token', 'view'])
+
+            expect(mockGetApiTokenSnapshot).toHaveBeenCalledWith(undefined)
+            expect(stdoutPayload()).toBe('tk_refreshed_1234567890')
+        })
+
+        it('prints manual tokens without using the OAuth refresh snapshot path', async () => {
+            vi.stubEnv(TOKEN_ENV_VAR, '')
+            storeMocks.active.mockResolvedValue({
+                token: 'manual_token_1234567890',
+                account: { id: '', label: '', authMode: 'unknown', authScope: '' },
+            })
+
+            await createProgram().parseAsync(['node', 'tdc', 'auth', 'token', 'view'])
+
+            expect(mockGetApiTokenSnapshot).not.toHaveBeenCalled()
+            expect(stdoutPayload()).toBe('manual_token_1234567890')
+        })
+
         it('refuses to print when the env var is set so the CLI does not disclose an unmanaged token', async () => {
             vi.stubEnv(TOKEN_ENV_VAR, 'env_token_supplied_externally')
 
@@ -319,6 +357,7 @@ describe('auth command', () => {
         it('matches per-command --user against the stored account by id', async () => {
             vi.stubEnv(TOKEN_ENV_VAR, '')
             storeMocks.active.mockResolvedValue(STORED_SNAPSHOT)
+            mockGetApiTokenSnapshot.mockResolvedValue(STORED_SNAPSHOT)
 
             await createProgram().parseAsync([
                 'node',
@@ -331,6 +370,7 @@ describe('auth command', () => {
             ])
 
             expect(storeMocks.active).toHaveBeenCalledWith('1')
+            expect(mockGetApiTokenSnapshot).toHaveBeenCalledWith('1')
             expect(stdoutPayload()).toBe('tk_stored_1234567890')
         })
 
@@ -373,16 +413,18 @@ describe('auth command', () => {
             vi.unstubAllEnvs()
         })
 
-        it('threads `tdc --user <ref> auth token view` into store.active', async () => {
+        it('threads `tdc --user <ref> auth token view` into store.active and token refresh', async () => {
             vi.stubEnv(TOKEN_ENV_VAR, '')
             storeMocks.list.mockResolvedValue(STORED_RECORDS)
             storeMocks.active.mockResolvedValue(STORED_SNAPSHOT)
+            mockGetApiTokenSnapshot.mockResolvedValue(STORED_SNAPSHOT)
             process.argv = ['node', 'tdc', '--user', '1', 'auth', 'token', 'view']
             resetGlobalArgs()
 
             await createProgram().parseAsync(['node', 'tdc', 'auth', 'token', 'view'])
 
             expect(storeMocks.active).toHaveBeenCalledWith('1')
+            expect(mockGetApiTokenSnapshot).toHaveBeenCalledWith('1')
             expect(writeSpy.mock.calls.map((c: unknown[]) => String(c[0])).join('')).toBe(
                 'tk_stored_1234567890',
             )

src/commands/auth/index.ts

@@ -1,19 +1,48 @@
-import { attachTokenViewCommand } from '@doist/cli-core/auth'
+import { type AccountRef, attachTokenViewCommand } from '@doist/cli-core/auth'
 import { Command } from 'commander'
-import { createCommsTokenStore } from '../../lib/auth-provider.js'
-import { TOKEN_ENV_VAR } from '../../lib/auth.js'
+import {
+    createCommsTokenStore,
+    isManualTokenAccount,
+    type CommsTokenStore,
+} from '../../lib/auth-provider.js'
+import { getApiTokenSnapshot, NoTokenError, TOKEN_ENV_VAR } from '../../lib/auth.js'
 import { getRequestedUserRef } from '../../lib/global-args.js'
 import { attachCommsLoginCommand } from './login.js'
 import { attachCommsLogoutCommand } from './logout.js'
 import { attachCommsStatusCommand } from './status.js'
 import { withUserRefAware } from './store-wrap.js'
 import { loginWithToken } from './token.js'
 
+function withRefreshAwareTokenViewStore(
+    store: CommsTokenStore,
+    requestedRef: AccountRef | undefined,
+): CommsTokenStore {
+    // cli-core's token-view command reads `store.active()` directly. Wrap that
+    // read so OAuth accounts go through the same refresh-capable snapshot path
+    // as `auth status`, while preserving token-view's existing miss/env/manual
+    // token behavior.
+    return Object.assign(Object.create(store) as CommsTokenStore, {
+        active: async (ref?: AccountRef) => {
+            const effectiveRef = ref ?? requestedRef
+            const snapshot = await store.active(effectiveRef)
+            if (!snapshot || isManualTokenAccount(snapshot.account)) return snapshot
+
+            try {
+                return await getApiTokenSnapshot(effectiveRef)
+            } catch (error) {
+                if (error instanceof NoTokenError) return null
+                throw error
+            }
+        },
+    })
+}
+
 export function registerAuthCommand(program: Command): void {
     const auth = program.command('auth').description('Manage authentication')
 
     const store = createCommsTokenStore()
-    const refAware = withUserRefAware(store, getRequestedUserRef())
+    const requestedRef = getRequestedUserRef()
+    const refAware = withUserRefAware(store, requestedRef)
 
     attachCommsLoginCommand(auth, store)
     attachCommsLogoutCommand(auth, refAware)
@@ -30,7 +59,7 @@ export function registerAuthCommand(program: Command): void {
 
     attachTokenViewCommand(tokenCmd, {
         name: 'view',
-        store: refAware,
+        store: withRefreshAwareTokenViewStore(store, requestedRef),
         envVarName: TOKEN_ENV_VAR,
         description:
             'Print the stored API token for the active user (or --user <ref>) to stdout for use in scripts',