Skip to content

Fix CLI OAuth review comments#1596

Merged
ChiragAgg5k merged 1 commit into
mainfrom
fix/cli-pr-325-review-comments
Jun 19, 2026
Merged

Fix CLI OAuth review comments#1596
ChiragAgg5k merged 1 commit into
mainfrom
fix/cli-pr-325-review-comments

Conversation

@ChiragAgg5k

Copy link
Copy Markdown
Member

Summary

  • add an HTTP status guard before generated CLI location/download commands write response bodies to disk
  • clean up CLI login oldCurrent handling after account lookup
  • allow stored OAuth access tokens without persisted expiry to be reused, with e2e coverage

Context

Addresses review feedback from appwrite/sdk-for-cli#325 in the generator templates so regenerated CLI output includes the fixes.

Testing

  • php example.php cli
  • composer lint-twig
  • composer refactor:check
  • vendor/bin/phpunit --testsuite Unit
  • vendor/bin/phpunit tests/e2e/CLIBun13Test.php

@greptile-apps

greptile-apps Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR addresses three review items from the upstream CLI SDK: an HTTP status guard for generated file-download commands, cleanup of a redundant oldCurrent initialization in the login flow, and a new early-return path in getValidAccessToken for access tokens that have no stored expiry and no refresh token. The new token-reuse path is correctly restricted to the !refreshToken case so the normal refresh-grant flow is still exercised when a rotation token is available.

  • services.ts.twig: response.ok is now checked before writing the response body to disk, preventing error payloads from being silently saved as files.
  • sdks.ts: Tokens with tokenExpiry === 0 and no refresh token (e.g., manually imported API keys stored as OAuth tokens) are returned as-is rather than triggering a spurious expiry error.
  • auth/login.ts: Removes the unreachable early oldCurrent = getCurrentSession() call that was always overwritten before its first use, with a clarifying comment on the intentional re-read after getCurrentAccount().

Confidence Score: 5/5

All three fixes are narrowly scoped and well-tested; the token-reuse guard is correctly restricted to sessions without a refresh token, preserving the rotation flow for sessions that have one.

The changes are small, targeted, and accompanied by a new e2e test that directly exercises the new code path. The !refreshToken guard in sdks.ts correctly preserves the existing token-rotation path, the HTTP status check in the Twig template is a straightforward defensive guard, and the login.ts cleanup removes dead code without altering any observable behavior.

No files require special attention.

Important Files Changed

Filename Overview
templates/cli/lib/sdks.ts Adds early return for access tokens with no stored expiry and no refresh token — correctly scoped to the no-refresh-token case, addressing the prior review concern.
templates/cli/lib/auth/login.ts Removes redundant early oldCurrent initialization (overwritten before use) and clarifies the post-account-lookup refresh with a comment.
templates/cli/lib/commands/services/services.ts.twig Adds response.ok guard before writing HTTP response bodies to disk, preventing corrupt/error payloads from being saved as files.
tests/e2e/languages/cli/test.js New valid-access-token-missing-expiry test exercises the new no-expiry/no-refresh-token early return path in getValidAccessToken.
tests/e2e/Base.php Registers the new auth:valid-access-token-missing-expiry:passed check in the e2e expected-passing list.

Reviews (2): Last reviewed commit: "Fix CLI OAuth review comments" | Re-trigger Greptile

Comment thread templates/cli/lib/sdks.ts Outdated
@ChiragAgg5k ChiragAgg5k force-pushed the fix/cli-pr-325-review-comments branch from 37ce578 to 17ab29f Compare June 19, 2026 05:29
@ChiragAgg5k ChiragAgg5k merged commit 5be8820 into main Jun 19, 2026
59 checks passed
@ChiragAgg5k ChiragAgg5k deleted the fix/cli-pr-325-review-comments branch June 19, 2026 05:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant