Skip to content

Commit e559cba

Browse files
authored
fix: Cleaner error when not authenticated and token file is missing (#366)
When no token file exists (user never ran `cloudquery login`), `GetToken` now returns a concise "not authenticated" message instead of leaking the wrapped `os.ReadFile` error (`failed to read refresh token: failed to read file: open …/cloudquery/token: no such file or directory`); genuine read errors still surface verbosely. Currently, the error message from `cloudquery switch` right after `cloudquery logout`: > Error: failed to get auth token: failed to read refresh token: failed to read file: open /Users/<me>/Library/Application Support/cloudquery/token: no such file or directory. Hint: You may need to run `cloudquery login` or set CLOUDQUERY_API_KEY
1 parent c9fbe79 commit e559cba

2 files changed

Lines changed: 18 additions & 1 deletion

File tree

auth/token.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package auth
22

33
import (
44
"encoding/json"
5+
"errors"
56
"fmt"
67
"io"
78
"net/http"
@@ -84,7 +85,10 @@ func (tc *TokenClient) GetToken() (Token, error) {
8485
}
8586

8687
refreshToken, err := ReadRefreshToken()
87-
if err != nil {
88+
switch {
89+
case errors.Is(err, os.ErrNotExist):
90+
return UndefinedToken, fmt.Errorf("not authenticated. Hint: You may need to run `cloudquery login` or set %s", EnvVarCloudQueryAPIKey)
91+
case err != nil:
8892
return UndefinedToken, fmt.Errorf("failed to read refresh token: %w. Hint: You may need to run `cloudquery login` or set %s", err, EnvVarCloudQueryAPIKey)
8993
}
9094
if refreshToken == "" {

auth/token_test.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import (
99
"testing"
1010
"time"
1111

12+
"github.com/cloudquery/cloudquery-api-go/config"
1213
"github.com/stretchr/testify/assert"
1314
"github.com/stretchr/testify/require"
1415
)
@@ -41,6 +42,18 @@ func TestRefreshToken_Removal(t *testing.T) {
4142
require.Error(t, err)
4243
}
4344

45+
func TestTokenClient_GetToken_NotAuthenticated(t *testing.T) {
46+
t.Setenv(EnvVarCloudQueryAPIKey, "")
47+
require.NoError(t, config.SetDataHome(t.TempDir()))
48+
defer func() { require.NoError(t, config.UnsetDataHome()) }()
49+
50+
_, err := NewTokenClient().GetToken()
51+
require.Error(t, err)
52+
require.Contains(t, err.Error(), "not authenticated")
53+
require.NotContains(t, err.Error(), "no such file")
54+
require.NotContains(t, err.Error(), "failed to read file")
55+
}
56+
4457
func TestToken_Stringer(t *testing.T) {
4558
token := Token{Type: BearerToken, Value: "my_token"}
4659
out := fmt.Sprintf("Bearer %s", token)

0 commit comments

Comments
 (0)