clean up tests and update function in keyring for cleaner code

BartoszBlizniak · BartoszBlizniak · commit b08afd304c0a · 2026-02-06T15:08:12.000Z
diff --git a/cloudsmith_cli/cli/tests/commands/test_auth.py b/cloudsmith_cli/cli/tests/commands/test_auth.py
@@ -1,6 +1,5 @@
 """Tests for the auth command."""
 
-import os
 from unittest.mock import MagicMock, patch
 
 import pytest
@@ -47,69 +46,58 @@ def mock_auth_server():
 class TestAuthenticateCommand:
     """Tests for the authenticate command."""
 
-    def test_no_keyring_flag_passed_to_webserver(
+    def test_auth_command_invokes_webserver(
         self,
         runner,
         mock_saml_session,
         mock_get_idp_url,
         mock_webbrowser,
         mock_auth_server,
     ):
-        """Verify --no-keyring flag is passed to AuthenticationWebServer."""
+        """Verify auth command creates AuthenticationWebServer."""
         runner.invoke(
             authenticate,
-            ["--owner", "testorg", "--no-keyring"],
+            ["--owner", "testorg"],
             catch_exceptions=False,
         )
 
-        # Verify AuthenticationWebServer was called with no_keyring=True
+        # Verify AuthenticationWebServer was called
         mock_auth_server.assert_called_once()
-        call_kwargs = mock_auth_server.call_args.kwargs
-        assert call_kwargs.get("no_keyring") is True
 
-    def test_no_keyring_flag_defaults_to_false(
+    def test_auth_command_opens_browser(
         self,
         runner,
         mock_saml_session,
         mock_get_idp_url,
         mock_webbrowser,
         mock_auth_server,
     ):
-        """Verify no_keyring defaults to False when flag not provided."""
+        """Verify auth command opens browser with IDP URL."""
         runner.invoke(
             authenticate,
             ["--owner", "testorg"],
             catch_exceptions=False,
         )
 
-        # Verify AuthenticationWebServer was called with no_keyring=False
-        mock_auth_server.assert_called_once()
-        call_kwargs = mock_auth_server.call_args.kwargs
-        assert call_kwargs.get("no_keyring") is False
+        # Verify browser was opened
+        mock_webbrowser.open.assert_called_once_with("https://idp.example.com/saml")
 
-    def test_no_keyring_flag_sets_env_var(
+    def test_auth_command_passes_owner_to_webserver(
         self,
         runner,
         mock_saml_session,
         mock_get_idp_url,
         mock_webbrowser,
         mock_auth_server,
     ):
-        """Verify --no-keyring flag sets CLOUDSMITH_NO_KEYRING env var."""
-        # Ensure env var is not set before test
-        env_backup = os.environ.copy()
-        os.environ.pop("CLOUDSMITH_NO_KEYRING", None)
-
-        try:
-            runner.invoke(
-                authenticate,
-                ["--owner", "testorg", "--no-keyring"],
-                catch_exceptions=False,
-            )
-
-            # Verify environment variable was set
-            assert os.environ.get("CLOUDSMITH_NO_KEYRING") == "1"
-        finally:
-            # Restore original environment
-            os.environ.clear()
-            os.environ.update(env_backup)
+        """Verify owner is passed to AuthenticationWebServer."""
+        runner.invoke(
+            authenticate,
+            ["--owner", "testorg"],
+            catch_exceptions=False,
+        )
+
+        # Verify AuthenticationWebServer was called with owner
+        mock_auth_server.assert_called_once()
+        call_kwargs = mock_auth_server.call_args.kwargs
+        assert call_kwargs.get("owner") == "testorg"
diff --git a/cloudsmith_cli/cli/tests/test_webserver.py b/cloudsmith_cli/cli/tests/test_webserver.py
@@ -1,6 +1,5 @@
 """Tests for the webserver module."""
 
-import os
 from unittest.mock import MagicMock, PropertyMock, patch
 
 import pytest
@@ -28,74 +27,65 @@ def mock_handler(self):
             return handler
 
     def test_store_sso_tokens_called_when_keyring_enabled(self, mock_handler):
-        """Verify store_sso_tokens is called when keyring is enabled."""
-        # Ensure env var is not set
-        env = os.environ.copy()
-        env.pop("CLOUDSMITH_NO_KEYRING", None)
+        """Verify store_sso_tokens is called and returns True when keyring is enabled."""
+        with patch(
+            "cloudsmith_cli.cli.webserver.store_sso_tokens", return_value=True
+        ) as mock_store:
+            with patch.object(mock_handler, "_return_success_response"):
+                with patch.object(
+                    AuthenticationWebRequestHandler,
+                    "query_data",
+                    new_callable=PropertyMock,
+                ) as mock_query:
+                    with patch.object(
+                        AuthenticationWebRequestHandler,
+                        "api_host",
+                        new_callable=PropertyMock,
+                    ) as mock_host:
+                        mock_query.return_value = {
+                            "access_token": "test_access_token",
+                            "refresh_token": "test_refresh_token",
+                        }
+                        mock_host.return_value = "https://api.cloudsmith.io"
 
-        with patch.dict(os.environ, env, clear=True):
-            with patch("cloudsmith_cli.cli.webserver.store_sso_tokens") as mock_store:
-                with patch(
-                    "cloudsmith_cli.cli.webserver.should_use_keyring", return_value=True
-                ):
-                    with patch.object(mock_handler, "_return_success_response"):
+                        mock_handler.do_GET()
+
+                        mock_store.assert_called_once_with(
+                            "https://api.cloudsmith.io",
+                            "test_access_token",
+                            "test_refresh_token",
+                        )
+
+    def test_message_shown_when_keyring_disabled(self, mock_handler):
+        """Verify message is shown when store_sso_tokens returns False."""
+        with patch(
+            "cloudsmith_cli.cli.webserver.store_sso_tokens", return_value=False
+        ) as mock_store:
+            with patch("click.echo") as mock_echo:
+                with patch.object(mock_handler, "_return_success_response"):
+                    with patch.object(
+                        AuthenticationWebRequestHandler,
+                        "query_data",
+                        new_callable=PropertyMock,
+                    ) as mock_query:
                         with patch.object(
                             AuthenticationWebRequestHandler,
-                            "query_data",
+                            "api_host",
                             new_callable=PropertyMock,
-                        ) as mock_query:
-                            with patch.object(
-                                AuthenticationWebRequestHandler,
-                                "api_host",
-                                new_callable=PropertyMock,
-                            ) as mock_host:
-                                mock_query.return_value = {
-                                    "access_token": "test_access_token",
-                                    "refresh_token": "test_refresh_token",
-                                }
-                                mock_host.return_value = "https://api.cloudsmith.io"
-
-                                mock_handler.do_GET()
-
-                                mock_store.assert_called_once_with(
-                                    "https://api.cloudsmith.io",
-                                    "test_access_token",
-                                    "test_refresh_token",
-                                )
-
-    def test_store_sso_tokens_not_called_when_keyring_disabled(self, mock_handler):
-        """Verify store_sso_tokens is NOT called when CLOUDSMITH_NO_KEYRING=1."""
-        with patch.dict(os.environ, {"CLOUDSMITH_NO_KEYRING": "1"}):
-            with patch("cloudsmith_cli.cli.webserver.store_sso_tokens") as mock_store:
-                with patch(
-                    "cloudsmith_cli.cli.webserver.should_use_keyring",
-                    return_value=False,
-                ):
-                    with patch("click.echo") as mock_echo:
-                        with patch.object(mock_handler, "_return_success_response"):
-                            with patch.object(
-                                AuthenticationWebRequestHandler,
-                                "query_data",
-                                new_callable=PropertyMock,
-                            ) as mock_query:
-                                with patch.object(
-                                    AuthenticationWebRequestHandler,
-                                    "api_host",
-                                    new_callable=PropertyMock,
-                                ) as mock_host:
-                                    mock_query.return_value = {
-                                        "access_token": "test_access_token",
-                                        "refresh_token": "test_refresh_token",
-                                    }
-                                    mock_host.return_value = "https://api.cloudsmith.io"
+                        ) as mock_host:
+                            mock_query.return_value = {
+                                "access_token": "test_access_token",
+                                "refresh_token": "test_refresh_token",
+                            }
+                            mock_host.return_value = "https://api.cloudsmith.io"
 
-                                    mock_handler.do_GET()
+                            mock_handler.do_GET()
 
-                                    # store_sso_tokens should NOT be called
-                                    mock_store.assert_not_called()
+                            # store_sso_tokens should be called (returns False)
+                            mock_store.assert_called_once()
 
-                                    # Message should be displayed to stderr
-                                    mock_echo.assert_called_once_with(
-                                        "SSO tokens not stored (CLOUDSMITH_NO_KEYRING is set)",
-                                        err=True,
-                                    )
+                            # Message should be displayed to stderr
+                            mock_echo.assert_called_once_with(
+                                "SSO tokens not stored (CLOUDSMITH_NO_KEYRING is set)",
+                                err=True,
+                            )
diff --git a/cloudsmith_cli/cli/webserver.py b/cloudsmith_cli/cli/webserver.py
@@ -9,7 +9,7 @@
 
 from ..core.api.exceptions import ApiException
 from ..core.api.init import initialise_api
-from ..core.keyring import should_use_keyring, store_sso_tokens
+from ..core.keyring import store_sso_tokens
 from .saml import exchange_2fa_token
 
 
@@ -200,13 +200,7 @@ def do_GET(self):
 
         try:
             if access_token:
-                if should_use_keyring():
-                    store_sso_tokens(
-                        self.api_host,
-                        access_token,
-                        refresh_token,
-                    )
-                else:
+                if not store_sso_tokens(self.api_host, access_token, refresh_token):
                     click.echo(
                         "SSO tokens not stored (CLOUDSMITH_NO_KEYRING is set)",
                         err=True,
@@ -226,13 +220,7 @@ def do_GET(self):
                 access_token, refresh_token = exchange_2fa_token(
                     self.api_host, two_factor_token, totp_token, session=self.session
                 )
-                if should_use_keyring():
-                    store_sso_tokens(
-                        self.api_host,
-                        access_token,
-                        refresh_token,
-                    )
-                else:
+                if not store_sso_tokens(self.api_host, access_token, refresh_token):
                     click.echo(
                         "SSO tokens not stored (CLOUDSMITH_NO_KEYRING is set)",
                         err=True,
diff --git a/cloudsmith_cli/core/keyring.py b/cloudsmith_cli/core/keyring.py
@@ -92,9 +92,15 @@ def get_refresh_token(api_host):
 
 
 def store_sso_tokens(api_host, access_token, refresh_token):
+    """Store SSO tokens in keyring if enabled."""
+    if not should_use_keyring():
+        return False
+
     if access_token:
         store_access_token(api_host=api_host, access_token=access_token)
         update_refresh_attempted_at(api_host=api_host)
 
     if refresh_token:
         store_refresh_token(api_host=api_host, refresh_token=refresh_token)
+
+    return True
diff --git a/cloudsmith_cli/core/tests/test_keyring.py b/cloudsmith_cli/core/tests/test_keyring.py
@@ -184,8 +184,14 @@ def test_get_refresh_token_when_error_raised(
     @freeze_time("2024-06-01 10:00:00")
     def test_store_sso_tokens(self, mock_get_user, mock_set_password):
         refresh_attempted_at = datetime.utcnow().isoformat()
-        store_sso_tokens(self.api_host, "access_token", "refresh_token")
 
+        # Ensure keyring is enabled
+        env = os.environ.copy()
+        env.pop("CLOUDSMITH_NO_KEYRING", None)
+        with patch.dict(os.environ, env, clear=True):
+            result = store_sso_tokens(self.api_host, "access_token", "refresh_token")
+
+        assert result is True
         assert mock_set_password.call_count == 3
         mock_set_password.assert_any_call(
             "cloudsmith_cli-access_token-https://example.com",
@@ -203,6 +209,16 @@ def test_store_sso_tokens(self, mock_get_user, mock_set_password):
             "refresh_token",
         )
 
+    def test_store_sso_tokens_returns_false_when_keyring_disabled(
+        self, mock_get_user, mock_set_password
+    ):
+        """Verify store_sso_tokens returns False and doesn't store when keyring disabled."""
+        with patch.dict(os.environ, {"CLOUDSMITH_NO_KEYRING": "1"}):
+            result = store_sso_tokens(self.api_host, "access_token", "refresh_token")
+
+        assert result is False
+        mock_set_password.assert_not_called()
+
 
 class TestShouldUseKeyring:
     """Tests for the should_use_keyring function."""
