auth login: clear stale oid on user-scoped re-login + tests#291
Merged
Conversation
Follow-up to #289. When a user re-runs `auth login --uid X --api-key Y` in an environment that previously held an `--oid + --api-key` login, the old `oid` survived in config because `write_credentials` only writes fields it is given. Subsequent commands would silently pair the new user-scoped credentials with the stale org context. Fix it by dropping the `oid` field from the affected env block right after the write whenever the login was user-scoped (`uid` set, `oid` unset). Mirrors the post-write cleanup pattern already used by the OAuth flow for `api_key`. Also refresh the `--ai-help` text so it advertises the user-scoped shape (`--uid + --api-key`, no `--oid`) that #289 enabled, and add unit tests for the validator branches and the stale-oid cleanup -- neither was covered before. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to #289. Fixes one user-visible bug, refreshes the help text for the new login shape, and adds unit coverage for the validator (none existed before).
oidafter switching to a user-scoped login.write_credentialsonly writes fields it is given, soauth login --uid X --api-key Yin an env that previously held--oid + --api-keyleft the oldoidin place. Subsequent commands silently paired the new user-scoped key with the wrong org context. Fix: popoidfrom the affected env block right after the write whenever the login is user-scoped (uidset,oidunset). Mirrors the post-writeapi_keycleanup the OAuth flow already does.--ai-helptext was stale — still claimed--oid + --api-keywas the only API-key shape. Updated to advertise the user-scoped shape introduced in auth login: allow user-scoped API key without --oid #289.auth loginvalidator. Addedtests/unit/test_cli_auth_login.pycovering the three valid shapes, both error paths, named-env writes, and the new stale-oid cleanup (incl. that other envs are untouched).The brand-new-account / workshop bootstrap flow #289 targeted is unaffected (no prior oid to clear); this only changes behavior on re-login.
Test plan
pytest tests/unit/test_cli_auth_login.py— 11/11 passpytest tests/unit/test_config.py tests/unit/test_cli_commands.py— 77/77 pass (regression check on neighboring surfaces)auth login --oid X --api-key Ythenauth login --uid Z --api-key W, confirm~/.limacharlie.d/config.yamlno longer containsoid: X🤖 Generated with Claude Code