Revert "CLOUDP-329791: Refactor auth check" (#4035)

Author: cveticm

internal/cli/root/builder.go

@@ -67,11 +67,13 @@ import (
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/homebrew"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/latestrelease"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/log"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/plugin"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/prerun"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/sighandle"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/telemetry"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/terminal"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/usage"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/validate"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/version"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
@@ -86,6 +88,18 @@ type Notifier struct {
 	writer         io.Writer
 }
 
+type AuthRequirements int64
+
+const (
+	// NoAuth command does not require authentication.
+	NoAuth AuthRequirements = 0
+	// RequiredAuth command requires authentication.
+	RequiredAuth AuthRequirements = 1
+	// OptionalAuth command can work with or without authentication,
+	// and if access token is found, try to refresh it.
+	OptionalAuth AuthRequirements = 2
+)
+
 func handleSignal() {
 	sighandle.Notify(func(sig os.Signal) {
 		telemetry.FinishTrackingCommand(telemetry.TrackOptions{
@@ -135,7 +149,29 @@ Use the --help flag with any command for more info on that command.`,
 				config.SetService(config.CloudService)
 			}
 
-			return prerun.ExecuteE(opts.InitFlow(config.Default()))
+			authReq := shouldCheckCredentials(cmd)
+			if authReq == NoAuth {
+				return nil
+			}
+
+			if err := prerun.ExecuteE(
+				opts.InitFlow(config.Default()),
+				func() error {
+					err := opts.RefreshAccessToken(cmd.Context())
+					if err != nil && authReq == RequiredAuth {
+						return err
+					}
+					return nil
+				},
+			); err != nil {
+				return err
+			}
+
+			if authReq == RequiredAuth {
+				return validate.Credentials()
+			}
+
+			return nil
 		},
 		// PersistentPostRun only runs if the command is successful
 		PersistentPostRun: func(cmd *cobra.Command, _ []string) {
@@ -253,6 +289,43 @@ func shouldSetService(cmd *cobra.Command) bool {
 	return true
 }
 
+func shouldCheckCredentials(cmd *cobra.Command) AuthRequirements {
+	searchByName := []string{
+		"__complete",
+		"help",
+	}
+	for _, n := range searchByName {
+		if cmd.Name() == n {
+			return NoAuth
+		}
+	}
+	customRequirements := map[string]AuthRequirements{
+		fmt.Sprintf("%s %s", atlas, "completion"):  NoAuth,       // completion commands do not require credentials
+		fmt.Sprintf("%s %s", atlas, "config"):      NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "auth"):        NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "register"):    NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "login"):       NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "logout"):      NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "whoami"):      NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "setup"):       NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "register"):    NoAuth,       // user wants to set credentials
+		fmt.Sprintf("%s %s", atlas, "plugin"):      NoAuth,       // plugin functionality requires no authentication
+		fmt.Sprintf("%s %s", atlas, "quickstart"):  NoAuth,       // command supports login
+		fmt.Sprintf("%s %s", atlas, "deployments"): OptionalAuth, // command supports local and Atlas
+	}
+	for p, r := range customRequirements {
+		if strings.HasPrefix(cmd.CommandPath(), p) {
+			return r
+		}
+	}
+
+	if plugin.IsPluginCmd(cmd) || pluginCmd.IsFirstClassPluginCmd(cmd) {
+		return OptionalAuth
+	}
+
+	return RequiredAuth
+}
+
 func formattedVersion() string {
 	return fmt.Sprintf(verTemplate,
 		version.Version,

internal/store/store.go

@@ -55,11 +55,11 @@ type Store struct {
 }
 
 func (s *Store) httpClient(httpTransport http.RoundTripper) (*http.Client, error) {
-	switch {
-	case s.username != "" && s.password != "":
+	if s.username != "" && s.password != "" {
 		t := transport.NewDigestTransport(s.username, s.password, httpTransport)
 		return t.Client()
-	case s.accessToken != nil:
+	}
+	if s.accessToken != nil {
 		tr, err := transport.NewAccessTokenTransport(s.accessToken, httpTransport, func(t *atlasauth.Token) error {
 			config.SetAccessToken(t.AccessToken)
 			config.SetRefreshToken(t.RefreshToken)
@@ -69,11 +69,10 @@ func (s *Store) httpClient(httpTransport http.RoundTripper) (*http.Client, error
 			return nil, err
 		}
 
-		return &http.Client{Transport: tr}, nil
-	default:
-		tr := &transport.AuthRequiredRoundTripper{Base: httpTransport}
 		return &http.Client{Transport: tr}, nil
 	}
+
+	return &http.Client{Transport: httpTransport}, nil
 }
 
 func (s *Store) transport() *http.Transport {

internal/transport/transport.go

@@ -15,15 +15,13 @@
 package transport
 
 import (
-	"fmt"
 	"net"
 	"net/http"
 	"time"
 
 	"github.com/mongodb-forks/digest"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/config"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/oauth"
-	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/validate"
 	atlasauth "go.mongodb.org/atlas/auth"
 )
 
@@ -112,24 +110,3 @@ func (tr *tokenTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 
 	return tr.base.RoundTrip(req)
 }
-
-type AuthRequiredRoundTripper struct {
-	Base http.RoundTripper
-}
-
-func (tr *AuthRequiredRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	resp, err := tr.Base.RoundTrip(req)
-	if resp != nil && resp.StatusCode == http.StatusUnauthorized {
-		return nil, fmt.Errorf(
-			`%w
-
-To log in using your Atlas username and password, run: atlas auth login
-To set credentials using API keys, run: atlas config init`,
-			validate.ErrMissingCredentials,
-		)
-	}
-	if err != nil {
-		return nil, err
-	}
-	return resp, nil
-}

test/e2e/brew/brew_test.go

@@ -28,7 +28,7 @@ import (
 
 const (
 	profileString = "PROFILE NAME"
-	errorMessage  = "this action requires authentication"
+	errorMessage  = "Error: this action requires authentication"
 )
 
 func TestAtlasCLIConfig(t *testing.T) {