bzr 0.4.0

A CLI for Bugzilla, inspired by gh
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386

#![expect(clippy::unwrap_used)]

use wiremock::matchers::{header, method, path, query_param};
use wiremock::{Mock, MockServer, ResponseTemplate};

use super::*;
use crate::client::test_helpers::test_http_client;
use crate::http::AUTH_HEADER_NAME;

#[tokio::test]
async fn header_auth_succeeds() {
    let server = MockServer::start().await;
    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"id": 42})))
        .mount(&server)
        .await;

    let result = detect_auth_method(&test_http_client(), &server.uri(), "test-key", None)
        .await
        .unwrap();
    assert_eq!(result, AuthMethod::Header);
}

#[tokio::test]
async fn falls_back_to_query_param() {
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(ResponseTemplate::new(401))
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .and(query_param(crate::http::AUTH_QUERY_PARAM, "test-key"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"id": 7})))
        .mount(&server)
        .await;

    let result = detect_auth_method(&test_http_client(), &server.uri(), "test-key", None)
        .await
        .unwrap();
    assert_eq!(result, AuthMethod::QueryParam);
}

#[tokio::test]
async fn whoami_404_falls_back_to_valid_login_header() {
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(404))
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/valid_login"))
        .and(query_param("login", "user@example.com"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": true})))
        .mount(&server)
        .await;

    let result = detect_auth_method(
        &test_http_client(),
        &server.uri(),
        "test-key",
        Some("user@example.com"),
    )
    .await
    .unwrap();
    assert_eq!(result, AuthMethod::Header);
}

#[tokio::test]
async fn valid_login_query_param_but_header_works_on_api() {
    // Simulates IBM LTC-style servers: valid_login rejects header auth
    // but actual API endpoints accept it. Should prefer header.
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(404))
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/valid_login"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(
            ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": false})),
        )
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/valid_login"))
        .and(query_param("login", "user@example.com"))
        .and(query_param(crate::http::AUTH_QUERY_PARAM, "test-key"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": true})))
        .mount(&server)
        .await;

    // Header auth works on real API endpoints
    Mock::given(method("GET"))
        .and(path("/rest/bug"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"bugs": []})))
        .mount(&server)
        .await;

    let result = detect_auth_method(
        &test_http_client(),
        &server.uri(),
        "test-key",
        Some("user@example.com"),
    )
    .await
    .unwrap();
    assert_eq!(result, AuthMethod::Header);
}

#[tokio::test]
async fn valid_login_query_param_and_header_fails_on_api() {
    // Server truly only supports query_param: valid_login and API
    // endpoints both reject header auth.
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(404))
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/valid_login"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(
            ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": false})),
        )
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/valid_login"))
        .and(query_param("login", "user@example.com"))
        .and(query_param(crate::http::AUTH_QUERY_PARAM, "test-key"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": true})))
        .mount(&server)
        .await;

    // Header auth rejected on real API endpoints
    Mock::given(method("GET"))
        .and(path("/rest/bug"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(ResponseTemplate::new(401))
        .mount(&server)
        .await;

    let result = detect_auth_method(
        &test_http_client(),
        &server.uri(),
        "test-key",
        Some("user@example.com"),
    )
    .await
    .unwrap();
    assert_eq!(result, AuthMethod::QueryParam);
}

#[tokio::test]
async fn whoami_401_no_email_gives_api_key_error() {
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(401))
        .mount(&server)
        .await;

    let result = detect_auth_method(&test_http_client(), &server.uri(), "test-key", None).await;
    assert!(result.is_err());
    let err = result.unwrap_err().to_string();
    assert!(
        err.contains("Check your API key"),
        "should mention API key, got: {err}"
    );
}

#[tokio::test]
async fn network_error_defaults_to_header() {
    // When the server is unreachable, default to header auth
    // rather than failing -- header is the safest default.
    let result =
        detect_auth_method(&test_http_client(), "https://127.0.0.1:1", "test-key", None).await;
    assert!(result.is_ok(), "should default to header, got: {result:?}");
    assert_eq!(result.unwrap(), AuthMethod::Header);
}

#[tokio::test]
async fn whoami_404_no_email_suggests_email_flag() {
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(404))
        .mount(&server)
        .await;

    let result = detect_auth_method(&test_http_client(), &server.uri(), "test-key", None).await;
    assert!(result.is_err());
    let err = result.unwrap_err().to_string();
    assert!(
        err.contains("--email"),
        "should suggest --email flag, got: {err}"
    );
}

#[tokio::test]
async fn valid_login_accepts_integer_result() {
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(404))
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/valid_login"))
        .and(query_param("login", "user@example.com"))
        .and(header(AUTH_HEADER_NAME, "test-key"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": 1})))
        .mount(&server)
        .await;

    let result = detect_auth_method(
        &test_http_client(),
        &server.uri(),
        "test-key",
        Some("user@example.com"),
    )
    .await
    .unwrap();
    assert_eq!(result, AuthMethod::Header);
}

#[tokio::test]
async fn both_methods_fail_with_email() {
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(404))
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/valid_login"))
        .respond_with(
            ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": false})),
        )
        .mount(&server)
        .await;

    let result = detect_auth_method(
        &test_http_client(),
        &server.uri(),
        "test-key",
        Some("bad@example.com"),
    )
    .await;
    assert!(result.is_err());
    let err = result.unwrap_err().to_string();
    // When email IS provided but valid_login still fails, the hint
    // must point at the credentials, NOT suggest --email.
    assert!(
        err.contains("valid_login did not confirm"),
        "expected 'valid_login did not confirm' message; got: {err}"
    );
    assert!(
        !err.contains("--email"),
        "should not suggest --email when email was already provided; got: {err}"
    );
}

#[tokio::test]
async fn whoami_id_zero_is_auth_rejected() {
    // Bugzilla returns `id: 0` for an anonymous (unauthenticated)
    // whoami response. It must not be treated as a successful
    // authentication.
    let server = MockServer::start().await;
    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"id": 0})))
        .mount(&server)
        .await;
    let result = detect_auth_method(&test_http_client(), &server.uri(), "test-key", None).await;
    assert!(result.is_err(), "id=0 must not authenticate");
}

/// Exercises `detect_server_settings`: probes auth and version without Config.
#[tokio::test]
async fn detect_server_settings_returns_all_fields() {
    let server = MockServer::start().await;

    // whoami succeeds with header auth
    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"id": 1})))
        .mount(&server)
        .await;

    // version endpoint returns 5.1.2 -> REST mode
    Mock::given(method("GET"))
        .and(path("/rest/version"))
        .respond_with(
            ResponseTemplate::new(200).set_body_json(serde_json::json!({"version": "5.1.2"})),
        )
        .mount(&server)
        .await;

    let detected = detect_server_settings(
        &server.uri(),
        "test-key",
        None,
        &crate::tls::TlsConfig::default(),
    )
    .await
    .unwrap();
    assert_eq!(detected.auth_method, AuthMethod::Header);
    assert_eq!(detected.api_mode, ApiMode::Rest);
    assert_eq!(detected.server_version.as_deref(), Some("5.1.2"));
}

#[tokio::test]
async fn invalid_api_key_characters_are_rejected() {
    let server = MockServer::start().await;
    let result = detect_auth_method(
        &test_http_client(),
        &server.uri(),
        "bad\nkey",
        Some("user@test"),
    )
    .await;
    assert!(result.is_err());
    assert!(result
        .unwrap_err()
        .to_string()
        .contains("invalid API key characters"));
}

#[tokio::test]
async fn detect_server_settings_keeps_version_none_when_probe_fails() {
    let server = MockServer::start().await;

    Mock::given(method("GET"))
        .and(path("/rest/whoami"))
        .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"id": 1})))
        .expect(1)
        .mount(&server)
        .await;

    Mock::given(method("GET"))
        .and(path("/rest/version"))
        .respond_with(ResponseTemplate::new(200).set_body_string("not json"))
        .expect(1)
        .mount(&server)
        .await;

    let detected = detect_server_settings(
        &server.uri(),
        "test-key",
        None,
        &crate::tls::TlsConfig::default(),
    )
    .await
    .unwrap();
    assert_eq!(detected.auth_method, AuthMethod::Header);
    assert_eq!(detected.api_mode, ApiMode::Hybrid);
    assert!(detected.server_version.is_none());
}