bzr 0.4.4

A CLI for Bugzilla, inspired by gh
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

use reqwest::header::HeaderValue;
use serde::Deserialize;

use crate::http::{AUTH_HEADER_NAME, AUTH_QUERY_PARAM};
use crate::types::AuthMethod;

#[derive(Deserialize)]
struct WhoamiProbeResponse {
    #[serde(default)]
    id: u64,
}

pub(super) enum WhoamiOutcome {
    Authenticated(AuthMethod),
    NotFound,
    /// Server responded but auth was rejected (e.g. 401) or credentials were not accepted.
    AuthRejected,
    /// Server returned 200 but the response body was unparseable or anomalous.
    UnparseableResponse,
    /// Could not reach the server at all (network/TLS/timeout).
    NetworkError,
}

pub(super) async fn detect_whoami_auth(
    http: &reqwest::Client,
    base: &str,
    api_key: &str,
    key_header: &HeaderValue,
) -> WhoamiOutcome {
    let url = format!("{base}/rest/whoami");

    // Probe: header-based auth
    let header_req = http.get(&url).header(AUTH_HEADER_NAME, key_header.clone());
    let outcome = probe_whoami(header_req, AuthMethod::Header).await;
    match outcome {
        WhoamiOutcome::AuthRejected | WhoamiOutcome::UnparseableResponse => {} // try query-param next
        other => return other,
    }

    // Probe: query-param auth
    let query_req = http.get(&url).query(&[(AUTH_QUERY_PARAM, api_key)]);
    probe_whoami(query_req, AuthMethod::QueryParam).await
}

async fn probe_whoami(request: reqwest::RequestBuilder, method: AuthMethod) -> WhoamiOutcome {
    let resp = match request.send().await {
        Ok(r) => r,
        Err(e) => {
            super::log_probe_send_error("whoami", method, &e);
            return WhoamiOutcome::NetworkError;
        }
    };

    let status = resp.status();
    let body = resp.text().await.unwrap_or_else(|e| {
        tracing::warn!("failed to read whoami response body: {e}");
        String::new()
    });
    tracing::trace!(probe = "whoami", %method, %status, body, "auth probe response");
    if status.is_success() {
        if let Ok(parsed) = serde_json::from_str::<WhoamiProbeResponse>(&body) {
            if parsed.id > 0 {
                return WhoamiOutcome::Authenticated(method);
            }
            // id==0 means unauthenticated/anonymous — treat as auth rejection.
            return WhoamiOutcome::AuthRejected;
        }
        // 200 OK but body is not valid whoami JSON — server is behaving unexpectedly.
        tracing::debug!(%method, "whoami returned 200 but body is not valid whoami JSON");
        return WhoamiOutcome::UnparseableResponse;
    }
    if status == reqwest::StatusCode::NOT_FOUND {
        tracing::debug!("rest/whoami not available on this server");
        return WhoamiOutcome::NotFound;
    }
    tracing::debug!(%status, %method, "whoami auth probe failed");
    WhoamiOutcome::AuthRejected
}

#[cfg(test)]
#[path = "whoami_tests.rs"]
mod tests;