tod 0.11.2

An unofficial Todoist command-line client
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320

use futures::lock::Mutex;
use serde::Deserialize;
use uuid::Uuid;

use crate::color::green_string;
use crate::errors::Error;
use crate::tasks::format::maybe_format_url;
use crate::todoist::OAUTH_URL;
use crate::{config::Config, todoist};

use axum::{Router, extract::Query, routing::get};
use std::sync::Arc;
use tokio::sync::oneshot::{self, Sender};

pub const CLIENT_ID: &str = "2696d64dc4f745679e21181c56b489fe";
pub const CLIENT_SECRET: &str = "bfde0d10e3d740beb47f95879881634e";
const FAKE_UUID: &str = "42963283-2bab-4b1f-bad2-278ef2b6ba2c";
const TRANSMIT_ERROR: &str = "Could not transmit";
/// Host to bind the OAuth server to in production.
const PROD_LOCALHOST: &str = "127.0.0.1:8080";
const SCOPE: &str = "data:read_write,data:delete,project:delete";

#[derive(Deserialize, Debug)]
struct Params {
    // returns only in the case of an error
    error: Option<String>,
    // authorization code from which we can get an access token
    code: Option<String>,
    // should match the csrf token we passed in
    state: Option<String>,
}

#[derive(Deserialize, Debug)]
pub struct AccessToken {
    pub access_token: String,
}

pub async fn login(config: &mut Config, test_tx: Option<Sender<()>>) -> Result<String, Error> {
    // Use the provided config, not a new default every time
    let csrf_token = print_oauth_url(config);
    let listener = tokio::net::TcpListener::bind(PROD_LOCALHOST).await?;
    let code = receive_callback(&csrf_token, test_tx, listener)
        .await?
        .code
        .ok_or_else(|| Error::new("params", "no code provided"))?;
    let access_token = todoist::get_access_token(config, &code).await?;
    let result = config.set_token(access_token).await;

    // Print authentication success message to the terminal
    let check = green_string("Authentication Successful!");
    println!("{check}");
    println!("You can now use the `tod` command to manage your Todoist tasks.");

    result
}

fn print_oauth_url(config: &Config) -> String {
    let csrf_token = new_uuid();

    let url = format!(
        "https://todoist.com{OAUTH_URL}?client_id={CLIENT_ID}&scope={SCOPE}&state={csrf_token}"
    );
    let formatted_url = maybe_format_url(&url, config);
    // Don't open the browser in test mode, just print the URL
    if cfg!(test) {
        println!("Please visit the following url to authenticate with Todoist:");
        println!("{formatted_url}");
    } else {
        match open::that(&url) {
            Ok(_) => {
                println!(
                    "Opening {formatted_url} in the default web browser to authenticate with Todoist."
                );
            }
            Err(_) => {
                println!("Please visit the following url to authenticate with Todoist:");
                println!("{formatted_url}");
            }
        }
    }
    csrf_token
}

async fn receive_callback(
    csrf_token: &str,
    tx: Option<Sender<()>>,
    listener: tokio::net::TcpListener,
) -> Result<Params, Error> {
    let (shutdown_tx, shutdown_rx) = oneshot::channel::<()>();
    let shutdown_signal = Arc::new(Mutex::new(Some(shutdown_tx)));

    let (response_tx, response_rx) = oneshot::channel::<Params>();
    let response = Arc::new(Mutex::new(Some(response_tx)));

    let app = Router::new().route(
        "/",
        get(move |Query(params): Query<Params>| async move {
            if let Some(tx) = shutdown_signal.lock().await.take() {
                let _ = tx.send(());
            }

            if let Some(tx) = response.lock().await.take() {
                if let Some(error_message) = params.error.clone() {
                    tx.send(params).expect(TRANSMIT_ERROR);
                    format!("Error from Todoist: {error_message}")
                } else {
                    tx.send(params).expect(TRANSMIT_ERROR);
                    String::from("Success! You can close this window and return to your terminal.")
                }
            } else {
                String::from("Error: Could not get response tx")
            }
        }),
    );
    if let Some(tx) = tx {
        tx.send(()).expect("failed to notify test");
    };
    axum::serve(listener, app)
        .with_graceful_shutdown(async {
            shutdown_rx.await.ok();
        })
        .await?;

    let params = response_rx.await?;

    if let Some(message) = params.error {
        Err(Error::new("oauth get code", &message))
    } else if params.state.clone().unwrap_or_default() == csrf_token {
        Ok(params)
    } else {
        Err(Error::new(
            "oauth get code",
            "state doesn't match csrf token",
        ))
    }
}

pub fn json_to_access_token(json: String) -> Result<AccessToken, Error> {
    let token: AccessToken = serde_json::from_str(&json)?;
    Ok(token)
}

/// Create a new UUID, required for Todoist OAuth
pub fn new_uuid() -> String {
    if cfg!(test) {
        String::from(FAKE_UUID)
    } else {
        Uuid::new_v4().to_string()
    }
}
#[cfg(test)]
mod tests {

    use super::*;
    use crate::test::{self, responses::ResponseFromFile};
    use pretty_assertions::assert_eq;

    #[tokio::test]
    async fn login_test() {
        let mut server = mockito::Server::new_async().await;

        let mock = server
            .mock("POST", "/oauth/access_token")
            .with_status(200)
            .with_header("content-type", "application/json")
            .with_body(ResponseFromFile::AccessToken.read().await)
            .create_async()
            .await;

        let mut config = test::fixtures::config().await.with_mock_url(server.url());

        config
            .clone()
            .create()
            .await
            .expect("Failed to create config asynchronously in oauth test");

        assert_eq!(config.token, Some(String::from("alreadycreated")));
        let (test_tx, test_rx) = oneshot::channel::<()>();
        let login_handle = tokio::spawn(async move {
            login(&mut config, Some(test_tx))
                .await
                .expect("Login async operation failed")
        });

        test_rx
            .await
            .expect("Failed to await test receiver completion");

        let params = [("code", "state"), ("state", FAKE_UUID)];
        let client = reqwest::Client::new();
        let resp = client
            .get("http://127.0.0.1:8080/")
            .query(&params)
            .send()
            .await
            .expect("Failed to send callback");

        assert!(resp.status().is_success());
        let body = resp
            .text()
            .await
            .expect("Failed to get text from response asynchronously");
        assert!(body.contains("Success"));

        let result = login_handle
            .await
            .expect("Failed to await login handle completion");
        assert_eq!(result, String::from(""));
        mock.assert()
    }

    #[tokio::test]
    async fn receive_callback_with_error_param() {
        let (test_tx, test_rx) = oneshot::channel::<()>();
        let csrf_token = new_uuid();

        // Spawn the server on a random port in test mode
        let listener = tokio::net::TcpListener::bind("127.0.0.1:0")
            .await
            .expect("Failed to bind TCP listener asynchronously");
        let port = listener
            .local_addr()
            .expect("Failed to get local address")
            .port();
        // Move a clone into the server task, keep the original for the request
        let server_handle = tokio::spawn({
            let csrf_token = csrf_token.clone();
            async move { receive_callback(&csrf_token, Some(test_tx), listener).await }
        });

        test_rx
            .await
            .expect("Failed to await test receiver completion");

        // Simulate callback with error
        let params = [("error", "access_denied"), ("state", &csrf_token)];
        let client = reqwest::Client::new();
        let resp = client
            .get(format!("http://127.0.0.1:{port}/"))
            .query(&params)
            .send()
            .await
            .expect("Failed to send callback");

        assert!(resp.status().is_success());
        let body = resp
            .text()
            .await
            .expect("Failed to get text from response asynchronously");
        assert!(body.contains("Error"));

        let result = server_handle
            .await
            .expect("Failed to await server handle completion");
        assert!(result.is_err());
        let err = result.expect_err("Expected error result but got success");
        assert!(err.to_string().contains("access_denied"));
    }

    #[tokio::test]
    async fn receive_callback_with_invalid_csrf() {
        let (test_tx, test_rx) = oneshot::channel::<()>();
        let csrf_token = new_uuid();

        // Bind to a random port for the callback server
        let listener = tokio::net::TcpListener::bind("127.0.0.1:0")
            .await
            .expect("Failed to bind TCP listener asynchronously");
        let port = listener
            .local_addr()
            .expect("Failed to get local address")
            .port();
        let server_handle =
            tokio::spawn(
                async move { receive_callback(&csrf_token, Some(test_tx), listener).await },
            );

        test_rx
            .await
            .expect("Failed to await test receiver completion");

        // Simulate callback with mismatched csrf_token
        let params = [("code", "somecode"), ("state", "not-the-csrf-token")];
        let client = reqwest::Client::new();
        let resp = client
            .get(format!("http://127.0.0.1:{port}/"))
            .query(&params)
            .send()
            .await
            .expect("Failed to send callback");

        assert!(resp.status().is_success());

        let result = server_handle
            .await
            .expect("Failed to await server handle completion");
        assert!(result.is_err());
        let err = result.expect_err("Expected error result but got success");
        assert!(
            err.to_string().contains("state doesn't match csrf token"),
            "Unexpected error: {err}"
        );
    }

    #[test]
    fn test_print_oauth_url_returns_csrf_token() {
        // In test mode, new_uuid() returns FAKE_UUID
        let csrf_token = print_oauth_url(&Config::default());
        assert_eq!(csrf_token, FAKE_UUID);

        // Optionally, check that the formatted URL contains the CSRF token
        let expected_url_part = format!("state={FAKE_UUID}");
        let url = format!(
            "https://todoist.com{OAUTH_URL}?client_id={CLIENT_ID}&scope={SCOPE}&state={FAKE_UUID}"
        );
        let formatted_url = maybe_format_url(&url, &Config::default());
        assert!(formatted_url.contains(&expected_url_part));
    }
}