garmin_cli/cli/commands/
auth.rs

1//! Authentication commands for garmin-cli
2
3use crate::client::{OAuth1Token, OAuth2Token, SsoClient};
4use crate::config::CredentialStore;
5use crate::error::{GarminError, Result};
6use std::io::{self, Write};
7
8/// Execute the login command
9pub async fn login(email: Option<String>, profile: Option<String>) -> Result<()> {
10    let store = CredentialStore::new(profile.clone())?;
11
12    // Check if already logged in
13    if store.has_credentials() {
14        if let Some((_, oauth2)) = store.load_tokens()? {
15            if !oauth2.is_expired() {
16                println!("Already logged in. Use 'garmin auth logout' to log out first.");
17                return Ok(());
18            }
19        }
20    }
21
22    // Get email
23    let email = match email {
24        Some(e) => e,
25        None => {
26            print!("Email: ");
27            io::stdout().flush()?;
28            let mut input = String::new();
29            io::stdin().read_line(&mut input)?;
30            input.trim().to_string()
31        }
32    };
33
34    // Get password
35    let password = rpassword_prompt("Password: ")?;
36
37    println!("Logging in...");
38
39    // Perform login
40    let mut sso_client = SsoClient::new()?;
41    let (oauth1, oauth2) = sso_client
42        .login(&email, &password, Some(prompt_mfa))
43        .await?;
44
45    // Save tokens
46    store.save_tokens(&oauth1, &oauth2)?;
47
48    println!("Successfully logged in!");
49    println!("Profile: {}", store.profile());
50
51    Ok(())
52}
53
54/// Execute the logout command
55pub async fn logout(profile: Option<String>) -> Result<()> {
56    let store = CredentialStore::new(profile)?;
57
58    if !store.has_credentials() {
59        println!("Not logged in.");
60        return Ok(());
61    }
62
63    store.clear()?;
64    // Also try to clear keyring (ignore errors)
65    let _ = store.delete_secret_from_keyring();
66
67    println!("Successfully logged out.");
68    Ok(())
69}
70
71/// Execute the status command
72pub async fn status(profile: Option<String>) -> Result<()> {
73    let store = CredentialStore::new(profile)?;
74
75    if !store.has_credentials() {
76        println!("Status: Not logged in");
77        println!("Run 'garmin auth login' to authenticate.");
78        return Ok(());
79    }
80
81    match store.load_tokens()? {
82        Some((oauth1, oauth2)) => {
83            println!("Status: Logged in");
84            println!("Profile: {}", store.profile());
85
86            if oauth2.is_expired() {
87                println!("Access Token: Expired (will refresh on next request)");
88            } else {
89                let expires_in = oauth2.expires_at - chrono::Utc::now().timestamp();
90                if expires_in > 3600 {
91                    println!(
92                        "Access Token: Valid (expires in {} hours)",
93                        expires_in / 3600
94                    );
95                } else if expires_in > 60 {
96                    println!(
97                        "Access Token: Valid (expires in {} minutes)",
98                        expires_in / 60
99                    );
100                } else {
101                    println!("Access Token: Valid (expires in {} seconds)", expires_in);
102                }
103            }
104
105            if oauth1.mfa_token.is_some() {
106                println!("MFA: Enabled");
107            }
108        }
109        None => {
110            println!("Status: Credentials corrupted");
111            println!("Run 'garmin auth logout' then 'garmin auth login' to fix.");
112        }
113    }
114
115    Ok(())
116}
117
118/// Refresh OAuth2 token using OAuth1 token
119pub async fn refresh_token(store: &CredentialStore) -> Result<(OAuth1Token, OAuth2Token)> {
120    let (oauth1, oauth2) = store.load_tokens()?.ok_or(GarminError::NotAuthenticated)?;
121
122    if !oauth2.is_expired() {
123        return Ok((oauth1, oauth2));
124    }
125
126    println!("Refreshing access token...");
127    let sso_client = SsoClient::new()?;
128    let new_oauth2 = sso_client.refresh_oauth2(&oauth1).await?;
129
130    store.save_oauth2(&new_oauth2)?;
131
132    Ok((oauth1, new_oauth2))
133}
134
135/// Prompt for password without echoing
136fn rpassword_prompt(prompt: &str) -> Result<String> {
137    print!("{}", prompt);
138    io::stdout().flush()?;
139
140    // Use rpassword if available, otherwise just read normally (less secure)
141    let password =
142        rpassword::read_password().map_err(|e| GarminError::Io(io::Error::other(e.to_string())))?;
143
144    Ok(password)
145}
146
147/// Prompt for MFA code
148fn prompt_mfa() -> String {
149    print!("MFA Code: ");
150    io::stdout().flush().unwrap();
151
152    let mut input = String::new();
153    io::stdin().read_line(&mut input).unwrap();
154    input.trim().to_string()
155}
156
157#[cfg(test)]
158mod tests {
159    // Integration tests would go here, but they require actual credentials
160    // For unit testing, we'd use wiremock to mock the SSO endpoints
161}
garmin_cli/cli/commands/auth.rs

garmin_cli/cli/commands/
auth.rs
