[PM-1165] Handle personal API login errors [cli] (#4866)

* Handle personal API login errors [cli] * Revert misguided generic error handling tweak * Only handle invalid_client errors Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * Typo fix --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2024-12-21 16:18:28 +01:00 · 2023-03-07 13:53:28 -05:00 · 2023-03-07 13:53:28 -05:00 · d7a94c140f
commit d7a94c140f
parent a16d02b39d
1 changed files with 37 additions and 13 deletions
--- a/apps/cli/src/auth/commands/login.command.ts
+++ b/apps/cli/src/auth/commands/login.command.ts
@ -77,6 +77,12 @@ export class LoginCommand {
      const apiIdentifiers = await this.apiIdentifiers();
      clientId = apiIdentifiers.clientId;
      clientSecret = apiIdentifiers.clientSecret;
+      if (clientId == null || clientId.trim() === "") {
+        return Response.badRequest("client_id is required.");
+      }
+      if (clientSecret == null || clientSecret === "") {
+        return Response.badRequest("client_secret is required.");
+      }
    } else if (options.sso != null && this.canInteract) {
      const passwordOptions: any = {
        type: "password",
@ -161,9 +167,23 @@ export class LoginCommand {
        if (!clientId.startsWith("user")) {
          return Response.error("Invalid API Key; Organization API Key currently not supported");
        }
+        try {
          response = await this.authService.logIn(
            new UserApiLogInCredentials(clientId, clientSecret)
          );
+        } catch (e) {
+          // handle API key login failures
+          // Handle invalid client error as server doesn't return a useful message
+          if (
+            e?.response?.error &&
+            typeof e.response.error === "string" &&
+            e.response.error === "invalid_client"
+          ) {
+            return Response.badRequest("client_id or client_secret is incorrect. Try again.");
+          }
+          // Pass error up to be handled by the outer catch block below
+          throw e;
+        }
      } else if (ssoCode != null && ssoCodeVerifier != null) {
        response = await this.authService.logIn(
          new SsoLogInCredentials(
@ -547,7 +567,8 @@ export class LoginCommand {
    let clientSecret: string = null;

    const storedClientSecret: string = this.clientSecret || process.env.BW_CLIENTSECRET;
-    if (this.canInteract && storedClientSecret == null) {
+    if (storedClientSecret == null) {
+      if (this.canInteract) {
        const answer: inquirer.Answers = await inquirer.createPromptModule({
          output: process.stderr,
        })({
@ -557,6 +578,9 @@ export class LoginCommand {
            (isAdditionalAuthentication ? additionalAuthenticationMessage : "") + "client_secret:",
        });
        clientSecret = answer.clientSecret;
+      } else {
+        clientSecret = null;
+      }
    } else {
      clientSecret = storedClientSecret;
    }