chore(auth): update warning message for auth:token (#2750)

* Update warning based on userpass * Add & update tests * Update copy
heroku · Apr 9, 2024 · 4ddead4 · 4ddead4
1 parent 2a72431
commit 4ddead4
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 2 deletions.
diff --git a/packages/cli/src/commands/auth/token.ts b/packages/cli/src/commands/auth/token.ts
@@ -18,10 +18,11 @@ By default, the CLI auth token is only valid for 1 year. To generate a long-live
     try {
       const {body: tokens} = await this.heroku.get<Heroku.OAuthAuthorization>('/oauth/authorizations', {retryAuth: false})
       const token = tokens.find((t: any) => t.access_token && t.access_token.token === this.heroku.auth)
+      const isInternal = token ? token.user.email.includes('@heroku.com') : false
       if (token && token.access_token.expires_in) {
         const d = new Date()
         d.setSeconds(d.getSeconds() + token.access_token.expires_in)
-        this.warn(`token will expire ${formatRelative(d, new Date())}\nUse ${color.cmd('heroku authorizations:create')} to generate a long-term token`)
+        this.warn(`token will expire ${formatRelative(d, new Date())}\n${isInternal ? 'All tokens expire one year after we generate it.' : `To generate a long-lived token, use ${color.cmd('heroku authorizations:create')}.`}`)
       }
     } catch (error: any) {
       this.warn(error)

diff --git a/packages/cli/test/unit/commands/auth/token.unit.test.ts b/packages/cli/test/unit/commands/auth/token.unit.test.ts
@@ -7,7 +7,7 @@ describe('auth:token', () => {
       .get('/oauth/authorizations')
       .reply(200, [
         {access_token: {token: 'somethingelse'}},
-        {access_token: {token: 'foobar', expires_in: 60}},
+        {access_token: {token: 'foobar', expires_in: 60}, user: {email: '[email protected]'}},
         {},
       ]),
     )
@@ -18,4 +18,42 @@ describe('auth:token', () => {
       expect(ctx.stdout).to.equal('foobar\n')
       expect(ctx.stderr).to.contain('Warning: token will expire today')
     })
+
+  test
+    .env({HEROKU_API_KEY: 'foobar'})
+    .nock('https://api.heroku.com', api => api
+      .get('/oauth/authorizations')
+      .reply(200, [
+        {access_token: {token: 'somethingelse'}},
+        {access_token: {token: 'foobar', expires_in: 60}, user: {email: '[email protected]'}},
+        {},
+      ]),
+    )
+    .stdout()
+    .stderr()
+    .command(['auth:token'])
+    .it('shows "long-term" token generation warning for non-internal users', ctx => {
+      expect(ctx.stdout).to.equal('foobar\n')
+      expect(ctx.stderr).to.contain('To generate a long-lived token, use heroku authorizations:create.')
+      expect(ctx.stderr).to.not.contain('All tokens expire one year after we generate it.')
+    })
+
+  test
+    .env({HEROKU_API_KEY: 'foobar'})
+    .nock('https://api.heroku.com', api => api
+      .get('/oauth/authorizations')
+      .reply(200, [
+        {access_token: {token: 'somethingelse'}},
+        {access_token: {token: 'foobar', expires_in: 60}, user: {email: '[email protected]'}},
+        {},
+      ]),
+    )
+    .stdout()
+    .stderr()
+    .command(['auth:token'])
+    .it('shows AT2 token generation warning for internal users', ctx => {
+      expect(ctx.stdout).to.equal('foobar\n')
+      expect(ctx.stderr).to.contain('All tokens expire one year after we generate it.')
+      expect(ctx.stderr).to.not.contain('To generate a long-lived token, use heroku authorizations:create.')
+    })
 })