fix: handle authFailure + default openUrls to false

Author: danielroe

app/components/Org/OperationsQueue.vue

@@ -104,9 +104,10 @@ async function handleRetryWithOtp() {
   otpError.value = ''
   otpInput.value = ''
 
-  // First, re-approve all OTP-failed operations
+  // First, re-approve all OTP/auth-failed operations
   const otpFailedOps = activeOperations.value.filter(
-    (op: PendingOperation) => op.status === 'failed' && op.result?.requiresOtp,
+    (op: PendingOperation) =>
+      op.status === 'failed' && (op.result?.requiresOtp || op.result?.authFailure),
   )
   for (const op of otpFailedOps) {
     await retryOperation(op.id)

app/composables/useConnector.ts

@@ -377,20 +377,22 @@ export const useConnector = createSharedComposable(function useConnector() {
   const approvedOperations = computed(() =>
     state.value.operations.filter(op => op.status === 'approved'),
   )
-  /** Operations that are done (completed, or failed without needing OTP retry) */
+  /** Operations that are done (completed, or failed without needing OTP/auth retry) */
   const completedOperations = computed(() =>
     state.value.operations.filter(
-      op => op.status === 'completed' || (op.status === 'failed' && !op.result?.requiresOtp),
+      op =>
+        op.status === 'completed' ||
+        (op.status === 'failed' && !op.result?.requiresOtp && !op.result?.authFailure),
     ),
   )
-  /** Operations that are still active (pending, approved, running, or failed needing OTP retry) */
+  /** Operations that are still active (pending, approved, running, or failed needing OTP/auth retry) */
   const activeOperations = computed(() =>
     state.value.operations.filter(
       op =>
         op.status === 'pending' ||
         op.status === 'approved' ||
         op.status === 'running' ||
-        (op.status === 'failed' && op.result?.requiresOtp),
+        (op.status === 'failed' && (op.result?.requiresOtp || op.result?.authFailure)),
     ),
   )
   const hasOperations = computed(() => state.value.operations.length > 0)

cli/src/npm-client.ts

@@ -160,15 +160,15 @@ export interface ExecNpmOptions {
 /**
  * PTY-based npm execution for interactive commands (uses node-pty).
  *
- * - Web OTP - either opend URL in browser if openUrls is true or passes the URL to frontend. If no auth happend within AUTH_URL_TIMEOUT_MS kills the process to unlock the connector.
+ * - Web OTP - either open URL in browser if openUrls is true or passes the URL to frontend. If no auth happend within AUTH_URL_TIMEOUT_MS kills the process to unlock the connector.
  *
- * - Cli OTP - if we get a classic OTP prompt will either return OTP request to the frontend or will pass sent OTP if its provided
+ * - CLI OTP - if we get a classic OTP prompt will either return OTP request to the frontend or will pass sent OTP if its provided
  */
 async function execNpmInteractive(
   args: string[],
   options: ExecNpmOptions = {},
 ): Promise<NpmExecResult> {
-  const openUrls = options.openUrls !== false
+  const openUrls = options.openUrls === true
 
   // Lazy-load node-pty so the native addon is only required when interactive mode is actually used.
   const pty = await import('@lydell/node-pty')
@@ -187,6 +187,7 @@ async function execNpmInteractive(
     let resolved = false
     let otpPromptSeen = false
     let authUrlSeen = false
+    let enterSent = false
     let authUrlTimeout: ReturnType<typeof setTimeout> | null = null
     let authUrlTimedOut = false
 
@@ -242,7 +243,8 @@ async function execNpmInteractive(
         }
       }
 
-      if (authUrlSeen && openUrls && AUTH_URL_PROMPT_RE.test(cleanAll)) {
+      if (authUrlSeen && openUrls && !enterSent && AUTH_URL_PROMPT_RE.test(cleanAll)) {
+        enterSent = true
         logDebug('Web auth prompt detected, pressing ENTER')
         child.write('\r')
       }