Skip to content

fix multi-stage mfa#119

Merged
matin merged 4 commits intomainfrom
refactor_resume_login
Jun 3, 2025
Merged

fix multi-stage mfa#119
matin merged 4 commits intomainfrom
refactor_resume_login

Conversation

@matin
Copy link
Copy Markdown
Owner

@matin matin commented Jun 3, 2025
edited
Loading

The previous code was reusing the CSRF from a previous request when resuming the MFA for multi-stage cases.

This should resolve the issue for the following cases:

  1. 2FA failing sync ? chloevoyer/garmin-to-notion#26
  2. One time password result in unexpected error cyberjunky/home-assistant-garmin_connect#295
  3. [BUG]: Garmin Connect does not work after some days endurain-project/endurain#178

Summary by CodeRabbit

  • Refactor
    • Streamlined login and multi-factor authentication (MFA) process for improved consistency and simplicity.
  • Bug Fixes
    • Removed unnecessary details from MFA responses during login.
  • Tests
    • Added test to handle MFA failure scenarios and updated existing tests to align with MFA response changes.
  • Chores
    • Updated version number to 0.5.13.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Jun 3, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

The _complete_login function in the SSO module was refactored to remove its html parameter, now extracting required data internally. MFA handling was centralized, eliminating redundant CSRF token management and manual POSTs. Related test cases were updated to reflect the removal of the "csrf_token" key from MFA-related return values. The version was incremented.

Changes

File(s) Change Summary
src/garth/sso.py Refactored _complete_login to remove html parameter; centralized MFA handling; updated login and resume_login logic.
src/garth/version.py Updated version from "0.5.12" to "0.5.13".
tests/test_http.py, tests/test_sso.py Removed assertions checking for "csrf_token" in MFA-related login return values; added test for MFA failure case.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Client
    participant SSO

    User->>Client: Initiate login with credentials
    Client->>SSO: Send login request
    SSO-->>Client: Respond (may require MFA)
    alt MFA required
        Client-->>User: Prompt for MFA code
        User->>Client: Provide MFA code
        Client->>SSO: Submit MFA code
        SSO-->>Client: Respond with login ticket
        Client->>Client: _complete_login() (extracts ticket internally)
    else Login success
        Client->>Client: _complete_login() (extracts ticket internally)
    end
    Client-->>User: Return login result (no csrf_token in MFA state)
Loading

Possibly related PRs

  • support return_on_mfa #84: Introduced and structured the MFA flow, including return_on_mfa and resume_login, which are directly refactored in this PR.
  • Fixes for return_on_mfa code #92: Changed the MFA return type and updated related control flow and tests, overlapping with this PR’s refactor of MFA handling and login processing.

Suggested reviewers

  • felipao-mx
📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88e0bdf and eda3b1d.

⛔ Files ignored due to path filters (1)
  • tests/cassettes/test_login_mfa_fail.yaml is excluded by !tests/**/cassettes/**
📒 Files selected for processing (1)
  • tests/test_sso.py (1 hunks)
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@codecov
Copy link
Copy Markdown

codecov bot commented Jun 3, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (517eeed) to head (eda3b1d).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main      #119   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           41        41           
  Lines         1772      1772           
=========================================
  Hits          1772      1772
Flag Coverage Δ
unittests 100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

coderabbitai[bot]
coderabbitai bot reviewed Jun 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
src/garth/version.py (1)

1-2: Consider adding a module docstring.

While not critical, adding a brief module docstring would improve code documentation.

+"""Version information for the garth package."""
 __version__ = "0.5.13"
🧰 Tools
🪛 Pylint (3.3.7)

[convention] 1-1: Missing module docstring

(C0114)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 517eeed and 88e0bdf.

📒 Files selected for processing (4)
  • src/garth/sso.py (2 hunks)
  • src/garth/version.py (1 hunks)
  • tests/test_http.py (0 hunks)
  • tests/test_sso.py (0 hunks)
💤 Files with no reviewable changes (2)
  • tests/test_sso.py
  • tests/test_http.py
🧰 Additional context used
🪛 Pylint (3.3.7)
src/garth/version.py

[convention] 1-1: Missing module docstring

(C0114)

🪛 GitHub Check: codecov/patch
src/garth/sso.py

[warning] 130-130: src/garth/sso.py#L130
Added line #L130 was not covered by tests

🔇 Additional comments (3)
src/garth/version.py (1)

1-1: LGTM! Version bump is appropriate for the MFA refactoring.

The version increment correctly reflects the changes made to the MFA handling logic.

🧰 Tools
🪛 Pylint (3.3.7)

[convention] 1-1: Missing module docstring

(C0114)

src/garth/sso.py (2)

235-236: Great simplification of the MFA resumption logic!

The refactored resume_login function now properly delegates MFA handling to the handle_mfa function and uses the centralized _complete_login logic. This eliminates the redundant CSRF token extraction and manual POST requests that were causing the token reuse issues.

239-259:

Details

❓ Verification inconclusive

Well-implemented centralized login completion logic!

The refactored _complete_login function effectively consolidates the ticket extraction and login completion process. The use of client.last_resp.text ensures the function works with the most recent response, preventing stale data issues.

Key improvements:

  • Single responsibility: only handles login completion
  • Eliminates parameter passing of potentially stale HTML content
  • Proper error handling for ticket extraction
  • Clear separation of concerns

Verify that client.last_resp.text always contains the expected ticket format across different authentication flows:

🏁 Script executed:

#!/bin/bash
# Description: Verify ticket extraction pattern usage across the codebase
# Expected: Find all places where ticket extraction is used to ensure consistency

rg -A 3 -B 3 "embed\?ticket=" src/

Length of output: 36

Please verify that client.last_resp.text always contains the ticket pattern across all authentication flows

I ran the suggested search:

rg -A3 -B3 'embed\?ticket=' src/

and didn’t find any other occurrences of this pattern. If your SSO implementation includes additional endpoints or variations in how the ticket is embedded, please confirm that they all match this regex or adjust the pattern as needed.

@matin matin merged commit 26b5e2e into main Jun 3, 2025
21 checks passed
@matin matin deleted the refactor_resume_login branch June 3, 2025 04:50
This was referenced Jun 3, 2025
Closed
Closed
Closed
Closed
Merged
@matin matin changed the title Refactor multi-stage mfa fix multi-stage mfa Jun 3, 2025
@coderabbitai coderabbitai bot mentioned this pull request Sep 6, 2025
Closed
This was referenced Mar 18, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matin