Fix oauth token state lookup

Author: ericmj

lib/hex/oauth.ex

@@ -10,9 +10,8 @@ defmodule Hex.OAuth do
   Returns {:error, :no_auth} if no tokens are available.
 
   Since we now use 2FA for write operations, we use a single token for both read and write.
-  The permission parameter is kept for backward compatibility but is no longer used.
   """
-  def get_token(permission) when permission in [:read, :write] do
+  def get_token do
     case get_stored_token() do
       nil ->
         {:error, :no_auth}
@@ -61,10 +60,8 @@ defmodule Hex.OAuth do
 
   @doc """
   Refreshes the stored OAuth token.
-
-  The permission parameter is kept for backward compatibility but is no longer used.
   """
-  def refresh_token(permission) when permission in [:read, :write] do
+  def refresh_token do
     case get_stored_token() do
       nil ->
         {:error, :no_auth}
@@ -128,7 +125,7 @@ defmodule Hex.OAuth do
   end
 
   defp refresh_token_if_possible(token_data) do
-    case refresh_token(:write) do
+    case refresh_token() do
       {:ok, access_token} ->
         {:ok, access_token}
 

lib/hex/state.ex

@@ -15,8 +15,8 @@ defmodule Hex.State do
     api_otp: %{
       env: ["HEX_OTP"]
     },
-    oauth_tokens: %{
-      config: [:"$oauth_tokens"]
+    oauth_token: %{
+      config: [:"$oauth_token"]
     },
     api_url: %{
       env: ["HEX_API_URL", "HEX_API"],

lib/mix/tasks/hex.ex

@@ -351,12 +351,20 @@ defmodule Mix.Tasks.Hex do
     |> String.trim()
   end
 
-  @doc false
+  @doc """
+  Returns authentication info for the given operation type.
+
+  The permission parameter determines whether to include OTP for 2FA:
+  - :write - includes OTP if available (required for write operations with 2FA)
+  - :read - does not include OTP
+
+  Both read and write operations use the same OAuth token.
+  """
   def auth_info(permission, opts \\ [])
 
   def auth_info(:write, opts) do
     # Try OAuth tokens first
-    case Hex.OAuth.get_token(:write) do
+    case Hex.OAuth.get_token() do
       {:ok, access_token} ->
         # Don't prompt for OTP upfront - will be prompted if server requires it
         otp = Hex.State.fetch!(:api_otp)
@@ -403,7 +411,7 @@ defmodule Mix.Tasks.Hex do
 
   def auth_info(:read, opts) do
     # Try OAuth tokens first
-    case Hex.OAuth.get_token(:read) do
+    case Hex.OAuth.get_token() do
       {:ok, access_token} ->
         [key: access_token, oauth: true]
 
@@ -448,8 +456,8 @@ defmodule Mix.Tasks.Hex do
     if authenticate? do
       case auth() do
         {:ok, _tokens} ->
-          # Auth succeeded, try to get write token
-          case Hex.OAuth.get_token(:write) do
+          # Auth succeeded, try to get token
+          case Hex.OAuth.get_token() do
             {:ok, access_token} ->
               # Don't prompt for OTP upfront - will be prompted if server requires it
               otp = Hex.State.fetch!(:api_otp)

test/hex/oauth_test.exs

@@ -1,10 +1,9 @@
 defmodule Hex.OAuthTest do
   use HexTest.IntegrationCase
 
-  describe "get_token/1" do
+  describe "get_token/0" do
     test "returns error when no tokens are stored" do
-      assert {:error, :no_auth} = Hex.OAuth.get_token(:read)
-      assert {:error, :no_auth} = Hex.OAuth.get_token(:write)
+      assert {:error, :no_auth} = Hex.OAuth.get_token()
     end
 
     test "returns valid token when available and not expired" do
@@ -18,9 +17,7 @@ defmodule Hex.OAuthTest do
 
       Hex.OAuth.store_token(token_data)
 
-      # Same token for both read and write
-      assert {:ok, "test_token"} = Hex.OAuth.get_token(:read)
-      assert {:ok, "test_token"} = Hex.OAuth.get_token(:write)
+      assert {:ok, "test_token"} = Hex.OAuth.get_token()
     end
 
     test "returns error when token is expired and no refresh possible" do
@@ -33,7 +30,7 @@ defmodule Hex.OAuthTest do
 
       Hex.OAuth.store_token(token_data)
 
-      assert {:error, :token_expired} = Hex.OAuth.get_token(:read)
+      assert {:error, :token_expired} = Hex.OAuth.get_token()
     end
 
     test "returns error when token is expired and refresh fails" do
@@ -48,7 +45,7 @@ defmodule Hex.OAuthTest do
       Hex.OAuth.store_token(token_data)
 
       # Should fail to refresh and return error
-      assert {:error, :refresh_failed} = Hex.OAuth.get_token(:write)
+      assert {:error, :refresh_failed} = Hex.OAuth.get_token()
     end
   end
 
@@ -190,7 +187,7 @@ defmodule Hex.OAuthTest do
     end
   end
 
-  describe "refresh_token/1" do
+  describe "refresh_token/0" do
     test "returns error when no refresh token available" do
       token_data = %{
         "access_token" => "token_without_refresh",
@@ -199,11 +196,11 @@ defmodule Hex.OAuthTest do
 
       Hex.OAuth.store_token(token_data)
 
-      assert {:error, :no_refresh_token} = Hex.OAuth.refresh_token(:write)
+      assert {:error, :no_refresh_token} = Hex.OAuth.refresh_token()
     end
 
     test "returns error when no tokens stored" do
-      assert {:error, :no_auth} = Hex.OAuth.refresh_token(:read)
+      assert {:error, :no_auth} = Hex.OAuth.refresh_token()
     end
   end
 end

test/mix/tasks/hex.user_test.exs

@@ -440,8 +440,9 @@ defmodule Mix.Tasks.Hex.UserTest do
       assert Hex.OAuth.has_tokens?()
 
       # Retrieve tokens - same token for both read and write
-      assert {:ok, "write_access"} = Hex.OAuth.get_token(:write)
-      assert {:ok, "write_access"} = Hex.OAuth.get_token(:read)
+      # Same token is returned for both read and write operations
+      assert {:ok, "write_access"} = Hex.OAuth.get_token()
+      assert {:ok, "write_access"} = Hex.OAuth.get_token()
 
       # Clear tokens
       Hex.OAuth.clear_tokens()

test/support/case.ex

@@ -254,7 +254,7 @@ defmodule HexTest.Case do
     Hex.State.put(:data_home, Path.expand("../../tmp/hex_data_home", __DIR__))
     Hex.State.put(:api_url, "http://localhost:4043/api")
     Hex.State.put(:api_key, nil)
-    Hex.State.put(:oauth_tokens, nil)
+    Hex.State.put(:oauth_token, nil)
     Hex.State.update!(:repos, &put_in(&1["hexpm"].url, "http://localhost:4043/repo"))
     Hex.State.update!(:repos, &put_in(&1["hexpm"].public_key, public_key))
     Hex.State.update!(:repos, &put_in(&1["hexpm"].auth_key, nil))