refactor(auth): save authType after successfully authenticated (#1036)

2025-12-20 08:47:44 +00:00 · 2025-11-19 11:21:46 +08:00
parent 3ed93d5b5d
commit d0e76c76a8
30 changed files with 822 additions and 518 deletions
--- a/packages/cli/src/ui/auth/useAuth.ts
+++ b/packages/cli/src/ui/auth/useAuth.ts
@@ -6,27 +6,19 @@

 import { useState, useCallback, useEffect } from 'react';
 import type { LoadedSettings, SettingScope } from '../../config/settings.js';
-import type { AuthType, Config } from '@qwen-code/qwen-code-core';
+import type { Config } from '@qwen-code/qwen-code-core';
 import {
+  AuthType,
  clearCachedCredentialFile,
  getErrorMessage,
+  logAuth,
+  AuthEvent,
 } from '@qwen-code/qwen-code-core';
 import { AuthState } from '../types.js';
-import { validateAuthMethod } from '../../config/auth.js';
+import { useQwenAuth } from '../hooks/useQwenAuth.js';
+import type { OpenAICredentials } from '../components/OpenAIKeyPrompt.js';

-export function validateAuthMethodWithSettings(
-  authType: AuthType,
-  settings: LoadedSettings,
-): string | null {
-  const enforcedType = settings.merged.security?.auth?.enforcedType;
-  if (enforcedType && enforcedType !== authType) {
-    return `Authentication is enforced to be ${enforcedType}, but you are currently using ${authType}.`;
-  }
-  if (settings.merged.security?.auth?.useExternal) {
-    return null;
-  }
-  return validateAuthMethod(authType);
-}
+export type { QwenAuthState } from '../hooks/useQwenAuth.js';

 export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
  const unAuthenticated =
@@ -40,6 +32,14 @@ export const useAuthCommand = (settings: LoadedSettings, config: Config) => {

  const [isAuthenticating, setIsAuthenticating] = useState(false);
  const [isAuthDialogOpen, setIsAuthDialogOpen] = useState(unAuthenticated);
+  const [pendingAuthType, setPendingAuthType] = useState<AuthType | undefined>(
+    undefined,
+  );
+
+  const { qwenAuthState, cancelQwenAuth } = useQwenAuth(
+    pendingAuthType,
+    isAuthenticating,
+  );

  const onAuthError = useCallback(
    (error: string | null) => {
@@ -52,90 +52,123 @@ export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
    [setAuthError, setAuthState],
  );

-  // Authentication flow
-  useEffect(() => {
-    const authFlow = async () => {
-      const authType = settings.merged.security?.auth?.selectedType;
-      if (isAuthDialogOpen || !authType) {
-        return;
+  const handleAuthFailure = useCallback(
+    (error: unknown) => {
+      setIsAuthenticating(false);
+      const errorMessage = `Failed to authenticate. Message: ${getErrorMessage(error)}`;
+      onAuthError(errorMessage);
+
+      // Log authentication failure
+      if (pendingAuthType) {
+        const authEvent = new AuthEvent(
+          pendingAuthType,
+          'manual',
+          'error',
+          errorMessage,
+        );
+        logAuth(config, authEvent);
      }
+    },
+    [onAuthError, pendingAuthType, config],
+  );

-      const validationError = validateAuthMethodWithSettings(
-        authType,
-        settings,
-      );
-      if (validationError) {
-        onAuthError(validationError);
-        return;
-      }
-
-      try {
-        setIsAuthenticating(true);
-        await config.refreshAuth(authType);
-        console.log(`Authenticated via "${authType}".`);
-        setAuthError(null);
-        setAuthState(AuthState.Authenticated);
-      } catch (e) {
-        onAuthError(`Failed to login. Message: ${getErrorMessage(e)}`);
-      } finally {
-        setIsAuthenticating(false);
-      }
-    };
-
-    void authFlow();
-  }, [isAuthDialogOpen, settings, config, onAuthError]);
-
-  // Handle auth selection from dialog
-  const handleAuthSelect = useCallback(
+  const handleAuthSuccess = useCallback(
    async (
-      authType: AuthType | undefined,
+      authType: AuthType,
      scope: SettingScope,
-      credentials?: {
-        apiKey?: string;
-        baseUrl?: string;
-        model?: string;
-      },
+      credentials?: OpenAICredentials,
    ) => {
-      if (authType) {
-        await clearCachedCredentialFile();
+      try {
+        settings.setValue(scope, 'security.auth.selectedType', authType);

-        // Save OpenAI credentials if provided
-        if (credentials) {
-          // Update Config's internal generationConfig before calling refreshAuth
-          // This ensures refreshAuth has access to the new credentials
-          config.updateCredentials({
-            apiKey: credentials.apiKey,
-            baseUrl: credentials.baseUrl,
-            model: credentials.model,
-          });
-
-          // Also set environment variables for compatibility with other parts of the code
-          if (credentials.apiKey) {
+        // Only update credentials if not switching to QWEN_OAUTH,
+        // so that OpenAI credentials are preserved when switching to QWEN_OAUTH.
+        if (authType !== AuthType.QWEN_OAUTH && credentials) {
+          if (credentials?.apiKey != null) {
            settings.setValue(
              scope,
              'security.auth.apiKey',
              credentials.apiKey,
            );
          }
-          if (credentials.baseUrl) {
+          if (credentials?.baseUrl != null) {
            settings.setValue(
              scope,
              'security.auth.baseUrl',
              credentials.baseUrl,
            );
          }
-          if (credentials.model) {
+          if (credentials?.model != null) {
            settings.setValue(scope, 'model.name', credentials.model);
          }
+          await clearCachedCredentialFile();
        }
-
-        settings.setValue(scope, 'security.auth.selectedType', authType);
+      } catch (error) {
+        handleAuthFailure(error);
+        return;
      }

-      setIsAuthDialogOpen(false);
      setAuthError(null);
+      setAuthState(AuthState.Authenticated);
+      setPendingAuthType(undefined);
+      setIsAuthDialogOpen(false);
+      setIsAuthenticating(false);
+
+      // Log authentication success
+      const authEvent = new AuthEvent(authType, 'manual', 'success');
+      logAuth(config, authEvent);
    },
-    [settings, config],
+    [settings, handleAuthFailure, config],
+  );
+
+  const performAuth = useCallback(
+    async (
+      authType: AuthType,
+      scope: SettingScope,
+      credentials?: OpenAICredentials,
+    ) => {
+      try {
+        await config.refreshAuth(authType);
+        handleAuthSuccess(authType, scope, credentials);
+      } catch (e) {
+        handleAuthFailure(e);
+      }
+    },
+    [config, handleAuthSuccess, handleAuthFailure],
+  );
+
+  const handleAuthSelect = useCallback(
+    async (
+      authType: AuthType | undefined,
+      scope: SettingScope,
+      credentials?: OpenAICredentials,
+    ) => {
+      if (!authType) {
+        setIsAuthDialogOpen(false);
+        setAuthError(null);
+        return;
+      }
+
+      setPendingAuthType(authType);
+      setAuthError(null);
+      setIsAuthDialogOpen(false);
+      setIsAuthenticating(true);
+
+      if (authType === AuthType.USE_OPENAI) {
+        if (credentials) {
+          config.updateCredentials({
+            apiKey: credentials.apiKey,
+            baseUrl: credentials.baseUrl,
+            model: credentials.model,
+          });
+          await performAuth(authType, scope, credentials);
+        }
+        return;
+      }
+
+      await performAuth(authType, scope);
+    },
+    [config, performAuth],
  );

  const openAuthDialog = useCallback(() => {
@@ -143,8 +176,45 @@ export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
  }, []);

  const cancelAuthentication = useCallback(() => {
+    if (isAuthenticating && pendingAuthType === AuthType.QWEN_OAUTH) {
+      cancelQwenAuth();
+    }
+
+    // Log authentication cancellation
+    if (isAuthenticating && pendingAuthType) {
+      const authEvent = new AuthEvent(pendingAuthType, 'manual', 'cancelled');
+      logAuth(config, authEvent);
+    }
+
+    // Do not reset pendingAuthType here, persist the previously selected type.
    setIsAuthenticating(false);
-  }, []);
+    setIsAuthDialogOpen(true);
+    setAuthError(null);
+  }, [isAuthenticating, pendingAuthType, cancelQwenAuth, config]);
+
+  /**
+   /**
+    * We previously used a useEffect to trigger authentication automatically when
+    * settings.security.auth.selectedType changed. This caused problems: if authentication failed,
+    * the UI could get stuck, since settings.json would update before success. Now, we
+    * update selectedType in settings only when authentication fully succeeds.
+    * Authentication is triggered explicitly—either during initial app startup or when the
+    * user switches methods—not reactively through settings changes. This avoids repeated
+    * or broken authentication cycles.
+    */
+  useEffect(() => {
+    const defaultAuthType = process.env['QWEN_DEFAULT_AUTH_TYPE'];
+    if (
+      defaultAuthType &&
+      ![AuthType.QWEN_OAUTH, AuthType.USE_OPENAI].includes(
+        defaultAuthType as AuthType,
+      )
+    ) {
+      onAuthError(
+        `Invalid QWEN_DEFAULT_AUTH_TYPE value: "${defaultAuthType}". Valid values are: ${[AuthType.QWEN_OAUTH, AuthType.USE_OPENAI].join(', ')}`,
+      );
+    }
+  }, [onAuthError]);

  return {
    authState,
@@ -153,6 +223,8 @@ export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
    onAuthError,
    isAuthDialogOpen,
    isAuthenticating,
+    pendingAuthType,
+    qwenAuthState,
    handleAuthSelect,
    openAuthDialog,
    cancelAuthentication,