Fix re-authentication in retry logic by resolving auth endpoint via Bag()

cmd/download.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"errors"
+	"fmt"
 	"os"
 	"time"
 
@@ -42,7 +43,16 @@ func downloadCmd() *cobra.Command {
 				acc = infoResult.Account
 
 				if errors.Is(lastErr, appstore.ErrPasswordTokenExpired) {
-					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{Email: acc.Email, Password: acc.Password})
+					bagOutput, err := dependencies.AppStore.Bag(appstore.BagInput{})
+					if err != nil {
+						return fmt.Errorf("failed to get bag: %w", err)
+					}
+
+					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{
+						Email:    acc.Email,
+						Password: acc.Password,
+						Endpoint: bagOutput.AuthEndpoint,
+					})
 					if err != nil {
 						return err
 					}
@@ -112,7 +122,7 @@ func downloadCmd() *cobra.Command {
 				retry.LastErrorOnly(true),
 				retry.DelayType(retry.FixedDelay),
 				retry.Delay(time.Millisecond),
-				retry.Attempts(2),
+				retry.Attempts(3),
 				retry.RetryIf(func(err error) bool {
 					lastErr = err
 

cmd/get_version_metadata.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"errors"
+	"fmt"
 	"time"
 
 	"github.com/avast/retry-go"
@@ -37,7 +38,16 @@ func getVersionMetadataCmd() *cobra.Command {
 				acc = infoResult.Account
 
 				if errors.Is(lastErr, appstore.ErrPasswordTokenExpired) {
-					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{Email: acc.Email, Password: acc.Password})
+					bagOutput, err := dependencies.AppStore.Bag(appstore.BagInput{})
+					if err != nil {
+						return fmt.Errorf("failed to get bag: %w", err)
+					}
+
+					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{
+						Email:    acc.Email,
+						Password: acc.Password,
+						Endpoint: bagOutput.AuthEndpoint,
+					})
 					if err != nil {
 						return err
 					}

cmd/list_versions.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"errors"
+	"fmt"
 	"time"
 
 	"github.com/avast/retry-go"
@@ -36,7 +37,16 @@ func ListVersionsCmd() *cobra.Command {
 				acc = infoResult.Account
 
 				if errors.Is(lastErr, appstore.ErrPasswordTokenExpired) {
-					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{Email: acc.Email, Password: acc.Password})
+					bagOutput, err := dependencies.AppStore.Bag(appstore.BagInput{})
+					if err != nil {
+						return fmt.Errorf("failed to get bag: %w", err)
+					}
+
+					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{
+						Email:    acc.Email,
+						Password: acc.Password,
+						Endpoint: bagOutput.AuthEndpoint,
+					})
 					if err != nil {
 						return err
 					}

cmd/purchase.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"errors"
+	"fmt"
 	"time"
 
 	"github.com/avast/retry-go"
@@ -29,7 +30,16 @@ func purchaseCmd() *cobra.Command {
 				acc = infoResult.Account
 
 				if errors.Is(lastErr, appstore.ErrPasswordTokenExpired) {
-					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{Email: acc.Email, Password: acc.Password})
+					bagOutput, err := dependencies.AppStore.Bag(appstore.BagInput{})
+					if err != nil {
+						return fmt.Errorf("failed to get bag: %w", err)
+					}
+
+					loginResult, err := dependencies.AppStore.Login(appstore.LoginInput{
+						Email:    acc.Email,
+						Password: acc.Password,
+						Endpoint: bagOutput.AuthEndpoint,
+					})
 					if err != nil {
 						return err
 					}

pkg/appstore/appstore_bag.go

@@ -32,8 +32,13 @@ func (t *appstore) Bag(input BagInput) (BagOutput, error) {
 		return BagOutput{}, fmt.Errorf("received unexpected status code: %d", res.StatusCode)
 	}
 
+	authEndpoint := res.Data.URLBag.AuthEndpoint
+	if authEndpoint == "" {
+		authEndpoint = fmt.Sprintf("https://%s%s", PrivateAppStoreAPIDomain, PrivateAppStoreAPIPathAuthenticate)
+	}
+
 	return BagOutput{
-		AuthEndpoint: res.Data.URLBag.AuthEndpoint,
+		AuthEndpoint: authEndpoint,
 	}, nil
 }
 

pkg/appstore/appstore_bag_test.go

@@ -85,7 +85,7 @@ var _ = Describe("AppStore (Bag)", func() {
 		})
 	})
 
-	When("request is successful", func() {
+	When("request is successful with authenticateAccount in urlBag", func() {
 		const testAuthEndpoint = "https://example.com"
 
 		BeforeEach(func() {
@@ -117,4 +117,25 @@ var _ = Describe("AppStore (Bag)", func() {
 			Expect(out.AuthEndpoint).To(Equal(testAuthEndpoint))
 		})
 	})
+
+	When("request is successful but authenticateAccount is empty", func() {
+		BeforeEach(func() {
+			mockMachine.EXPECT().
+				MacAddress().
+				Return("aa:bb:cc:dd:ee:ff", nil)
+
+			mockBagClient.EXPECT().
+				Send(gomock.Any()).
+				Return(http.Result[bagResult]{
+					StatusCode: gohttp.StatusOK,
+					Data:       bagResult{},
+				}, nil)
+		})
+
+		It("falls back to hardcoded auth endpoint", func() {
+			out, err := as.Bag(BagInput{})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(out.AuthEndpoint).To(Equal("https://" + PrivateAppStoreAPIDomain + PrivateAppStoreAPIPathAuthenticate))
+		})
+	})
 })

pkg/appstore/appstore_purchase.go

@@ -72,7 +72,7 @@ func (t *appstore) purchaseWithParams(acc Account, app App, guid string, pricing
 		return ErrSubscriptionRequired
 	}
 
-	if res.Data.FailureType == FailureTypePasswordTokenExpired {
+	if res.Data.FailureType == FailureTypePasswordTokenExpired || res.Data.CustomerMessage == CustomerMessagePasswordChanged {
 		return ErrPasswordTokenExpired
 	}
 

pkg/appstore/appstore_purchase_test.go

@@ -152,6 +152,32 @@ var _ = Describe("AppStore (Purchase)", func() {
 		})
 	})
 
+	When("customer message indicates password has changed", func() {
+		BeforeEach(func() {
+			mockMachine.EXPECT().
+				MacAddress().
+				Return("00:00:00:00:00:00", nil)
+
+			mockPurchaseClient.EXPECT().
+				Send(gomock.Any()).
+				Return(http.Result[purchaseResult]{
+					Data: purchaseResult{
+						FailureType:     "some_other_failure",
+						CustomerMessage: CustomerMessagePasswordChanged,
+					},
+				}, nil)
+		})
+
+		It("returns password token expired error", func() {
+			err := as.Purchase(PurchaseInput{
+				Account: Account{
+					StoreFront: "143441",
+				},
+			})
+			Expect(err).To(MatchError(ErrPasswordTokenExpired))
+		})
+	})
+
 	When("store API returns customer error message", func() {
 		BeforeEach(func() {
 			mockMachine.EXPECT().

pkg/appstore/constants.go

@@ -9,6 +9,7 @@ const (
 	CustomerMessageBadLogin             = "MZFinance.BadLogin.Configurator_message"
 	CustomerMessageAccountDisabled      = "Your account is disabled."
 	CustomerMessageSubscriptionRequired = "Subscription Required"
+	CustomerMessagePasswordChanged      = "Your password has changed."
 
 	iTunesAPIDomain     = "itunes.apple.com"
 	iTunesAPIPathSearch = "/search"
@@ -17,8 +18,9 @@ const (
 	PrivateInitDomain = "init." + iTunesAPIDomain
 	PrivateInitPath   = "/bag.xml"
 
-	PrivateAppStoreAPIDomain       = "buy." + iTunesAPIDomain
-	PrivateAppStoreAPIPathPurchase = "/WebObjects/MZFinance.woa/wa/buyProduct"
+	PrivateAppStoreAPIDomain           = "buy." + iTunesAPIDomain
+	PrivateAppStoreAPIPathAuthenticate = "/WebObjects/MZFinance.woa/wa/authenticate"
+	PrivateAppStoreAPIPathPurchase     = "/WebObjects/MZFinance.woa/wa/buyProduct"
 	PrivateAppStoreAPIPathDownload = "/WebObjects/MZFinance.woa/wa/volumeStoreDownloadProduct"
 
 	HTTPHeaderStoreFront = "X-Set-Apple-Store-Front"