cli: extend the CLI to support both email/password and API token based access

martonilles · martonilles · commit 75250a29183c · 2023-10-31T21:54:58.000+01:00
It is not possible to mix the two, so we need to prompt the user in case
of invalid access or missing argument.
diff --git a/onekey_client/cli/cli.py b/onekey_client/cli/cli.py
@@ -23,22 +23,39 @@
     help="Disable verifying server certificate, use only for testing",
     is_flag=True,
 )
-@click.option(
-    "--email", help="Email to authenticate on the ONEKEY platform", required=True
-)
+@click.option("--email", help="Email to authenticate on the ONEKEY platform")
 @click.option(
     "--password",
     hide_input=True,
-    required=True,
-    prompt=True,
     help="Password to authenticate on the ONEKEY platform",
 )
-@click.option(
-    "--tenant", "tenant_name", required=True, help="Tenant name on ONEKEY platform"
-)
+@click.option("--tenant", "tenant_name", help="Tenant name on ONEKEY platform")
+@click.option("--token", help="API token to authenticate on the ONEKEY platform")
 @click.pass_context
-def cli(ctx, api_url, disable_tls_verify, email, password, tenant_name):
+def cli(ctx, api_url, disable_tls_verify, email, password, tenant_name, token):
     client = Client(api_url=api_url, disable_tls_verify=disable_tls_verify)
+    if token is not None and (
+        email is not None or password is not None or tenant_name is not None
+    ):
+        click.echo(
+            "Invalid authentication details, either specify token or email/password/tenant, but not both!"
+        )
+        sys.exit(1)
+
+    if token is None and (email is None or password is None or tenant_name is None):
+        click.echo(
+            "Invalid authentication details, specify email, password and tenant, if token is not specified!"
+        )
+        sys.exit(1)
+
+    if token is not None:
+        login_with_token(client, token, api_url)
+    else:
+        login_with_email(client, email, password, tenant_name, api_url)
+    ctx.obj = client
+
+
+def login_with_email(client, email, password, tenant_name, api_url):
     try:
         client.login(email, password)
     except httpx.HTTPStatusError as e:
@@ -62,7 +79,20 @@ def cli(ctx, api_url, disable_tls_verify, email, password, tenant_name):
         sys.exit(3)
 
     client.use_tenant(tenant)
-    ctx.obj = client
+
+
+def login_with_token(client, token, api_url):
+    try:
+        client.use_token(token)
+    except httpx.HTTPStatusError as e:
+        if e.response.status_code == httpx.codes.UNAUTHORIZED:
+            click.echo(f"Authentication failed with token on {api_url}")
+            sys.exit(1)
+        else:
+            click.echo(
+                f"Error connecting to ONEKEY platform: '{api_url}', error: {e.response.status_code}"
+            )
+            sys.exit(2)
 
 
 cli.add_command(list_tenants)
