fix(auth): resolve per-account credentials in auth export

[haunchen]

Summary

• auth export only checked the legacy credentials.enc path, which no longer exists after multi-account login (credentials are stored per-account as credentials.<b64-email>.enc). This caused a 401 error even when accounts were properly authenticated.
• Use resolve_account() to find the correct per-account credential file, falling back to legacy path when no account registry exists.
• Add --account EMAIL support to auth export for exporting a specific account's credentials.
• Pass global --account flag through to handle_auth_command so gws --account EMAIL auth export also works.

Fixes #179
Related: #220

Test plan

• cargo test — 3 new tests + all existing tests pass
• cargo clippy -- -D warnings — no warnings
• cargo fmt --check — clean
• Manual: gws auth export exports default account credentials
• Manual: gws auth export --account EMAIL exports specific account
• Manual: gws --account EMAIL auth export works via global flag

[changeset-bot]

🦋 Changeset detected

Latest commit: 00a15a1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@googleworkspace/cli	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical authentication issue where the auth export command failed to retrieve credentials for multi-account setups. The changes enable the command to correctly locate and export credentials for specific accounts, enhancing the utility and reliability of the authentication system. It also introduces new command-line options for greater control over credential management.

Highlights

• Per-Account Credential Resolution: The auth export command has been fixed to correctly resolve per-account credentials, addressing an issue where it previously only checked the legacy credentials.enc path, leading to 401 errors after multi-account login.
• Account-Specific Export: Added support for the --account EMAIL flag to auth export, allowing users to specify which account's credentials they wish to export.
• Global Account Flag Integration: The global --account flag is now properly passed through to the handle_auth_command, ensuring that gws --account EMAIL auth export functions as expected.

Changelog

• .changeset/fix-auth-export-multi-account.md
  • Added a new changeset entry documenting the fix for auth export.
• src/auth.rs
  • Increased the visibility of the resolve_account function to pub(crate) to allow its use by other modules within the crate.
• src/auth_commands.rs
  • Modified the handle_auth_command function signature to accept an optional global_account parameter.
  • Updated the usage string for the auth export command to include --account EMAIL and --unmasked options.
  • Refactored the handle_export function to parse --unmasked and --account flags from its arguments, prioritize account resolution based on local and global flags, and load encrypted credentials from the path corresponding to the resolved account.
  • Added three new test cases to verify the behavior of handle_export and handle_auth_command when dealing with non-existent accounts.
  • Updated existing test cases for handle_auth_command to pass None for the newly introduced global_account parameter.
• src/main.rs
  • Modified the call to auth_commands::handle_auth_command to pass the global account flag, integrating global account selection into the authentication command handling.

Activity

• Three new tests were added, and all existing tests passed.
• The code passed cargo clippy -- -D warnings with no warnings.
• The code passed cargo fmt --check with no formatting issues.
• Manual testing was planned for gws auth export for default accounts, gws auth export --account EMAIL for specific accounts, and gws --account EMAIL auth export for global flag usage.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly fixes an issue with auth export in multi-account setups by resolving per-account credentials. It also introduces --account support for the export command, and the changes are logical and well-tested. I've added one comment regarding the argument parsing logic in handle_export, suggesting a more robust implementation to handle invalid arguments and prevent user confusion.

[googleworkspace-bot]

/gemini review

[gemini-code-assist]

Code Review

This pull request correctly addresses an issue with auth export in multi-account setups by resolving the correct per-account credential file. It also adds support for the --account flag to auth export. The changes are well-tested. I've found a critical issue in the new argument parsing logic for handle_export which could lead to incorrect behavior when flags are passed in a certain order. My review includes a suggested fix for this issue.

[googleworkspace-bot]

/gemini review

[gemini-code-assist]

Code Review

This pull request correctly fixes an issue with auth export in multi-account environments by resolving per-account credential files. It also introduces --account support to the export command, which is a great enhancement. The changes are logical and well-tested. I have one suggestion to improve error handling and prevent a potential panic, making the CLI more robust.