From 11af4ef991991cc3ecd3c97ed6a87dce409bf07e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wilson=20J=C3=BAnior?= <wilsonpjunior@gmail.com>
Date: Mon, 18 Mar 2024 10:47:46 -0300
Subject: [PATCH] disable retry login when envvar TSURU_TOKEN is set

---
 tsuru/client/shell_test.go |  2 +-
 tsuru/http/client_test.go  |  2 +-
 tsuru/http/transport.go    | 34 ++++++++++++++++++++++------------
 tsuru/main.go              | 34 +++++++++++++++++++++-------------
 4 files changed, 45 insertions(+), 27 deletions(-)

diff --git a/tsuru/client/shell_test.go b/tsuru/client/shell_test.go
index 14189435..c69a9ac9 100644
--- a/tsuru/client/shell_test.go
+++ b/tsuru/client/shell_test.go
@@ -150,5 +150,5 @@ func (s *S) TestShellToContainerSessionExpired(c *check.C) {
 	s.setupFakeTransport(&transport)
 	err = command.Run(&context)
 	c.Assert(err, check.NotNil)
-	c.Assert(err, check.ErrorMatches, ".*unauthorized")
+	c.Assert(err, check.ErrorMatches, ".*Unauthorized")
 }
diff --git a/tsuru/http/client_test.go b/tsuru/http/client_test.go
index 9a72445c..23b6a924 100644
--- a/tsuru/http/client_test.go
+++ b/tsuru/http/client_test.go
@@ -159,7 +159,7 @@ func (s *S) TestShouldHandleUnauthorizedErrorSpecially(c *check.C) {
 	c.Assert(err, check.IsNil)
 	var buf bytes.Buffer
 	client := NewTerminalClient(TerminalClientOptions{
-		RoundTripper: &cmdtest.Transport{Message: "You can't do this", Status: http.StatusUnauthorized},
+		RoundTripper: &cmdtest.Transport{Message: "unauthorized", Status: http.StatusUnauthorized},
 
 		Stdout:        &buf,
 		ClientName:    "test",
diff --git a/tsuru/http/transport.go b/tsuru/http/transport.go
index ded69904..61cf70cf 100644
--- a/tsuru/http/transport.go
+++ b/tsuru/http/transport.go
@@ -10,7 +10,6 @@ import (
 	"io"
 	"net/http"
 	"net/http/httputil"
-	"net/url"
 	"os"
 	"strconv"
 
@@ -107,10 +106,7 @@ func (v *TerminalRoundTripper) RoundTrip(req *http.Request) (*http.Response, err
 	if !validateVersion(supported, v.CurrentVersion) {
 		fmt.Fprintf(v.Stderr, invalidVersionFormat, v.Progname, supported, v.CurrentVersion)
 	}
-	if response.StatusCode == http.StatusUnauthorized {
-		fmt.Fprintln(v.Stderr, "Session expired")
-		return nil, errUnauthorized
-	}
+
 	if response.StatusCode > 399 {
 		err := &tsuruerr.HTTP{
 			Code:    response.StatusCode,
@@ -136,18 +132,16 @@ func detectClientError(err error) error {
 	detectErr := func(e error) error {
 		target, _ := config.ReadTarget()
 
-		switch e.(type) {
+		switch e := e.(type) {
+		case *tsuruerr.HTTP:
+			return errors.Wrapf(e, "Error received from tsuru server (%s), %d", target, e.Code)
 		case x509.UnknownAuthorityError:
 			return errors.Wrapf(e, "Failed to connect to tsuru server (%s)", target)
 		}
 		return errors.Wrapf(e, "Failed to connect to tsuru server (%s), it's probably down", target)
 	}
 
-	if urlErr, ok := err.(*url.Error); ok {
-		return detectErr(urlErr.Err)
-	}
-
-	return detectErr(err)
+	return detectErr(UnwrapErr(err))
 }
 
 // validateVersion checks whether current version is greater or equal to
@@ -184,7 +178,23 @@ func (v *TokenV1RoundTripper) RoundTrip(req *http.Request) (*http.Response, erro
 		req.Header.Set("Authorization", "bearer "+token)
 	}
 
-	return roundTripper.RoundTrip(req)
+	response, err := roundTripper.RoundTrip(req)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode == http.StatusUnauthorized {
+		if teamToken := config.ReadTeamToken(); teamToken != "" {
+			fmt.Fprintln(os.Stderr, "Invalid session - maybe invalid defined token on TSURU_TOKEN envvar")
+		} else {
+			fmt.Fprintln(os.Stderr, "Invalid session")
+		}
+
+		return nil, errUnauthorized
+	}
+
+	return response, nil
 }
 
 func NewTokenV1RoundTripper() http.RoundTripper {
diff --git a/tsuru/main.go b/tsuru/main.go
index 198ac307..2bc8d8a4 100644
--- a/tsuru/main.go
+++ b/tsuru/main.go
@@ -229,6 +229,10 @@ Services aren’t managed by tsuru, but by their creators.`)
 	m.Register(&client.ServiceInstanceInfo{})
 	registerExtraCommands(m)
 	m.RetryHook = func(err error) (retry bool) {
+		if teamToken := config.ReadTeamToken(); teamToken != "" {
+			return false
+		}
+
 		mustLogin := false
 
 		err = tsuruHTTP.UnwrapErr(err)
@@ -241,21 +245,25 @@ Services aren’t managed by tsuru, but by their creators.`)
 			mustLogin = true
 		}
 
-		if mustLogin {
-			fmt.Fprintln(os.Stderr, "trying to login again")
-			c := &auth.Login{}
-			loginErr := c.Run(&cmd.Context{
-				Stderr: stderr,
-				Stdout: stdout,
-			})
-
-			if loginErr == nil {
-				initAuthorization() // re-init updated token provider
-				return true
-			}
+		if !mustLogin {
+			return false
+		}
+
+		fmt.Fprintln(os.Stderr, "trying to login again")
+		c := &auth.Login{}
+		loginErr := c.Run(&cmd.Context{
+			Stderr: stderr,
+			Stdout: stdout,
+		})
+
+		if loginErr != nil {
+			fmt.Fprintf(os.Stderr, "Could not login: %s\n", loginErr.Error())
+			return false
 		}
 
-		return false
+		initAuthorization() // re-init updated token provider
+		return true
+
 	}
 	return m
 }