aptible-cli 0.25.0 → 0.26.2

data/lib/aptible/cli/subcommands/ssh.rb

@@ -10,7 +10,7 @@ module Aptible
             include Helpers::App
             include Helpers::Telemetry
 
-            desc 'ssh [COMMAND]', 'Run a command against an app'
+            desc 'ssh [--app APP] [COMMAND]', 'Run a command against an app'
             long_desc <<-LONGDESC
               Runs an interactive command against a remote Aptible app
 

data/lib/aptible/cli/version.rb

@@ -1,5 +1,5 @@
 module Aptible
   module CLI
-    VERSION = '0.25.0'.freeze
+    VERSION = '0.26.2'.freeze
   end
 end

data/spec/aptible/cli/agent_spec.rb

@@ -428,6 +428,76 @@ describe Aptible::CLI::Agent do
         end
       end
 
+      context 'failed_login_attempt_id handling' do
+        before do
+          allow(subject).to receive(:options)
+            .and_return(email: email, password: password)
+          expect(subject).to receive(:ask).with('2FA Token: ')
+            .once
+            .and_return(token)
+        end
+
+        it 'should extract failed_login_attempt_id when present' do
+          e = make_oauth2_error(
+            'otp_token_required',
+            'failed_login_attempt_id' => 'attempt-123'
+          )
+
+          expect(Aptible::Auth::Token).to receive(:create)
+            .with(email: email, password: password, expires_in: 1.week.seconds)
+            .once
+            .and_raise(e)
+
+          expect(Aptible::Auth::Token).to receive(:create)
+            .with(email: email, password: password, otp_token: token,
+                  previous_login_attempt_id: 'attempt-123',
+                  expires_in: 12.hours.seconds)
+            .once
+            .and_return(token)
+
+          subject.login
+        end
+
+        it 'should handle nil exception_context gracefully' do
+          parsed = { 'error' => 'otp_token_required' }
+          response = double('response',
+                            parsed: parsed,
+                            body: 'error otp_token_required')
+          allow(response).to receive(:error=)
+          e = OAuth2::Error.new(response)
+
+          expect(Aptible::Auth::Token).to receive(:create)
+            .with(email: email, password: password, expires_in: 1.week.seconds)
+            .once
+            .and_raise(e)
+
+          expect(Aptible::Auth::Token).to receive(:create)
+            .with(email: email, password: password, otp_token: token,
+                  expires_in: 12.hours.seconds)
+            .once
+            .and_return(token)
+
+          subject.login
+        end
+
+        it 'should handle missing failed_login_attempt_id gracefully' do
+          e = make_oauth2_error('otp_token_required', {})
+
+          expect(Aptible::Auth::Token).to receive(:create)
+            .with(email: email, password: password, expires_in: 1.week.seconds)
+            .once
+            .and_raise(e)
+
+          expect(Aptible::Auth::Token).to receive(:create)
+            .with(email: email, password: password, otp_token: token,
+                  expires_in: 12.hours.seconds)
+            .once
+            .and_return(token)
+
+          subject.login
+        end
+      end
+
       context 'SSO logins' do
         let(:token) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpZCI6I' }
 

data/spec/aptible/cli/helpers/database_spec.rb

@@ -33,4 +33,122 @@ describe Aptible::CLI::Helpers::Database do
       expect(subject.validate_image_type(pg.type)).to be(true)
     end
   end
+
+  describe '#derive_account_from_conns' do
+    let(:stack) { Fabricate(:stack) }
+    let(:account1) { Fabricate(:account, handle: 'account1', stack: stack) }
+    let(:account2) { Fabricate(:account, handle: 'account2', stack: stack) }
+    let(:app1) { Fabricate(:app, account: account1) }
+    let(:app2) { Fabricate(:app, account: account2) }
+
+    let(:raw_rds_resource) do
+      Fabricate(:external_aws_resource, resource_type: 'aws_rds_db_instance')
+    end
+
+    let(:rds_db) do
+      Aptible::CLI::Helpers::Database::RdsDatabase.new(
+        'aws:rds::test-db',
+        raw_rds_resource.id,
+        raw_rds_resource.created_at,
+        raw_rds_resource
+      )
+    end
+
+    let(:conn1) do
+      double('connection1', present?: true, app: app1)
+    end
+
+    let(:conn2) do
+      double('connection2', present?: true, app: app2)
+    end
+
+    before do
+      allow(app1).to receive(:account).and_return(account1)
+      allow(app2).to receive(:account).and_return(account2)
+    end
+
+    context 'when connections are empty' do
+      it 'returns nil' do
+        raw_rds_resource.instance_variable_set(
+          :@app_external_aws_rds_connections,
+          []
+        )
+
+        result = subject.derive_account_from_conns(rds_db)
+        expect(result).to be_nil
+      end
+    end
+
+    context 'when no preferred account is specified' do
+      it 'returns the account from the first connection' do
+        raw_rds_resource.instance_variable_set(
+          :@app_external_aws_rds_connections,
+          [conn1, conn2]
+        )
+
+        result = subject.derive_account_from_conns(rds_db)
+        expect(result).to eq(account1)
+      end
+
+      it 'handles a single connection' do
+        raw_rds_resource.instance_variable_set(
+          :@app_external_aws_rds_connections,
+          [conn2]
+        )
+
+        result = subject.derive_account_from_conns(rds_db)
+        expect(result).to eq(account2)
+      end
+    end
+
+    context 'when a preferred account is specified' do
+      it 'returns the matching account when found' do
+        raw_rds_resource.instance_variable_set(
+          :@app_external_aws_rds_connections,
+          [conn1, conn2]
+        )
+
+        result = subject.derive_account_from_conns(rds_db, account2)
+        expect(result).to eq(account2)
+      end
+
+      it 'returns nil when no matching connection is found' do
+        account3 = Fabricate(:account, handle: 'account3', stack: stack)
+        raw_rds_resource.instance_variable_set(
+          :@app_external_aws_rds_connections,
+          [conn1, conn2]
+        )
+
+        result = subject.derive_account_from_conns(rds_db, account3)
+        expect(result).to be_nil
+      end
+
+      it 'skips connections where conn.present? is false' do
+        conn_not_present = double('connection_not_present', present?: false)
+        raw_rds_resource.instance_variable_set(
+          :@app_external_aws_rds_connections,
+          [conn_not_present, conn2]
+        )
+
+        result = subject.derive_account_from_conns(rds_db, account2)
+        expect(result).to eq(account2)
+      end
+
+      it 'returns the first matching account when multiple matches exist' do
+        app1_duplicate = Fabricate(:app, account: account1)
+        allow(app1_duplicate).to receive(:account).and_return(account1)
+        conn1_duplicate = double('connection1_dup',
+                                 present?: true,
+                                 app: app1_duplicate)
+
+        raw_rds_resource.instance_variable_set(
+          :@app_external_aws_rds_connections,
+          [conn1, conn1_duplicate]
+        )
+
+        result = subject.derive_account_from_conns(rds_db, account1)
+        expect(result).to eq(account1)
+      end
+    end
+  end
 end

data/spec/aptible/cli/helpers/token_spec.rb

@@ -7,6 +7,10 @@ describe Aptible::CLI::Helpers::Token do
 
   subject { Class.new.send(:include, described_class).new }
 
+  let(:token) { 'test-token' }
+  let(:user) { double('user', id: 'user-id', email: 'test@example.com') }
+  let(:auth_token) { double('auth_token', user: user) }
+
   describe '#save_token / #fetch_token' do
     it 'reads back a token it saved' do
       subject.save_token('foo')
@@ -38,4 +42,70 @@ describe Aptible::CLI::Helpers::Token do
       end
     end
   end
+
+  describe '#current_token' do
+    before do
+      subject.save_token(token)
+    end
+
+    it 'returns the current auth token' do
+      expect(Aptible::Auth::Token).to receive(:current_token)
+        .with(token: token)
+        .and_return(auth_token)
+
+      expect(subject.current_token).to eq(auth_token)
+    end
+
+    it 'raises Thor::Error on 401 unauthorized' do
+      response = Faraday::Response.new(status: 401)
+      error = HyperResource::ClientError.new(
+        '401 (invalid_token) Invalid Token', response: response
+      )
+      expect(Aptible::Auth::Token).to receive(:current_token)
+        .with(token: token)
+        .and_raise(error)
+
+      expect { subject.current_token }
+        .to raise_error(Thor::Error, /Invalid Token/)
+    end
+
+    it 'raises Thor::Error on 403 forbidden' do
+      response = Faraday::Response.new(status: 403)
+      error = HyperResource::ClientError.new('403 (forbidden) Access denied',
+                                             response: response)
+      expect(Aptible::Auth::Token).to receive(:current_token)
+        .with(token: token)
+        .and_raise(error)
+
+      expect { subject.current_token }
+        .to raise_error(Thor::Error, /Access denied/)
+    end
+  end
+
+  describe '#whoami' do
+    before do
+      subject.save_token(token)
+    end
+
+    it 'returns the current user' do
+      expect(Aptible::Auth::Token).to receive(:current_token)
+        .with(token: token)
+        .and_return(auth_token)
+
+      expect(subject.whoami).to eq(user)
+    end
+
+    it 'raises Thor::Error on API error' do
+      response = Faraday::Response.new(status: 401)
+      error = HyperResource::ClientError.new(
+        '401 (invalid_token) Invalid Token', response: response
+      )
+      expect(Aptible::Auth::Token).to receive(:current_token)
+        .with(token: token)
+        .and_raise(error)
+
+      expect { subject.whoami }
+        .to raise_error(Thor::Error, /Invalid Token/)
+    end
+  end
 end