npm - @sap/cli-core - Versions diffs - 2025.12.0 → 2025.14.0 - Mend

@sap/cli-core 2025.12.0 → 2025.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## 2025.13.0
+### Changed
+- The login experience has been improved: When logging in, it is now clearly indicated if a secret for a tenant already exists, and confirmation is requested before overwriting it. Previously, existing secrets were not overwritten, but this was not clearly communicated. The process is now transparent and user-driven, helping to prevent accidental loss of credentials and confusion.
+  Example:
+  ```bash
+  $ <cli> login
+  ? Secret for tenant https://example-tenant.hanacloudservices.cloud.sap already exists. Do you want to overwrite it? › (Y/n)
+  ```
+  After confirming, the CLI will overwrite the existing secret with the new one. If the user chooses not to overwrite, the CLI will exit gracefully without making any changes.
 ## 2025.11.0
 ### Fixed

package/cache/secrets/SecretsStorageImpl.d.ts CHANGED Viewed

@@ -21,4 +21,5 @@ export declare class SecretsStorageImpl implements SecretsStorage {
     private removeUnknownPropertiesFromSecrets;
     synchronizeSecretsToStorage(): Promise<void>;
     getAllSecrets(): ReadonlyArray<Secret>;
+    hasSecretForTenant(tenantUrl: string): boolean;
 }

package/cache/secrets/SecretsStorageImpl.js CHANGED Viewed

@@ -77,7 +77,13 @@ class SecretsStorageImpl {
         let prevSecretIx = this.secrets.findIndex((s) => s.tenantUrl === tenantUrl);
         let newSecret;
         if (prevSecretIx > -1) {
-            newSecret = { ...this.secrets[prevSecretIx], ...secret };
+            // Overwrite the old secret completely except for id and tenantUrl
+            newSecret = {
+                ...secret,
+                id: this.secrets[prevSecretIx].id,
+                tenantUrl,
+                customClient: false,
+            };
             this.secrets[prevSecretIx] = newSecret;
         }
         else {
@@ -136,5 +142,8 @@ class SecretsStorageImpl {
     getAllSecrets() {
         return this.secrets;
     }
+    hasSecretForTenant(tenantUrl) {
+        return this.secrets.some((secret) => secret.tenantUrl === tenantUrl);
+    }
 }
 exports.SecretsStorageImpl = SecretsStorageImpl;

package/commands/handler/authentication/oauth/index.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
 import { Handler } from "../../../../types";
-export declare const create: () => Handler;
+export declare const create: (overrideExisting?: boolean) => Handler;

package/commands/handler/authentication/oauth/index.js CHANGED Viewed

@@ -9,9 +9,9 @@ const tokenProvider_1 = require("./tokenProvider");
 const checkOptionsExistence_1 = require("../../checkOptionsExistence");
 const constants_1 = require("../../../../constants");
 const core_1 = require("../../../../config/core");
-const create = () => {
+const create = (overrideExisting = false) => {
     if ((0, core_1.getAuthenticationMethods)().includes(constants_1.AuthenticationMethod.oauth)) {
-        return (0, error_1.create)("failed to handle OAuth authorization", (0, next_1.create)("commands.handler.authentication.oauth", (0, checkOptionsExistence_1.create)(constants_1.OPTION_PASSCODE), (0, secretsProvider_1.create)(), (0, tokenProvider_1.create)()));
+        return (0, error_1.create)("failed to handle OAuth authorization", (0, next_1.create)("commands.handler.authentication.oauth", (0, checkOptionsExistence_1.create)(constants_1.OPTION_PASSCODE), (0, secretsProvider_1.create)(), (0, tokenProvider_1.create)(overrideExisting)));
     }
     return (0, fail_1.create)();
 };

package/commands/handler/authentication/oauth/tokenProvider/getToken.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
 import { Handler } from "../../../../../types";
-export declare const create: () => Handler;
+export declare const create: (overrideExisting?: boolean) => Handler;

package/commands/handler/authentication/oauth/tokenProvider/getToken.js CHANGED Viewed

@@ -10,30 +10,33 @@ const utils_1 = require("../utils");
 const utils_2 = require("./utils");
 const SecretsStorageSingleton_1 = require("../../../../../cache/secrets/SecretsStorageSingleton");
 const getLogger = () => (0, logger_1.get)("commands.handler.authentication.oauth.tokenProvider.getToken");
-const handler = async () => async () => {
-    const { info: logInfo, debug } = getLogger();
-    logInfo("checking token existence");
-    const secrets = await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.getDefaultSecret();
-    if (!secrets.access_token && !secrets.refresh_token) {
-        debug("access token not available, retrieving token from server");
-        if (secrets.authorization_flow === types_1.GrantType.authorization_code) {
-            const code = await (0, utils_2.getCode)(secrets.authorization_url, secrets.client_id);
-            debug("code received, reading token");
-            await (0, utils_1.readToken)({ code, grant_type: secrets.authorization_flow });
+const createGetTokenHandler = (overrideExisting) => {
+    const handler = async () => async () => {
+        const { info: logInfo, debug } = getLogger();
+        logInfo("checking token existence");
+        const secrets = await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.getDefaultSecret();
+        if (overrideExisting || (!secrets.access_token && !secrets.refresh_token)) {
+            debug(`access token not available or overrideExisting=${overrideExisting}, retrieving token from server`);
+            if (secrets.authorization_flow === types_1.GrantType.authorization_code) {
+                const code = await (0, utils_2.getCode)(secrets.authorization_url, secrets.client_id);
+                debug("code received, reading token");
+                await (0, utils_1.readToken)({ code, grant_type: secrets.authorization_flow });
+            }
+            else if (secrets.authorization_flow === types_1.GrantType.client_credentials) {
+                await (0, utils_1.readToken)({ grant_type: secrets.authorization_flow });
+            }
+            else {
+                throw new Error(`invalid grant type ${secrets.authorization_flow}`);
+            }
         }
-        else if (secrets.authorization_flow === types_1.GrantType.client_credentials) {
-            await (0, utils_1.readToken)({ grant_type: secrets.authorization_flow });
+        else if (secrets.access_token) {
+            debug("token available");
         }
         else {
-            throw new Error(`invalid grant type ${secrets.authorization_flow}`);
+            throw new Error("access token not available");
         }
-    }
-    else if (secrets.access_token) {
-        debug("token available");
-    }
-    else {
-        throw new Error("access token not available");
-    }
+    };
+    return handler;
 };
-const create = () => (0, next_1.create)("commands.handler.authentication.oauth.tokenProvider.getToken", (0, options_1.create)(constants_1.OPTION_CODE), handler);
+const create = (overrideExisting = false) => (0, next_1.create)("commands.handler.authentication.oauth.tokenProvider.getToken", (0, options_1.create)(constants_1.OPTION_CODE), createGetTokenHandler(overrideExisting));
 exports.create = create;

package/commands/handler/authentication/oauth/tokenProvider/index.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
 import { Handler } from "../../../../../types";
-export declare const create: () => Handler;
+export declare const create: (overrideExisting?: boolean) => Handler;

package/commands/handler/authentication/oauth/tokenProvider/index.js CHANGED Viewed

@@ -7,5 +7,5 @@ const or_1 = require("../../../or");
 const refreshToken_1 = require("./refreshToken");
 const setAuthorization_1 = require("./setAuthorization");
 const getToken_1 = require("./getToken");
-const create = () => (0, error_1.create)("failed to handle token", (0, next_1.create)("commands.handler.authentication.oauth.tokenProvider", (0, or_1.create)("commands.handler.authentication.oauth.tokenProvider", (0, getToken_1.create)(), (0, refreshToken_1.create)(true)), (0, setAuthorization_1.create)()));
+const create = (overrideExisting = false) => (0, error_1.create)("failed to handle token", (0, next_1.create)("commands.handler.authentication.oauth.tokenProvider", (0, or_1.create)("commands.handler.authentication.oauth.tokenProvider", (0, getToken_1.create)(overrideExisting), (0, refreshToken_1.create)(true)), (0, setAuthorization_1.create)()));
 exports.create = create;

package/commands/handler/authentication/oauth/utils.js CHANGED Viewed

@@ -16,8 +16,8 @@ const isExpired = (expires_after) => expires_after <= (0, exports.calculateExpir
 exports.isExpired = isExpired;
 const readToken = async (data) => {
     const logger = getLogger();
-    const secrets = await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.getDefaultSecret();
-    if (!secrets.token_url || !secrets.client_id || !secrets.client_secret) {
+    const secret = await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.getDefaultSecret();
+    if (!secret.token_url || !secret.client_id || !secret.client_secret) {
         (0, utils_1.logVerbose)(logger, `The secret is invalid. Either the token URL, client ID, or client secret is missing.` +
             `Please check the secret and login again.`);
         throw new Error("invalid secrets information");
@@ -26,26 +26,26 @@ const readToken = async (data) => {
         ...data,
         response_type: "token",
     };
-    if (!secrets.customClient) {
-        body.client_id = secrets.client_id;
+    if (!secret.customClient) {
+        body.client_id = secret.client_id;
     }
     logger.debug(`reading token`);
     const info = (await (0, http_1.fetch)({
         method: "POST",
-        url: secrets.token_url,
+        url: secret.token_url,
         auth: {
-            username: secrets.client_id,
-            password: secrets.client_secret,
+            username: secret.client_id,
+            password: secret.client_secret,
         },
         headers: {
-            "x-sap-sac-custom-auth": !!secrets.customClient,
+            "x-sap-sac-custom-auth": !!secret.customClient,
             "content-type": "application/x-www-form-urlencoded",
         },
         data: qs_1.default.stringify(body),
     })).data;
     logger.debug(`token received: ${JSON.stringify(info, null, 2)}`);
     await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.storeSecret({
-        ...secrets,
+        ...secret,
         ...info,
         expires_after: (0, exports.calculateExpiresAfter)(info.expires_in),
     });

package/commands/handler/options/utils.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Command } from "commander";
 import { Option } from "../../../types";
 export declare const checkOptions: (options: Array<Option> | Option, command: Command) => Promise<void>;
-export declare const promptForValue: (option: Option) => Promise<string>;
+export declare const promptForValue: <ResponseType = string>(option: Option) => Promise<ResponseType>;
 export declare const setOption: (option: Option, value: string) => void;
 export declare const getValueFromOptionsFile: (filePath: string, { longName }: Option) => Promise<string>;

package/commands/login.command.js CHANGED Viewed

@@ -11,6 +11,7 @@ const options_1 = require("../utils/options");
 const utils_3 = require("../utils/utils");
 const init_command_1 = require("./config.command/cache.command/init.command");
 const handler_1 = require("./handler");
+const utils_4 = require("./handler/options/utils");
 const getLogger = () => (0, logger_1.get)("commands.login");
 const verifyHost = async () => async () => {
     const logger = getLogger();
@@ -25,6 +26,18 @@ const verifyHost = async () => async () => {
     }
 };
 exports.verifyHost = verifyHost;
+const confirmSecretsOverwrite = async (tenantUrl) => {
+    const promptResponse = await (0, utils_4.promptForValue)({
+        prompts: {
+            type: "confirm",
+            message: `Secret for tenant ${tenantUrl} already exists. Do you want to overwrite it?`,
+            initial: true,
+        },
+        longName: "overwrite-secrets",
+        description: `overwrite existing secrets`,
+    });
+    return promptResponse;
+};
 const initializeCache = async () => async () => {
     const { warn, info } = getLogger();
     info("initializing cache after successful login");
@@ -43,6 +56,25 @@ const fetchSupportedBrowsers = async () => {
 const saveSecrets = async () => async () => {
     await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.synchronizeSecretsToStorage();
 };
+const warnIfSecretExists = async () => {
+    return async () => {
+        const logger = getLogger();
+        const tenantUrl = (0, utils_1.getTenantUrl)();
+        const secretsStorage = SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON;
+        if (secretsStorage.hasSecretForTenant &&
+            secretsStorage.hasSecretForTenant(tenantUrl)) {
+            const shouldOverwrite = await confirmSecretsOverwrite(tenantUrl);
+            logger.debug(`user response for overwriting secrets for tenant ${tenantUrl}: ${shouldOverwrite}`);
+            if (!shouldOverwrite) {
+                const message = `Aborted: Secret for tenant ${tenantUrl} already exists and will not be overwritten.`;
+                logger.warn(message);
+                // Do not throw, just log and return
+                return;
+            }
+        }
+        throw new Error(`Warning: Previous login secrets for tenant ${tenantUrl} will be removed and overwritten with new credentials.`);
+    };
+};
 const loginCommand = {
     type: "command",
     command: "login",
@@ -66,6 +98,6 @@ const loginCommand = {
             default: openUtils_1.getDefaultBrowser,
         },
         { ...constants_1.OPTION_AUTHORIZATION_FLOW, hidden: false },
-    ]), (0, handler_1.createMandatoryOptionsHandler)(), exports.verifyHost, (0, handler_1.createOauthHandler)(), initializeCache, saveSecrets),
+    ]), (0, handler_1.createMandatoryOptionsHandler)(), exports.verifyHost, (0, handler_1.createOrHandler)("commands.login", warnIfSecretExists, (0, handler_1.createNextHandler)("commands.login", (0, handler_1.createOauthHandler)(true), initializeCache, saveSecrets))),
 };
 exports.default = loginCommand;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cli-core",
-  "version": "2025.12.0",
+  "version": "2025.14.0",
   "description": "Command-Line Interface (CLI) Core Module",
   "license": "SEE LICENSE IN LICENSE",
   "author": "SAP SE",
@@ -21,9 +21,9 @@
     "axios": "1.9.0",
     "commander": "12.1.0",
     "compare-versions": "6.1.1",
-    "config": "3.3.12",
+    "config": "4.0.0",
     "dotenv": "16.5.0",
-    "form-data": "4.0.2",
+    "form-data": "4.0.3",
     "fs-extra": "11.3.0",
     "https": "1.0.0",
     "https-proxy-agent": "7.0.6",

package/utils/openUtils.js CHANGED Viewed

@@ -33,7 +33,7 @@ const openUrlInBrowser = async (url, queryParameters = {}) => {
     }
     const urlString = u.toString();
     const { debug, error } = getLogger();
-    let browser = await getBrowser();
+    const browser = await getBrowser();
     const open = (await import("open")).default;
     try {
         debug(`Attempting to open browser ${browser} at ${urlString}`);