remotivelabs-cli 0.0.42__py3-none-any.whl → 0.1.0__py3-none-any.whl

cli/remotive.py

@@ -1,18 +1,25 @@
+from __future__ import annotations
+
 import os
 from importlib.metadata import version
 
 import typer
 from rich import print as rich_print
+from rich.console import Console
 from trogon import Trogon  # type: ignore
 from typer.main import get_group
 
+from cli.settings.migrate_all_token_files import migrate_any_legacy_tokens
+
 from .broker.brokers import app as broker_app
 from .cloud.cloud_cli import app as cloud_app
 from .connect.connect import app as connect_app
-from .settings.cmd import app as settings_app
+from .settings import settings
 from .tools.tools import app as tools_app
 from .typer import typer_utils
 
+err_console = Console(stderr=True)
+
 if os.getenv("GRPC_VERBOSITY") is None:
     os.environ["GRPC_VERBOSITY"] = "NONE"
 
@@ -25,6 +32,8 @@ For documentation - https://docs.remotivelabs.com
 """,
 )
 
+# settings.set_default_config_as_env()
+
 
 def version_callback(value: bool) -> None:
     if value:
@@ -37,17 +46,33 @@ def test_callback(value: int) -> None:
     if value:
         rich_print(value)
         raise typer.Exit()
-    # if value:
-    #    typer.echo(f"Awesome CLI Version: 0.0.22a")
-    #    raise typer.Exit()
+
+
+def _migrate_old_tokens() -> None:
+    tokens = settings.list_personal_tokens()
+    tokens.extend(settings.list_service_account_tokens())
+    if migrate_any_legacy_tokens(tokens):
+        err_console.print("Migrated old credentials and configuration files, you may need to login again or activate correct credentials")
+
+
+def _set_default_org_as_env() -> None:
+    """
+    If not already set, take the default organisation from file and set as env
+    This has to be done early before it is read
+    """
+    if "REMOTIVE_CLOUD_ORGANIZATION" not in os.environ:
+        org = settings.get_cli_config().get_active_default_organisation()
+        if org is not None:
+            os.environ["REMOTIVE_CLOUD_ORGANIZATION"] = org
 
 
 @app.callback()
 def main(
     _the_version: bool = typer.Option(None, "--version", callback=version_callback, is_eager=False, help="Print current version"),
 ) -> None:
+    _set_default_org_as_env()
+    _migrate_old_tokens()
     # Do other global stuff, handle other global options here
-    return
 
 
 @app.command()
@@ -65,6 +90,5 @@ app.add_typer(
     name="cloud",
     help="Manage resources in RemotiveCloud",
 )
-app.add_typer(settings_app, name="config", help="Manage access tokens")
 app.add_typer(connect_app, name="connect", help="Integrations with other systems")
 app.add_typer(tools_app, name="tools")

cli/settings/__init__.py

@@ -1,5 +1,4 @@
-from cli.settings.cmd import app
 from cli.settings.core import InvalidSettingsFilePathError, Settings, TokenNotFoundError, settings
 from cli.settings.token_file import TokenFile
 
-__all__ = ["app", "settings", "TokenFile", "TokenNotFoundError", "InvalidSettingsFilePathError", "Settings"]
+__all__ = ["settings", "TokenFile", "TokenNotFoundError", "InvalidSettingsFilePathError", "Settings"]

cli/settings/config_file.py

@@ -0,0 +1,92 @@
+from __future__ import annotations
+
+import dataclasses
+import json
+from dataclasses import dataclass
+from json import JSONDecodeError
+from typing import Dict, Optional
+
+from dacite import from_dict
+
+
+def loads(data: str) -> ConfigFile:
+    try:
+        d = json.loads(data)
+        return from_dict(ConfigFile, d)
+    except JSONDecodeError as e:
+        # ErrorPrinter.print_generic_error("Invalid json format, config.json")
+        raise JSONDecodeError(
+            f"File config.json is not valid json, please edit or remove file to have it re-created ({e.msg})", pos=e.pos, doc=e.doc
+        )
+
+
+def dumps(config: ConfigFile) -> str:
+    return json.dumps(dataclasses.asdict(config), default=str)
+
+
+@dataclass
+class Account:
+    credentials_name: str
+    default_organization: Optional[str] = None
+    # Add project as well
+
+
+@dataclass
+class ConfigFile:
+    version: str = "1.0"
+    active: Optional[str] = None
+    accounts: Dict[str, Account] = dataclasses.field(default_factory=dict)
+
+    def get_active_default_organisation(self) -> Optional[str]:
+        active_account = self.get_active()
+        return active_account.default_organization if active_account is not None else None
+
+    def get_active(self) -> Optional[Account]:
+        if self.active is not None:
+            account = self.accounts.get(self.active)
+            if account is not None:
+                return account
+            raise KeyError(f"Activated account {self.active} is not a valid account")
+        return None
+
+    def activate(self, email: str) -> None:
+        account = self.accounts.get(email)
+
+        if account is not None:
+            self.active = email
+        else:
+            raise KeyError(f"Account {email} does not exists")
+
+    def get_account(self, email: str) -> Optional[Account]:
+        if self.accounts:
+            return self.accounts[email]
+        return None
+
+    def remove_account(self, email: str) -> None:
+        if self.accounts:
+            self.accounts.pop(email, None)
+
+    def init_account(self, email: str, token_name: str) -> None:
+        if self.accounts is None:
+            self.accounts = {}
+
+        account = self.accounts.get(email)
+        if not account:
+            account = Account(credentials_name=token_name)
+        else:
+            account.credentials_name = token_name
+        self.accounts[email] = account
+
+    def set_account_field(self, email: str, default_organization: Optional[str] = None) -> ConfigFile:
+        if self.accounts is None:
+            self.accounts = {}
+
+        account = self.accounts.get(email)
+        if not account:
+            raise KeyError(f"Account with email {email} has not been initialized with token")
+
+        # Update only fields explicitly passed
+        if default_organization is not None:
+            account.default_organization = default_organization
+
+        return self

cli/settings/core.py

@@ -1,15 +1,21 @@
 from __future__ import annotations
 
-import datetime
+import os
+import re
 import shutil
+import stat
 import sys
+from dataclasses import dataclass
 from json import JSONDecodeError
 from pathlib import Path
-from typing import Tuple
+from typing import Optional, Tuple, Union
 
 from rich.console import Console
 
+from cli.errors import ErrorPrinter
+from cli.settings import config_file
 from cli.settings import token_file as tf
+from cli.settings.config_file import ConfigFile
 from cli.settings.token_file import TokenFile
 
 err_console = Console(stderr=True)
@@ -19,6 +25,7 @@ CONFIG_DIR_PATH = Path.home() / ".config" / "remotive"
 INCORRECT_CONFIG_DIR_PATH = Path.home() / ".config" / ".remotive"
 DEPRECATED_CONFIG_DIR_PATH = Path.home() / ".remotive"
 
+CLI_CONFIG_FILE_NAME = "config.json"
 ACTIVE_TOKEN_FILE_NAME = "cloud.secret.token"
 PERSONAL_TOKEN_FILE_PREFIX = "personal-token-"
 SERVICE_ACCOUNT_TOKEN_FILE_PREFIX = "service-account-token-"
@@ -31,10 +38,19 @@ class InvalidSettingsFilePathError(Exception):
     """Raised when trying to access an invalid settings file or file path"""
 
 
+class NotFoundError(Exception):
+    """Raised when a token cannot be found in settings"""
+
+
 class TokenNotFoundError(Exception):
     """Raised when a token cannot be found in settings"""
 
 
+@dataclass()
+class CliConfigFile:
+    default_organisation: Union[str, None]
+
+
 class Settings:
     """
     Settings for the remotive CLI
@@ -45,8 +61,8 @@ class Settings:
     def __init__(self, config_dir: Path, deprecated_config_dirs: list[Path] | None = None) -> None:
         self.config_dir = config_dir
         self._active_secret_token_path = self.config_dir / ACTIVE_TOKEN_FILE_NAME
+        self._cli_config = self.config_dir / CLI_CONFIG_FILE_NAME
 
-        # no migration of deprecated config dirs if the new config dir already exists
         if self.config_dir.exists():
             return
 
@@ -56,6 +72,48 @@ class Settings:
             for deprecated_config_dir in deprecated_config_dirs:
                 self._migrate_legacy_config_dir(deprecated_config_dir)
 
+    # def _write_properties(self, filepath: Path, props: CliConfigFile) -> None:
+    #    with open(filepath, "w", encoding="utf-8") as file:
+    #        # keys = sorted(props.keys()) if sort_keys else props.keys()
+    #        # for key in keys:
+    #        file.write(f"default_organisation={props.default_organisation}\n")
+
+    def _read_properties(self, filepath: Path) -> CliConfigFile:
+        props = {}
+        with open(filepath, "r", encoding="utf-8") as file:
+            for line_num, line in enumerate(file, start=1):
+                line_stripped = line.strip()
+                if not line_stripped or line_stripped.startswith("#"):
+                    continue
+                if "=" not in line_stripped:
+                    raise ValueError(f"Invalid line format at line {line_num}: {line}")
+                key, value = line_stripped.split("=", 1)
+                key, value = key.strip(), value.strip()
+                if key in props:
+                    raise ValueError(f"Duplicate key '{key}' found at line {line_num}")
+                props[key] = value
+        if "default_organisation" in props:
+            return CliConfigFile(default_organisation=props["default_organisation"])
+        return CliConfigFile(default_organisation=None)
+
+    def set_default_organisation(self, organisation: str) -> None:
+        cli_config = self.get_cli_config()
+
+        try:
+            token = settings.get_active_token_file()
+            cli_config.set_account_field(token.account.email, organisation)
+            self._write_config_file(cli_config)
+        except TokenNotFoundError:
+            ErrorPrinter.print_hint("You must have an account activated in order to set default organization")
+            sys.exit(1)
+
+    def get_cli_config(self) -> ConfigFile:
+        try:
+            return self._read_config_file()
+        except TokenNotFoundError:
+            return ConfigFile()
+            # self._write_properties(CONFIG_DIR_PATH / CLI_CONFIG_FILE_NAME, [])
+
     def get_active_token(self) -> str:
         """
         Get the current active token secret
@@ -67,25 +125,48 @@ class Settings:
         """
         Get the current active token file
         """
-        if not self._active_secret_token_path.exists():
-            raise TokenNotFoundError("no active token file found")
 
-        return self._read_token_file(self._active_secret_token_path)
+        active_account = self.get_cli_config().get_active()
+        if active_account is not None:
+            token_name = active_account.credentials_name
+            return self.get_token_file(token_name)
+        raise TokenNotFoundError
+        # if not self._active_secret_token_path.exists():
+        #    raise TokenNotFoundError("no active token file found")
+        # return self._read_token_file(self._active_secret_token_path)
 
-    def activate_token(self, name: str) -> None:
+    def activate_token(self, token: TokenFile) -> None:
         """
         Activate a token by name or path
 
         The token secret will be set as the current active secret.
         """
-        token_file = self.get_token_file(name)
-        self._write_token_file(self._active_secret_token_path, token_file)
+        # token_file = self.get_token_file(name)
+        cli_config = self.get_cli_config()
+        cli_config.activate(token.account.email)
+        # if token_file.account.email not in cli_config.accounts:
+        #    cli_config.set_account_field(token_file.account.email)
+        self._write_config_file(cli_config)
+        # self._write_token_file(self._active_secret_token_path, token_file)
 
     def clear_active_token(self) -> None:
         """
         Clear the current active token
         """
-        self._active_secret_token_path.unlink(missing_ok=True)
+        config = self.get_cli_config()
+        config.active = None
+        self._write_config_file(config)
+
+    # self._active_secret_token_path.unlink(missing_ok=True)
+
+    def get_token_file_by_email(self, email: str) -> Optional[TokenFile]:
+        tokens = [t for t in self.list_personal_tokens() if t.account is not None and t.account.email == email]
+        if len(tokens) > 0:
+            return tokens[0]
+        tokens = [t for t in self.list_service_account_tokens() if t.account is not None and t.account.email == email]
+        if len(tokens) > 0:
+            return tokens[0]
+        return None
 
     def get_token_file(self, name: str) -> TokenFile:
         """
@@ -93,6 +174,8 @@ class Settings:
         """
         if Path(name).exists():
             return self._read_token_file(Path(name))
+        if Path(CONFIG_DIR_PATH / name).exists():
+            return self._read_token_file(Path(CONFIG_DIR_PATH / name))
 
         return self._get_token_by_name(name)[0]
 
@@ -107,18 +190,18 @@ class Settings:
                 raise InvalidSettingsFilePathError(f"cannot remove a token file not located in settings dir {self.config_dir}")
             return Path(name).unlink()
 
-        # TODO: what about the active token? # pylint: disable=fixme
-
+        # TODO: what about the active token?
         path = self._get_token_by_name(name)[1]
+        # print("Deleting", path)
         return path.unlink()
 
-    def add_and_activate_short_lived_cli_token(self, token: str) -> TokenFile:
-        """
-        Activates a short lived token
-        """
-        token_file = tf.loads(token)
-        self._write_token_file(self._active_secret_token_path, token_file)
-        return token_file
+    # def add_and_activate_short_lived_cli_token(self, token: str) -> TokenFile:
+    #    """
+    #    Activates a short lived token
+    #    """
+    #    token_file = tf.loads(token)
+    #    self._write_token_file(self._active_secret_token_path, token_file)
+    #    return token_file
 
     def add_personal_token(
         self,
@@ -131,15 +214,24 @@ class Settings:
         """
         token_file = tf.loads(token)
 
-        file = f"{PERSONAL_TOKEN_FILE_PREFIX}{token_file.name}.json"
+        def email_to_safe_filename(email: str) -> str:
+            # Replace any invalid character with an underscore
+            return re.sub(r'[<>:"/\\|?*]', "_", email)
+
+        # From now, user will never be None when adding a token so in this case token_file.user is never None
+        email = email_to_safe_filename(token_file.account.email) if token_file.account is not None else "unknown"
+        file = f"{PERSONAL_TOKEN_FILE_PREFIX}{token_file.name}-{email}.json"
         path = self.config_dir / file
         if path.exists() and not overwrite_if_exists:
             raise FileExistsError(f"Token file already exists: {path}")
 
         self._write_token_file(path, token_file)
+        cli_config = self.get_cli_config()
+        cli_config.init_account(email=token_file.account.email, token_name=token_file.name)
+        self._write_config_file(cli_config)
 
         if activate:
-            self.activate_token(token_file.name)
+            self.activate_token(token_file)
 
         return token_file
 
@@ -155,20 +247,39 @@ class Settings:
         """
         return [f[1] for f in self._list_personal_tokens()]
 
-    def add_service_account_token(self, service_account: str, token: str) -> TokenFile:
-        """
-        Add a service account token to the config directory
-        """
+    def add_service_account_token(self, token: str) -> TokenFile:
         token_file = tf.loads(token)
 
-        file = f"{SERVICE_ACCOUNT_TOKEN_FILE_PREFIX}{service_account}-{token_file.name}.json"
+        def email_to_safe_filename(email: str) -> str:
+            # Replace any invalid character with an underscore
+            return re.sub(r'[<>:"/\\|?*]', "_", email)
+
+            # From now, user will never be None when adding a token so in this case token_file.user is never None
+
+        email = email_to_safe_filename(token_file.account.email) if token_file.account is not None else "unknown"
+        file = f"{SERVICE_ACCOUNT_TOKEN_FILE_PREFIX}{token_file.name}-{email}.json"
         path = self.config_dir / file
-        if path.exists():
-            raise FileExistsError(f"Token file already exists: {path}")
 
         self._write_token_file(path, token_file)
+        print(f"Service account token stored at {path}")
+        cli_config = self.get_cli_config()
+        cli_config.init_account(email=token_file.account.email, token_name=token_file.name)
+        self._write_config_file(cli_config)
+
+        # if activate:
+        #    self.activate_token(token_file.account.email)
+
         return token_file
 
+        # token_file = tf.loads(token)
+        # file = f"{SERVICE_ACCOUNT_TOKEN_FILE_PREFIX}{service_account}-{token_file.name}.json"
+        # path = self.config_dir / file
+        # if path.exists():
+        #    raise FileExistsError(f"Token file already exists: {path}")
+
+        # self._write_token_file(path, token_file)
+        # return token_file
+
     def list_service_account_tokens(self) -> list[TokenFile]:
         """
         List all service account tokens
@@ -195,13 +306,25 @@ class Settings:
         return matches[0]
 
     def _list_token_files(self, prefix: str = "") -> list[TokenFileMetadata]:
-        # list all tokens with the correct prefix in the config dir, but omit the special active token file
-        def is_path_prefixed_and_not_active_secret(path: Path) -> bool:
+        """list all tokens with the correct prefix in the config dir, but omit files that are not token files"""
+
+        def is_valid_json(path: Path) -> bool:
+            try:
+                self._read_token_file(path)
+                return True
+            except JSONDecodeError:
+                # TODO - this should be printed but printing it here causes it to be displayed to many times
+                # err_console.print(f"File is not valid json, skipping. {path}")
+                return False
+
+        def is_valid_token_file(path: Path) -> bool:
+            is_token_file = path.name.startswith(SERVICE_ACCOUNT_TOKEN_FILE_PREFIX) or path.name.startswith(PERSONAL_TOKEN_FILE_PREFIX)
             has_correct_prefix = path.is_file() and path.name.startswith(prefix)
             is_active_secret = path == self._active_secret_token_path
-            return has_correct_prefix and not is_active_secret
+            is_cli_config = path == self._cli_config
+            return is_token_file and is_valid_json(path) and has_correct_prefix and not is_active_secret and not is_cli_config
 
-        paths = [path for path in self.config_dir.iterdir() if is_path_prefixed_and_not_active_secret(path)]
+        paths = [path for path in self.config_dir.iterdir() if is_valid_token_file(path)]
 
         return [(self._read_token_file(token_file), token_file) for token_file in paths]
 
@@ -209,6 +332,10 @@ class Settings:
         data = self._read_file(path)
         return tf.loads(data)
 
+    def _read_config_file(self) -> ConfigFile:
+        data = self._read_file(self.config_dir / CLI_CONFIG_FILE_NAME)
+        return config_file.loads(data)
+
     def _read_file(self, path: Path) -> str:
         if not path.exists():
             raise TokenNotFoundError(f"File could not be found: {path}")
@@ -216,7 +343,15 @@ class Settings:
 
     def _write_token_file(self, path: Path, token: TokenFile) -> Path:
         data = tf.dumps(token)
-        return self._write_file(path, data)
+        path = self._write_file(path, data)
+        os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
+        return path
+
+    def _write_config_file(self, config: ConfigFile) -> Path:
+        data = config_file.dumps(config)
+        path = self._write_file(self._cli_config, data)
+        os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
+        return path
 
     def _write_file(self, path: Path, data: str) -> Path:
         if self.config_dir not in path.parents:
@@ -233,24 +368,32 @@ class Settings:
         shutil.copytree(str(path), str(self.config_dir), dirs_exist_ok=True)
         secret = path / ACTIVE_TOKEN_FILE_NAME
         if secret.exists():
-            value = secret.read_text(encoding="utf-8").strip()
+            sys.stderr.write(f"Removing old activated token {secret}")
+            secret.unlink(missing_ok=True)
+            # value = secret.read_text(encoding="utf-8").strip()
             # The existing token file might either be a token file, or simply a string. We handle both cases...
-            try:
-                token = tf.loads(value)
-            except JSONDecodeError:
-                token = tf.TokenFile(
-                    name="MigratedActiveToken",
-                    token=value,
-                    created=str(datetime.datetime.now().isoformat()),
-                    expires="unknown",
-                )
-            self.add_and_activate_short_lived_cli_token(tf.dumps(token))
+            # try:
+            #    token = tf.loads(value)
+            # except JSONDecodeError:
+            #    token = tf.TokenFile(
+            #        version="1.0",
+            #        type="service-account" if value.startswith("sa") else "authorized_user",
+            #        name="MigratedActiveToken",
+            #        token=value,
+            #        created=str(datetime.datetime.now().isoformat()),
+            #        expires="unknown",
+            #        account=TokenFileAccount(email="unknown@remotivecloud.com"),
+            #    )
+            # self.add_and_activate_short_lived_cli_token(tf.dumps(token))
         shutil.rmtree(str(path))
 
 
 def create_settings() -> Settings:
     """Create remotive CLI config directory and return its settings instance"""
-    return Settings(CONFIG_DIR_PATH, deprecated_config_dirs=[DEPRECATED_CONFIG_DIR_PATH, INCORRECT_CONFIG_DIR_PATH])
+    return Settings(
+        CONFIG_DIR_PATH,
+        deprecated_config_dirs=[DEPRECATED_CONFIG_DIR_PATH, INCORRECT_CONFIG_DIR_PATH],
+    )
 
 
 settings = create_settings()

cli/settings/migrate_all_token_files.py

@@ -0,0 +1,74 @@
+from __future__ import annotations
+
+from cli.settings import settings
+from cli.settings.core import ACTIVE_TOKEN_FILE_NAME
+from cli.settings.migrate_token_file import InvalidTokenError, UnsupportedTokenVersionError, migrate_legacy_token
+from cli.settings.token_file import TokenFile, dumps
+
+
+def _migrate_legacy_tokens(tokens: list[TokenFile]) -> tuple[list[TokenFile], set[str]]:
+    """
+    Determine which tokens can be updated and which should be removed.
+
+    Returns:
+        tuple of (updated_tokens, invalid_tokens)
+    """
+    updated_tokens: list[TokenFile] = []
+    invalid_tokens: set[str] = set()
+
+    for token in tokens:
+        try:
+            migrated_token = migrate_legacy_token(token)
+            if migrated_token.version != token.version:
+                updated_tokens.append(migrated_token)
+        except (InvalidTokenError, UnsupportedTokenVersionError):
+            # Token not valid or unsupported version, mark for removal
+            invalid_tokens.add(token.name)
+
+    return updated_tokens, invalid_tokens
+
+
+def _write_updated_tokens(updated_tokens: list[TokenFile]) -> None:
+    for updated_token in updated_tokens:
+        settings.remove_token_file(name=updated_token.name)
+        if updated_token.type == "authorized_user":
+            settings.add_personal_token(dumps(updated_token), overwrite_if_exists=True)
+        elif updated_token.type == "service_account":
+            settings.add_service_account_token(dumps(updated_token))
+        else:
+            raise ValueError(f"Unsupported token type: {updated_token.type}")
+
+
+def _remove_invalid_tokens(invalid_tokens: set[str]) -> None:
+    for token_name in invalid_tokens:
+        settings.remove_token_file(name=token_name)
+
+
+def _remove_old_secret_file() -> bool:
+    old_activated_secret_file = settings.config_dir / ACTIVE_TOKEN_FILE_NAME
+    old_secret_exists = old_activated_secret_file.exists()
+    if old_secret_exists:
+        old_activated_secret_file.unlink(missing_ok=True)
+    return old_secret_exists
+
+
+def migrate_any_legacy_tokens(tokens: list[TokenFile]) -> bool:
+    """
+    Migrate any legacy tokens to the latest TokenFile format.
+
+    Returns True if any tokens were migrated, False otherwise.
+    """
+    # Get tokens to update/remove
+    updated_tokens, invalid_tokens = _migrate_legacy_tokens(tokens)
+
+    # Perform file operations
+    _write_updated_tokens(updated_tokens)
+    _remove_invalid_tokens(invalid_tokens)
+
+    # Remove old secret file if exists
+    old_secret_removed = _remove_old_secret_file()
+    if old_secret_removed:
+        return True  # We migrated at least one token
+
+    # only return True if we migrated at least one token
+    return len(updated_tokens) + len(invalid_tokens) > 0

cli/settings/migrate_token_file.py

@@ -0,0 +1,52 @@
+from __future__ import annotations
+
+from cli.settings.token_file import TokenFile, TokenFileAccount
+from cli.utils.rest_helper import RestHelper
+
+
+class InvalidTokenError(Exception):
+    """Raised when a token is invalid."""
+
+
+class UnsupportedTokenVersionError(Exception):
+    """Raised when a token version is not supported."""
+
+
+def migrate_legacy_token(token: TokenFile) -> TokenFile:
+    """
+    Migrate a token from a legacy format to the latest format.
+
+    Args:
+        token: The token to migrate.
+
+    Returns:
+        TokenFile: The migrated token.
+
+    Raises:
+        InvalidTokenError: If the token is invalid.
+        UnsupportedTokenVersionError: If the token version is not supported.
+    """
+    # use a naive approach to compare versions for now
+    version = float(token.version)
+
+    # already migrated
+    if version >= 1.1:
+        return token
+
+    if version == 1.0:
+        res = RestHelper.handle_get("/api/whoami", return_response=True, allow_status_codes=[401, 400, 403], access_token=token.token)
+        if res.status_code != 200:
+            raise InvalidTokenError(f"Token {token.name} is invalid")
+
+        email = res.json()["email"]
+        return TokenFile(
+            version="1.1",
+            type=token.type,
+            name=token.name,
+            token=token.token,
+            created=token.created,
+            expires=token.expires,
+            account=TokenFileAccount(email=email),
+        )
+
+    raise UnsupportedTokenVersionError(f"Unsupported token version: {token.version}")