Mention env var when using API Token and whoami/log(out|in) comma…

…nds.
cloudflare · Feb 16, 2024 · 72f9e43 · 72f9e43
1 parent e61dba5
commit 72f9e43
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 2 deletions.
diff --git a/.changeset/perfect-berries-impress.md b/.changeset/perfect-berries-impress.md
@@ -0,0 +1,10 @@
+---
+"wrangler": minor
+---
+
+feature: whoami, logout and login commands mention the CLOUDFLARE_API_TOKEN env var now
+
+It is easy to get confused when trying to logout while the CLOUDFLARE_API_TOKEN env var is set.
+The logout command normally prints out a message which states that the user is not logged in. This
+change rectifes this to explicitly call out that the CLOUDFLARE_API_TOKEN is set and requests that
+the user unsets it to logout.
diff --git a/packages/wrangler/src/__tests__/deploy.test.ts b/packages/wrangler/src/__tests__/deploy.test.ts
@@ -8531,6 +8531,7 @@ export default{
 
 		Getting User settings...
 		👋 You are logged in with an API Token, associated with the email user@example.com!
+		ℹ️  The API Token is read from the CLOUDFLARE_API_TOKEN in your environment.
 		┌───────────────┬────────────┐
 		│ Account Name  │ Account ID │
 		├───────────────┼────────────┤

diff --git a/packages/wrangler/src/__tests__/logout.test.ts b/packages/wrangler/src/__tests__/logout.test.ts
@@ -14,7 +14,9 @@ describe("logout", () => {
 
 	it("should exit with a message stating the user is not logged in", async () => {
 		await runWrangler("logout");
-		expect(std.out).toMatchInlineSnapshot(`"Not logged in, exiting..."`);
+		expect(std.out).toMatchInlineSnapshot(
+			`"You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the environment to log out."`
+		);
 	});
 
 	it("should logout user that has been properly logged in", async () => {
@@ -40,7 +42,9 @@ describe("logout", () => {
 
 		await runWrangler("logout");
 
-		expect(std.out).toMatchInlineSnapshot(`"Successfully logged out."`);
+		expect(std.out).toMatchInlineSnapshot(
+			`"You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the environment to log out."`
+		);
 		expect(fs.existsSync(config)).toBeFalsy();
 		expect(counter).toBe(1);
 	});

diff --git a/packages/wrangler/src/user/user.ts b/packages/wrangler/src/user/user.ts
@@ -932,6 +932,16 @@ export async function loginOrRefreshIfRequired(
 export async function login(
 	props: LoginProps = { browser: true }
 ): Promise<boolean> {
+	const authFromEnv = getAuthFromEnv();
+	if (authFromEnv) {
+		// Auth from env overrides any login details, so no point in allowing the user to login.
+		logger.error(
+			"You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the " +
+				"environment to log in via OAuth."
+		);
+		return false;
+	}
+
 	logger.log("Attempting to login via OAuth...");
 	const urlToOpen = await getAuthURL(props?.scopes);
 	let server: http.Server;
@@ -1058,6 +1068,16 @@ async function refreshToken(): Promise<boolean> {
 }
 
 export async function logout(): Promise<void> {
+	const authFromEnv = getAuthFromEnv();
+	if (authFromEnv) {
+		// Auth from env overrides any login details, so we cannot log out.
+		logger.log(
+			"You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the " +
+				"environment to log out."
+		);
+		return;
+	}
+
 	if (!LocalState.accessToken) {
 		if (!LocalState.refreshToken) {
 			logger.log("Not logged in, exiting...");

diff --git a/packages/wrangler/src/whoami.ts b/packages/wrangler/src/whoami.ts
@@ -22,6 +22,13 @@ export async function whoami() {
 			`👋 You are logged in with an ${user.authType}. Unable to retrieve email for this user. Are you missing the \`User->User Details->Read\` permission?`
 		);
 	}
+
+	if (user.authType === "API Token") {
+		logger.log(
+			"ℹ️  The API Token is read from the CLOUDFLARE_API_TOKEN in your environment."
+		);
+	}
+
 	logger.table(
 		user.accounts.map((account) => ({
 			"Account Name": account.name,