feat(auth): Recognize new format user tokens

szokeasaurusrex · szokeasaurusrex · commit 83ccc7e44d18 · 2024-07-16T15:20:52.000+02:00
getsentry/sentry#68148 changed user auth tokens, so that they now start with a `sntryu_` prefix. While the CLI correctly handles these new tokens, the CLI issued a warning when using these new format tokens. This PR updates the CLI's auth token parsing logic to recognize the new user auth token format (in addition to the old format), so that the warning is no longer issued.
diff --git a/src/utils/auth_token/test.rs b/src/utils/auth_token/test.rs
@@ -67,10 +67,11 @@ fn test_valid_org_auth_token_missing_url() {
 
 // User auth token tests ----------------------------------------------------
 
-#[test]
-fn test_valid_user_auth_token() {
-    let good_token =
-        String::from("c66aee1348a6e7a0993145d71cf8fa529ed09ee13dd5177b5f692e9f6ca38c30");
+#[rstest]
+#[case::no_prefix("c66aee1348a6e7a0993145d71cf8fa529ed09ee13dd5177b5f692e9f6ca38c30")]
+#[case::with_prefix("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")]
+fn test_valid_user_auth_token(#[case] token_str: &'static str) {
+    let good_token = String::from(token_str);
 
     testing_logger::setup();
     let token = AuthToken::from(good_token.clone());
@@ -138,6 +139,11 @@ fn test_valid_user_auth_token() {
 #[case::invalid_hex("c66aee1348a6g7a0993145d71cf8fa529ed09ee13dd5177b5f692e9f6ca38c30")]
 #[case::sixty_three_characters("c66aee1348a6e7a0993145d71cf8fa529ed09ee13dd5177b5f692e9f6ca38c3")]
 #[case::sixty_five_characters("c66aee1348a6e7a0993145d71cf8fa529ed09ee13dd5177b5f692e9f6ca38c300")]
+#[case::prefix_only("sntryu_")]
+#[case::prefix_sixty_three_characters(
+    "sntryu_c66aee1348a6e7a0993145d71cf8fa529ed09ee13dd5177b5f692e9f6ca38c3"
+)]
+#[case::wrong_prefix("sntryt_c66aee1348a6e7a0993145d71cf8fa529ed09ee13dd5177b5f692e9f6ca38c30")]
 fn test_unknown_auth_token(#[case] token_str: &'static str) {
     testing_logger::setup();
     let token = AuthToken::from(token_str.to_owned());
diff --git a/src/utils/auth_token/user_auth_token.rs b/src/utils/auth_token/user_auth_token.rs
@@ -1,15 +1,26 @@
 use super::{AuthTokenParseError, Result};
 
 const USER_TOKEN_BYTES: usize = 32;
+const USER_TOKEN_PREFIX: &str = "sntryu_";
 
 /// Represents a valid User Auth Token.
 #[derive(Debug, Clone)]
 pub struct UserAuthToken(String);
 
 impl UserAuthToken {
+    /// Returns the secret portion of the auth token. This is the token without the sntryu_ prefix, if present.
+    fn secret_portion(auth_str: &str) -> &str {
+        if auth_str.starts_with(USER_TOKEN_PREFIX) {
+            &auth_str[USER_TOKEN_PREFIX.len()..]
+        } else {
+            auth_str
+        }
+    }
+
     /// Constructs a new UserAuthToken from a string. Returns an error if the string is not a valid user auth token.
     fn construct_from_string(auth_string: String) -> Result<Self> {
-        let bytes = data_encoding::HEXLOWER_PERMISSIVE.decode(auth_string.as_bytes());
+        let bytes = data_encoding::HEXLOWER_PERMISSIVE
+            .decode(Self::secret_portion(&auth_string).as_bytes());
 
         if bytes.is_ok() && bytes.unwrap().len() == USER_TOKEN_BYTES {
             Ok(UserAuthToken(auth_string))
