garth more done

2026-02-04 05:22:09 +00:00 · 2025-08-28 19:44:35 -07:00
parent 6b9150c541
commit 237e17fbb3
11 changed files with 150 additions and 100 deletions
--- a/internal/auth/garth/garth_auth.go
+++ b/internal/auth/garth/garth_auth.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/url"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -96,16 +97,25 @@ func (g *GarthAuthenticator) Login(username, password string) (*Session, error)

 // getRequestToken obtains OAuth1 request token
 func (g *GarthAuthenticator) getRequestToken() (token, secret string, err error) {
-	_, err = g.HTTPClient.R().
+	resp, err := g.HTTPClient.R().
 		SetHeader("Accept", "text/html").
-		SetResult(&struct{}{}).
 		Post(g.BaseURL + "/oauth-service/oauth/request_token")
 	if err != nil {
-		return "", "", err
+		return "", "", fmt.Errorf("request token request failed: %w", err)
 	}

 	// Parse token and secret from response body
-	return "temp_token", "temp_secret", nil
+	values, err := url.ParseQuery(resp.String())
+	if err != nil {
+		return "", "", fmt.Errorf("failed to parse request token response: %w", err)
+	}
+
+	token = values.Get("oauth_token")
+	secret = values.Get("oauth_token_secret")
+	if token == "" || secret == "" {
+		return "", "", errors.New("request token response missing oauth_token or oauth_token_secret")
+	}
+	return token, secret, nil
 }

 // authenticate handles username/password authentication and MFA
@@ -199,12 +209,44 @@ func (d DefaultConsolePrompter) GetMFACode(ctx context.Context) (string, error)

 // getAccessToken exchanges request token for access token
 func (g *GarthAuthenticator) getAccessToken(token, secret, verifier string) (accessToken, accessSecret string, err error) {
-	return "access_token", "access_secret", nil
+	resp, err := g.HTTPClient.R().
+		SetQueryParam("oauth_token", token).
+		SetQueryParam("oauth_verifier", verifier).
+		Post(g.BaseURL + "/oauth-service/oauth/access_token")
+	if err != nil {
+		return "", "", fmt.Errorf("access token request failed: %w", err)
+	}
+
+	values, err := url.ParseQuery(resp.String())
+	if err != nil {
+		return "", "", fmt.Errorf("failed to parse access token response: %w", err)
+	}
+
+	accessToken = values.Get("oauth_token")
+	accessSecret = values.Get("oauth_token_secret")
+	if accessToken == "" || accessSecret == "" {
+		return "", "", errors.New("access token response missing oauth_token or oauth_token_secret")
+	}
+	return accessToken, accessSecret, nil
 }

 // getOAuth2Token exchanges OAuth1 token for OAuth2 token
 func (g *GarthAuthenticator) getOAuth2Token(token, secret string) (oauth2Token string, err error) {
-	return "oauth2_access_token", nil
+	resp, err := g.HTTPClient.R().
+		SetFormData(map[string]string{
+			"token":        token,
+			"token_secret": secret,
+		}).
+		Post(g.BaseURL + "/oauth-service/oauth/exchange/user/2.0")
+	if err != nil {
+		return "", fmt.Errorf("OAuth2 token exchange failed: %w", err)
+	}
+
+	if resp.StatusCode() != 200 {
+		return "", fmt.Errorf("OAuth2 token exchange failed with status %d", resp.StatusCode())
+	}
+
+	return strings.TrimSpace(resp.String()), nil
 }

 // Save persists the session to the specified path
--- a/internal/auth/garth/garth_auth_test.go
+++ b/internal/auth/garth/garth_auth_test.go
@@ -9,20 +9,27 @@ import (
 )

 func TestOAuth1LoginFlow(t *testing.T) {
-	// Setup mock server to simulate Garmin SSO flow
+	// Setup mock server to simulate complete Garmin SSO flow
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// The request token step uses text/html Accept header
-		if r.URL.Path == "/oauth-service/oauth/request_token" {
-			assert.Equal(t, "text/html", r.Header.Get("Accept"))
-		} else {
-			// Other requests use application/json
-			assert.Equal(t, "application/json", r.Header.Get("Accept"))
-		}
-		assert.Equal(t, "garmin-connect-client", r.Header.Get("User-Agent"))
+		switch r.URL.Path {
+		case "/oauth-service/oauth/request_token":
+			w.Header().Set("Content-Type", "text/plain")
+			w.Write([]byte("oauth_token=test_token&oauth_token_secret=test_secret"))

-		// Simulate successful SSO response
-		w.Header().Set("Content-Type", "text/html")
-		w.Write([]byte(`<input type="hidden" name="oauth_verifier" value="test_verifier" />`))
+		case "/sso/signin":
+			w.Header().Set("Content-Type", "text/html")
+			w.Write([]byte(`<input type="hidden" name="oauth_verifier" value="test_verifier" />`))
+
+		case "/oauth-service/oauth/access_token":
+			w.Header().Set("Content-Type", "text/plain")
+			w.Write([]byte("oauth_token=access_token&oauth_token_secret=access_secret"))
+
+		case "/oauth-service/oauth/exchange/user/2.0":
+			w.Write([]byte("oauth2_token"))
+
+		default:
+			t.Errorf("Unexpected request to path: %s", r.URL.Path)
+		}
 	}))
 	defer server.Close()

@@ -34,21 +41,43 @@ func TestOAuth1LoginFlow(t *testing.T) {
 	session, err := auth.Login("test_user", "test_pass")
 	assert.NoError(t, err, "Login should succeed")
 	assert.NotNil(t, session, "Session should be created")
+
+	// Verify session values
+	assert.Equal(t, "access_token", session.OAuth1Token)
+	assert.Equal(t, "access_secret", session.OAuth1Secret)
+	assert.Equal(t, "oauth2_token", session.OAuth2Token)
+	assert.False(t, session.IsExpired(), "Session should not be expired")
 }

 func TestMFAFlow(t *testing.T) {
 	mfaTriggered := false
-	// Setup mock server to simulate MFA requirement
+	// Setup mock server to simulate MFA requirement and complete flow
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if !mfaTriggered {
+		switch {
+		case r.URL.Path == "/oauth-service/oauth/request_token":
+			w.Header().Set("Content-Type", "text/plain")
+			w.Write([]byte("oauth_token=test_token&oauth_token_secret=test_secret"))
+
+		case r.URL.Path == "/sso/signin" && !mfaTriggered:
 			// First response requires MFA
 			w.Header().Set("Content-Type", "text/html")
 			w.Write([]byte(`<div class="mfa-required"><input type="hidden" name="mfaContext" value="context123" /></div>`))
 			mfaTriggered = true
-		} else {
-			// Second response after MFA
+
+		case r.URL.Path == "/sso/verifyMFA":
+			// MFA verification
 			w.Header().Set("Content-Type", "text/html")
 			w.Write([]byte(`<input type="hidden" name="oauth_verifier" value="mfa_verifier" />`))
+
+		case r.URL.Path == "/oauth-service/oauth/access_token":
+			w.Header().Set("Content-Type", "text/plain")
+			w.Write([]byte("oauth_token=access_token&oauth_token_secret=access_secret"))
+
+		case r.URL.Path == "/oauth-service/oauth/exchange/user/2.0":
+			w.Write([]byte("oauth2_token"))
+
+		default:
+			t.Errorf("Unexpected request to path: %s", r.URL.Path)
 		}
 	}))
 	defer server.Close()
@@ -61,6 +90,12 @@ func TestMFAFlow(t *testing.T) {
 	session, err := auth.Login("mfa_user", "mfa_pass")
 	assert.NoError(t, err, "MFA login should succeed")
 	assert.NotNil(t, session, "Session should be created")
+
+	// Verify session values
+	assert.Equal(t, "access_token", session.OAuth1Token)
+	assert.Equal(t, "access_secret", session.OAuth1Secret)
+	assert.Equal(t, "oauth2_token", session.OAuth2Token)
+	assert.False(t, session.IsExpired(), "Session should not be expired")
 }

 func TestLoginFailure(t *testing.T) {