fix: improve authentication logging and warnings

- If a user has previously logged in via Wrangler 1 with an API token, we now display a helpful warning.
- When logging in and out, we no longer display the path to the internal user auh config file.
- When logging in, we now display an initial message to indicate the authentication flow is starting.

Fixes [#526](#526)

.changeset/large-pillows-clap.md

@@ -0,0 +1,11 @@
+---
+"wrangler": patch
+---
+
+fix: improve authentication logging and warnings
+
+- If a user has previously logged in via Wrangler 1 with an API token, we now display a helpful warning.
+- When logging in and out, we no longer display the path to the internal user auh config file.
+- When logging in, we now display an initial message to indicate the authentication flow is starting.
+
+Fixes [#526](https://github.com/cloudflare/wrangler2/issues/526)

packages/wrangler/src/__tests__/helpers/mock-user.ts

@@ -2,11 +2,17 @@ import { mkdirSync, writeFileSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
 
-export function writeUserConfig(
-  oauth_token?: string,
-  refresh_token?: string,
-  expiration_time?: string
-) {
+export function writeUserConfig({
+  oauth_token,
+  refresh_token,
+  expiration_time,
+  api_token,
+}: {
+  oauth_token?: string;
+  refresh_token?: string;
+  expiration_time?: string;
+  api_token?: string;
+}) {
   const lines: string[] = [];
   if (oauth_token) {
     lines.push(`oauth_token = "${oauth_token}"`);
@@ -17,6 +23,9 @@ export function writeUserConfig(
   if (expiration_time) {
     lines.push(`expiration_time = "${expiration_time}"`);
   }
+  if (api_token) {
+    lines.push(`api_token = "${api_token}"`);
+  }
   const configPath = path.join(os.homedir(), ".wrangler/config");
   mkdirSync(configPath, { recursive: true });
   writeFileSync(

packages/wrangler/src/__tests__/logout.test.ts

@@ -20,7 +20,10 @@ describe("wrangler", () => {
     });
 
     it("should logout user that has been properly logged in", async () => {
-      writeUserConfig("some-oauth-tok", "some-refresh-tok");
+      writeUserConfig({
+        oauth_token: "some-oauth-tok",
+        refresh_token: "some-refresh-tok",
+      });
 
       // Mock out the response for a request to revoke the auth tokens,
       // checking the form of the request is as expected.
@@ -33,10 +36,7 @@ describe("wrangler", () => {
       await initialise();
       await runWrangler("logout");
 
-      expect(std.out).toMatchInlineSnapshot(`
-        "💁  Wrangler is configured with an OAuth token. The token has been successfully revoked
-        Removing ./home/.wrangler/config/default.toml.. success!"
-      `);
+      expect(std.out).toMatchInlineSnapshot(`"Successfully logged out."`);
 
       // Make sure that we made the request to logout.
       expect(fetchMock).toHaveBeenCalledTimes(1);

packages/wrangler/src/__tests__/whoami.test.tsx

@@ -3,12 +3,14 @@ import React from "react";
 import { initialise } from "../user";
 import { getUserInfo, WhoAmI } from "../whoami";
 import { setMockResponse } from "./helpers/mock-cfetch";
+import { mockConsoleMethods } from "./helpers/mock-console";
 import { writeUserConfig } from "./helpers/mock-user";
 import { runInTempDir } from "./helpers/run-in-tmp";
 import type { UserInfo } from "../whoami";
 
 describe("getUserInfo()", () => {
   runInTempDir({ homedir: "./home" });
+  const std = mockConsoleMethods();
 
   it("should return undefined if there is no config file", async () => {
     await initialise();
@@ -17,14 +19,14 @@ describe("getUserInfo()", () => {
   });
 
   it("should return undefined if there is an empty config file", async () => {
-    writeUserConfig();
+    writeUserConfig({});
     await initialise();
     const userInfo = await getUserInfo();
     expect(userInfo).toBeUndefined();
   });
 
   it("should return the user's email and accounts if authenticated via config token", async () => {
-    writeUserConfig("some-oauth-token");
+    writeUserConfig({ oauth_token: "some-oauth-token" });
     setMockResponse("/user", () => {
       return { email: "user@example.com" };
     });
@@ -50,6 +52,17 @@ describe("getUserInfo()", () => {
       ],
     });
   });
+
+  it("should display a warning message if the config file contains a legacy api_token field", async () => {
+    writeUserConfig({ api_token: "API_TOKEN" });
+    await initialise();
+    await getUserInfo();
+    expect(std.warn).toMatchInlineSnapshot(`
+      "It looks like you have used Wrangler 1's \`config\` command to login with an API token.
+      This is no longer supported in the current version of Wrangler.
+      If you wish to authenticate via an API token then please set the \`CLOUDFLARE_API_TOKEN\` environment variable."
+    `);
+  });
 });
 
 describe("WhoAmI component", () => {

packages/wrangler/src/user.tsx

@@ -260,6 +260,8 @@ interface State {
   refreshToken?: RefreshToken; // persist
   stateQueryParam?: string;
   scopes?: Scope[];
+  /** @deprecated */
+  api_token?: string;
 }
 
 interface RefreshToken {
@@ -336,16 +338,21 @@ export async function initialise(): Promise<void> {
         encoding: "utf-8",
       })
     );
-    const { oauth_token, refresh_token, expiration_time } = toml as {
+
+    const { oauth_token, refresh_token, expiration_time, api_token } = toml as {
       oauth_token: string;
       refresh_token: string;
       expiration_time: string;
+      /** @deprecated */
+      api_token?: string;
     };
     if (oauth_token) {
       LocalState.accessToken = { value: oauth_token, expiry: expiration_time };
-    }
-    if (refresh_token) {
-      LocalState.refreshToken = { value: refresh_token };
+      if (refresh_token) {
+        LocalState.refreshToken = { value: refresh_token };
+      }
+    } else if (api_token) {
+      LocalState.api_token = api_token;
     }
   } catch (err) {
     // no config yet, let's chill
@@ -365,6 +372,13 @@ function throwIfNotInitialised() {
 
 export function getAPIToken(): string | undefined {
   throwIfNotInitialised();
+  if (LocalState.api_token) {
+    console.warn(
+      "It looks like you have used Wrangler 1's `config` command to login with an API token.\n" +
+        "This is no longer supported in the current version of Wrangler.\n" +
+        "If you wish to authenticate via an API token then please set the `CLOUDFLARE_API_TOKEN` environment variable."
+    );
+  }
   return LocalState.accessToken?.value;
 }
 
@@ -824,7 +838,7 @@ export async function loginOrRefreshIfRequired(
 ): Promise<boolean> {
   // TODO: if there already is a token, then try refreshing
   // TODO: ask permission before opening browser
-  if (!LocalState.accessToken) {
+  if (!getAPIToken()) {
     // Not logged in.
     // If we are not interactive, we cannot ask the user to login
     return isInteractive && (await login());
@@ -836,6 +850,7 @@ export async function loginOrRefreshIfRequired(
 }
 
 export async function login(props?: LoginProps): Promise<boolean> {
+  console.log("Attempting to login via OAuth...");
   const urlToOpen = await getAuthURL(props?.scopes);
   await openInBrowser(urlToOpen);
   let server: http.Server;
@@ -903,9 +918,7 @@ export async function login(props?: LoginProps): Promise<boolean> {
             res.end(() => {
               finish(true);
             });
-            console.log(
-              `Successfully configured. You can find your configuration file at: ${os.homedir()}/.wrangler/config/default.toml`
-            );
+            console.log(`Successfully logged in.`);
 
             return;
           }
@@ -960,14 +973,8 @@ export async function logout(): Promise<void> {
     },
   });
   await response.text(); // blank text? would be nice if it was something meaningful
-  console.log(
-    "💁  Wrangler is configured with an OAuth token. The token has been successfully revoked"
-  );
-  // delete the file
   await rm(path.join(os.homedir(), ".wrangler/config/default.toml"));
-  console.log(
-    `Removing ${os.homedir()}/.wrangler/config/default.toml.. success!`
-  );
+  console.log(`Successfully logged out.`);
 }
 
 export function listScopes(): void {