feat(credentials): validate login via scraper before caching

Problem: `credentials.lua` cached username/password immediately on input without any server-side validation. `scraper.lua` only used the browser/FHS path for the `submit` subcommand. Solution: rewrite `M.login()` to call `scraper.login()` with ndjson status callbacks and only cache credentials on success. Generalize the four submit-only guards in `run_scraper` to a `needs_browser` flag covering both `submit` and `login` subcommands.
2026-03-05 15:00:38 -05:00 · 2026-03-05 15:00:38 -05:00 · 06f5e24ebc
commit 06f5e24ebc
parent 720ae4ff76
2 changed files with 78 additions and 9 deletions
--- a/lua/cp/credentials.lua
+++ b/lua/cp/credentials.lua
@ -1,19 +1,28 @@
 local M = {}

 local cache = require('cp.cache')
+local constants = require('cp.constants')
 local logger = require('cp.log')
 local state = require('cp.state')

+local STATUS_MESSAGES = {
+  checking_login = 'Checking existing session...',
+  logging_in = 'Logging in...',
+  installing_browser = 'Installing browser...',
+}
+
 function M.login(platform)
  platform = platform or state.get_platform()
  if not platform then
    logger.log(
-      'No platform specified. Usage: :CP login <platform>',
+      'No platform specified. Usage: :CP <platform> login',
      { level = vim.log.levels.ERROR }
    )
    return
  end

+  local display = constants.PLATFORM_DISPLAY_NAMES[platform] or platform
+
  vim.ui.input({ prompt = platform .. ' username: ' }, function(username)
    if not username or username == '' then
      logger.log('Cancelled', { level = vim.log.levels.WARN })
@ -26,9 +35,36 @@ function M.login(platform)
      logger.log('Cancelled', { level = vim.log.levels.WARN })
      return
    end
+
    cache.load()
-    cache.set_credentials(platform, { username = username, password = password })
-    logger.log(platform .. ' credentials saved', { level = vim.log.levels.INFO, override = true })
+    local existing = cache.get_credentials(platform) or {}
+    local credentials = {
+      username = username,
+      password = password,
+    }
+    if existing.token then
+      credentials.token = existing.token
+    end
+
+    local scraper = require('cp.scraper')
+    scraper.login(platform, credentials, function(ev)
+      vim.schedule(function()
+        local msg = STATUS_MESSAGES[ev.status] or ev.status
+        logger.log(display .. ': ' .. msg, { level = vim.log.levels.INFO, override = true })
+      end)
+    end, function(result)
+      vim.schedule(function()
+        if result.success then
+          logger.log(
+            display .. ' login successful',
+            { level = vim.log.levels.INFO, override = true }
+          )
+        else
+          local err = result.error or 'unknown error'
+          logger.log(display .. ' login failed: ' .. err, { level = vim.log.levels.ERROR })
+        end
+      end)
+    end)
  end)
 end

@ -36,7 +72,7 @@ function M.logout(platform)
  platform = platform or state.get_platform()
  if not platform then
    logger.log(
-      'No platform specified. Usage: :CP logout <platform>',
+      'No platform specified. Usage: :CP <platform> logout',
      { level = vim.log.levels.ERROR }
    )
    return
--- a/lua/cp/scraper.lua
+++ b/lua/cp/scraper.lua
@ -44,13 +44,15 @@ local function run_scraper(platform, subcommand, args, opts)
    return { success = false, error = msg }
  end

-  if subcommand == 'submit' then
+  local needs_browser = subcommand == 'submit' or subcommand == 'login'
+
+  if needs_browser then
    utils.setup_nix_submit_env()
  end

  local plugin_path = utils.get_plugin_path()
  local cmd
-  if subcommand == 'submit' then
+  if needs_browser then
    cmd = utils.get_python_submit_cmd(platform, plugin_path)
  else
    cmd = utils.get_python_cmd(platform, plugin_path)
@ -71,7 +73,7 @@ local function run_scraper(platform, subcommand, args, opts)
    end
  end

-  if subcommand == 'submit' and utils.is_nix_build() then
+  if needs_browser and utils.is_nix_build() then
    env.UV_PROJECT_ENVIRONMENT = vim.fn.stdpath('cache') .. '/cp-nvim/submit-env'
  end

@ -129,7 +131,7 @@ local function run_scraper(platform, subcommand, args, opts)
      return { success = false, error = 'spawn failed' }
    end

-    if subcommand == 'submit' then
+    if needs_browser then
      timer = uv.new_timer()
      timer:start(120000, 0, function()
        timer:stop()
@ -193,7 +195,7 @@ local function run_scraper(platform, subcommand, args, opts)

  local sysopts = {
    text = true,
-    timeout = (subcommand == 'submit') and 120000 or 30000,
+    timeout = needs_browser and 120000 or 30000,
    env = env,
    cwd = plugin_path,
  }
@ -317,6 +319,37 @@ function M.scrape_all_tests(platform, contest_id, callback, on_done)
  })
 end

+function M.login(platform, credentials, on_status, callback)
+  local done = false
+  run_scraper(platform, 'login', {}, {
+    ndjson = true,
+    env_extra = { CP_CREDENTIALS = vim.json.encode(credentials) },
+    on_event = function(ev)
+      if ev.credentials ~= nil and next(ev.credentials) ~= nil then
+        require('cp.cache').set_credentials(platform, ev.credentials)
+      end
+      if ev.status ~= nil then
+        if type(on_status) == 'function' then
+          on_status(ev)
+        end
+      elseif ev.success ~= nil then
+        done = true
+        if type(callback) == 'function' then
+          callback(ev)
+        end
+      end
+    end,
+    on_exit = function(proc)
+      if not done and type(callback) == 'function' then
+        callback({
+          success = false,
+          error = 'login process exited (code=' .. tostring(proc.code) .. ')',
+        })
+      end
+    end,
+  })
+end
+
 function M.submit(
  platform,
  contest_id,