feat: validate credentials on :CP <platform> login (#310)

## Problem `:CP <platform> login` blindly caches username/password without server-side validation. Bad credentials are only discovered at submit time, which is confusing and wastes a browser session. ## Solution Wire `:CP <platform> login` through the scraper pipeline so each platform actually authenticates before persisting credentials. On failure, the user sees an error and nothing is cached. - CSES: reuses `_check_token` (fast path) and `_web_login`; returns API token in `LoginResult.credentials` so subsequent submits skip re-auth. - AtCoder/Codeforces: new `_login_headless` functions open a StealthySession, solve Turnstile/Cloudflare, fill the login form, and validate success by checking for the logout link. Cookies only persist on confirmed login. - CodeChef/Kattis/USACO: return "not yet implemented" errors. - `scraper.lua`: generalizes submit-only guards (`needs_browser` flag) to cover both `submit` and `login` subcommands. - `credentials.lua`: prompts for username/password, passes cached token for CSES fast path, shows ndjson status notifications, only caches on success.
2026-03-05 15:12:09 -05:00 · 2026-03-05 15:12:09 -05:00 · 2c119774df
commit 2c119774df
parent a202725cc5
10 changed files with 356 additions and 108 deletions
--- a/scrapers/codeforces.py
+++ b/scrapers/codeforces.py
@ -13,6 +13,7 @@ from .base import BaseScraper, extract_precision
 from .models import (
    ContestListResult,
    ContestSummary,
+    LoginResult,
    MetadataResult,
    ProblemSummary,
    SubmitResult,
@ -303,6 +304,111 @@ class CodeforcesScraper(BaseScraper):
            credentials,
        )

+    async def login(self, credentials: dict[str, str]) -> LoginResult:
+        if not credentials.get("username") or not credentials.get("password"):
+            return self._login_error("Missing username or password")
+        return await asyncio.to_thread(_login_headless_cf, credentials)
+
+
+def _login_headless_cf(credentials: dict[str, str]) -> LoginResult:
+    from pathlib import Path
+
+    try:
+        from scrapling.fetchers import StealthySession  # type: ignore[import-untyped,unresolved-import]
+    except ImportError:
+        return LoginResult(
+            success=False,
+            error="scrapling is required for Codeforces login",
+        )
+
+    from .atcoder import _ensure_browser
+
+    _ensure_browser()
+
+    cookie_cache = Path.home() / ".cache" / "cp-nvim" / "codeforces-cookies.json"
+    cookie_cache.parent.mkdir(parents=True, exist_ok=True)
+    saved_cookies: list[dict[str, Any]] = []
+    if cookie_cache.exists():
+        try:
+            saved_cookies = json.loads(cookie_cache.read_text())
+        except Exception:
+            pass
+
+    logged_in = False
+    login_error: str | None = None
+
+    def check_login(page):
+        nonlocal logged_in
+        logged_in = page.evaluate(
+            "() => Array.from(document.querySelectorAll('a'))"
+            ".some(a => a.textContent.includes('Logout'))"
+        )
+
+    def login_action(page):
+        nonlocal login_error
+        try:
+            page.fill(
+                'input[name="handleOrEmail"]',
+                credentials.get("username", ""),
+            )
+            page.fill(
+                'input[name="password"]',
+                credentials.get("password", ""),
+            )
+            page.locator('#enterForm input[type="submit"]').click()
+            page.wait_for_url(
+                lambda url: "/enter" not in url, timeout=BROWSER_NAV_TIMEOUT
+            )
+        except Exception as e:
+            login_error = str(e)
+
+    try:
+        with StealthySession(
+            headless=True,
+            timeout=BROWSER_SESSION_TIMEOUT,
+            google_search=False,
+            cookies=saved_cookies if saved_cookies else [],
+        ) as session:
+            if saved_cookies:
+                print(json.dumps({"status": "checking_login"}), flush=True)
+                session.fetch(
+                    f"{BASE_URL}/",
+                    page_action=check_login,
+                    network_idle=True,
+                )
+
+            if not logged_in:
+                print(json.dumps({"status": "logging_in"}), flush=True)
+                session.fetch(
+                    f"{BASE_URL}/enter",
+                    page_action=login_action,
+                    solve_cloudflare=True,
+                )
+                if login_error:
+                    return LoginResult(
+                        success=False, error=f"Login failed: {login_error}"
+                    )
+
+                session.fetch(
+                    f"{BASE_URL}/",
+                    page_action=check_login,
+                    network_idle=True,
+                )
+                if not logged_in:
+                    return LoginResult(
+                        success=False, error="Login failed (bad credentials?)"
+                    )
+
+            try:
+                browser_cookies = session.context.cookies()
+                cookie_cache.write_text(json.dumps(browser_cookies))
+            except Exception:
+                pass
+
+        return LoginResult(success=True, error="")
+    except Exception as e:
+        return LoginResult(success=False, error=str(e))
+

 def _submit_headless(
    contest_id: str,