feat: validate credentials on :CP <platform> login (#310)

## Problem `:CP <platform> login` blindly caches username/password without server-side validation. Bad credentials are only discovered at submit time, which is confusing and wastes a browser session. ## Solution Wire `:CP <platform> login` through the scraper pipeline so each platform actually authenticates before persisting credentials. On failure, the user sees an error and nothing is cached. - CSES: reuses `_check_token` (fast path) and `_web_login`; returns API token in `LoginResult.credentials` so subsequent submits skip re-auth. - AtCoder/Codeforces: new `_login_headless` functions open a StealthySession, solve Turnstile/Cloudflare, fill the login form, and validate success by checking for the logout link. Cookies only persist on confirmed login. - CodeChef/Kattis/USACO: return "not yet implemented" errors. - `scraper.lua`: generalizes submit-only guards (`needs_browser` flag) to cover both `submit` and `login` subcommands. - `credentials.lua`: prompts for username/password, passes cached token for CSES fast path, shows ndjson status notifications, only caches on success.
2026-03-05 15:12:09 -05:00 · 2026-03-05 15:12:09 -05:00 · 2c119774df
commit 2c119774df
parent a202725cc5
10 changed files with 356 additions and 108 deletions
--- a/scrapers/cses.py
+++ b/scrapers/cses.py
@ -13,6 +13,7 @@ from .timeouts import HTTP_TIMEOUT, SUBMIT_POLL_TIMEOUT
 from .models import (
    ContestListResult,
    ContestSummary,
+    LoginResult,
    MetadataResult,
    ProblemSummary,
    SubmitResult,
@ -229,6 +230,43 @@ class CSESScraper(BaseScraper):
            )
        return ContestListResult(success=True, error="", contests=cats)

+    async def login(self, credentials: dict[str, str]) -> LoginResult:
+        username = credentials.get("username", "")
+        password = credentials.get("password", "")
+        if not username or not password:
+            return self._login_error("Missing username or password")
+
+        async with httpx.AsyncClient(follow_redirects=True) as client:
+            token = credentials.get("token")
+
+            if token:
+                print(json.dumps({"status": "checking_login"}), flush=True)
+                if await self._check_token(client, token):
+                    return LoginResult(
+                        success=True,
+                        error="",
+                        credentials={
+                            "username": username,
+                            "password": password,
+                            "token": token,
+                        },
+                    )
+
+            print(json.dumps({"status": "logging_in"}), flush=True)
+            token = await self._web_login(client, username, password)
+            if not token:
+                return self._login_error("Login failed (bad credentials?)")
+
+            return LoginResult(
+                success=True,
+                error="",
+                credentials={
+                    "username": username,
+                    "password": password,
+                    "token": token,
+                },
+            )
+
    async def stream_tests_for_category_async(self, category_id: str) -> None:
        async with httpx.AsyncClient(
            limits=httpx.Limits(max_connections=CONNECTIONS)