From b5b612c61fb8e98e152bf2d1ea27e8393a25affe Mon Sep 17 00:00:00 2001 From: zhaojunchang Date: Thu, 16 Apr 2026 20:58:50 +0800 Subject: [PATCH 1/3] feat(auth): improve login scope handling and messages - Add AuthorizedUser message to display current authorized account - Update scope mismatch message wording to be more accurate - Reorganize login success output to show scope issues first - Remove redundant success message when scope issues exist --- cmd/auth/login_messages.go | 11 +++++++---- cmd/auth/login_messages_test.go | 6 ++++++ cmd/auth/login_result.go | 8 ++++---- cmd/auth/login_test.go | 12 ++++++------ 4 files changed, 23 insertions(+), 14 deletions(-) diff --git a/cmd/auth/login_messages.go b/cmd/auth/login_messages.go index 9de3361d8..bc233734c 100644 --- a/cmd/auth/login_messages.go +++ b/cmd/auth/login_messages.go @@ -24,6 +24,7 @@ type loginMsg struct { WaitingAuth string AuthSuccess string LoginSuccess string + AuthorizedUser string ScopeMismatch string ScopeHint string RequestedScopes string @@ -58,9 +59,10 @@ var loginMsgZh = &loginMsg{ OpenURL: "在浏览器中打开以下链接进行认证:\n\n", WaitingAuth: "等待用户授权...", - AuthSuccess: "授权成功,正在获取用户信息...", + AuthSuccess: "授权已完成,正在获取用户信息并校验授权结果...", LoginSuccess: "登录成功! 用户: %s (%s)", - ScopeMismatch: "授权完成,但以下请求 scopes 未被授予: %s", + AuthorizedUser: "当前授权账号: %s (%s)", + ScopeMismatch: "授权结果异常:以下请求 scopes 未被授予: %s", ScopeHint: "以上结果是本次授权请求用户最终确认后的结果,请勿持续重试;Scopes 未授予的原因是多样的,如 scope 被禁用;具体原因已通过授权页提示用户。可执行 `lark-cli auth status` 查看账号当前已授予的全部 scopes;", RequestedScopes: " 本次请求 scopes: %s\n", NewlyGrantedScopes: " 本次新授予 scopes: %s\n", @@ -93,9 +95,10 @@ var loginMsgEn = &loginMsg{ OpenURL: "Open this URL in your browser to authenticate:\n\n", WaitingAuth: "Waiting for user authorization...", - AuthSuccess: "Authorization successful, fetching user info...", + AuthSuccess: "Authorization completed, fetching user info and validating granted scopes...", LoginSuccess: "Login successful! User: %s (%s)", - ScopeMismatch: "authorization completed, but these requested scopes were not granted: %s", + AuthorizedUser: "Authorized account: %s (%s)", + ScopeMismatch: "authorization result is abnormal: these requested scopes were not granted: %s", ScopeHint: "The result above is the user's final confirmation for this authorization request. Do not retry continuously. Scopes may be not granted for various reasons, such as a scope being disabled. The specific reason has already been shown to the user on the authorization page. Run `lark-cli auth status` to inspect all scopes currently granted to the account.", RequestedScopes: " Requested scopes: %s\n", NewlyGrantedScopes: " Newly granted scopes: %s\n", diff --git a/cmd/auth/login_messages_test.go b/cmd/auth/login_messages_test.go index f0c8808b7..558876edb 100644 --- a/cmd/auth/login_messages_test.go +++ b/cmd/auth/login_messages_test.go @@ -69,6 +69,12 @@ func TestLoginMsg_FormatStrings(t *testing.T) { t.Errorf("%s LoginSuccess has no format verb", lang) } + // AuthorizedUser should contain two %s placeholders (userName, openId) + got = fmt.Sprintf(msg.AuthorizedUser, "testuser", "ou_123") + if got == msg.AuthorizedUser { + t.Errorf("%s AuthorizedUser has no format verb", lang) + } + // SummaryDomains should contain %s got = fmt.Sprintf(msg.SummaryDomains, "calendar, task") if got == msg.SummaryDomains { diff --git a/cmd/auth/login_result.go b/cmd/auth/login_result.go index 0d1a3b46c..3e649579d 100644 --- a/cmd/auth/login_result.go +++ b/cmd/auth/login_result.go @@ -190,11 +190,11 @@ func handleLoginScopeIssue(opts *LoginOptions, msg *loginMsg, f *cmdutil.Factory fmt.Fprintln(f.IOStreams.ErrOut) if loginSucceeded { - output.PrintSuccess(f.IOStreams.ErrOut, fmt.Sprintf(msg.LoginSuccess, userName, openId)) - } else { fmt.Fprintln(f.IOStreams.ErrOut, issue.Message) - } - if loginSucceeded { + if msg.AuthorizedUser != "" { + fmt.Fprintf(f.IOStreams.ErrOut, "%s\n", fmt.Sprintf(msg.AuthorizedUser, userName, openId)) + } + } else { fmt.Fprintln(f.IOStreams.ErrOut, issue.Message) } writeLoginScopeBreakdown(f.IOStreams, msg, issue.Summary) diff --git a/cmd/auth/login_test.go b/cmd/auth/login_test.go index 8a20f9e0e..01bc85fc8 100644 --- a/cmd/auth/login_test.go +++ b/cmd/auth/login_test.go @@ -363,7 +363,7 @@ func TestWriteLoginSuccess_JSONIncludesScopeDiff(t *testing.T) { func TestHandleLoginScopeIssue_NonJSONAlignsWithLoginSuccess(t *testing.T) { f, _, stderr, _ := cmdutil.TestFactory(t, nil) err := handleLoginScopeIssue(&LoginOptions{}, getLoginMsg("zh"), f, &loginScopeIssue{ - Message: "授权完成,但以下请求 scopes 未被授予: im:message:send", + Message: "授权结果异常:以下请求 scopes 未被授予: im:message:send", Hint: "以上结果是本次授权请求用户最终确认后的结果,请勿持续重试;Scopes 未授予的原因是多样的,如 scope 被禁用;具体原因已通过授权页提示用户。可执行 `lark-cli auth status` 查看账号当前已授予的全部 scopes;", Summary: &loginScopeSummary{ Requested: []string{"im:message:send"}, @@ -376,8 +376,8 @@ func TestHandleLoginScopeIssue_NonJSONAlignsWithLoginSuccess(t *testing.T) { } got := stderr.String() for _, want := range []string{ - "OK: 登录成功! 用户: tester (ou_user)", - "授权完成,但以下请求 scopes 未被授予: im:message:send", + "授权结果异常:以下请求 scopes 未被授予: im:message:send", + "当前授权账号: tester (ou_user)", "本次请求 scopes: im:message:send", "本次新授予 scopes: (空)", "本次未授予 scopes: im:message:send", @@ -392,15 +392,15 @@ func TestHandleLoginScopeIssue_NonJSONAlignsWithLoginSuccess(t *testing.T) { if strings.Contains(got, "最终已授权 scopes:") { t.Fatalf("stderr should not contain final granted scopes, got:\n%s", got) } - if strings.Contains(got, "ERROR:") { - t.Fatalf("stderr should not contain error prefix, got:\n%s", got) + if strings.Contains(got, "登录成功") { + t.Fatalf("stderr should not contain success wording, got:\n%s", got) } } func TestHandleLoginScopeIssue_JSONAlignsWithLoginSuccess(t *testing.T) { f, stdout, _, _ := cmdutil.TestFactory(t, nil) err := handleLoginScopeIssue(&LoginOptions{JSON: true}, getLoginMsg("en"), f, &loginScopeIssue{ - Message: "authorization completed, but these requested scopes were not granted: im:message:send", + Message: "authorization result is abnormal: these requested scopes were not granted: im:message:send", Hint: "Granted scopes: base:app:copy. Check app scopes.", Summary: &loginScopeSummary{ Requested: []string{"im:message:send"}, From 2e04c14ce3c76c19ba2fde32679614a178a61914 Mon Sep 17 00:00:00 2001 From: zhaojunchang Date: Thu, 16 Apr 2026 22:49:40 +0800 Subject: [PATCH 2/3] fix(auth): update login success message wording from "login" to "authorization" Update both Chinese and English login success messages to use "authorization" instead of "login" for consistency with the authentication flow. Also update corresponding test cases to match the new wording. --- cmd/auth/login_messages.go | 4 ++-- cmd/auth/login_test.go | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/auth/login_messages.go b/cmd/auth/login_messages.go index bc233734c..2fe0ebb76 100644 --- a/cmd/auth/login_messages.go +++ b/cmd/auth/login_messages.go @@ -60,7 +60,7 @@ var loginMsgZh = &loginMsg{ OpenURL: "在浏览器中打开以下链接进行认证:\n\n", WaitingAuth: "等待用户授权...", AuthSuccess: "授权已完成,正在获取用户信息并校验授权结果...", - LoginSuccess: "登录成功! 用户: %s (%s)", + LoginSuccess: "授权成功! 用户: %s (%s)", AuthorizedUser: "当前授权账号: %s (%s)", ScopeMismatch: "授权结果异常:以下请求 scopes 未被授予: %s", ScopeHint: "以上结果是本次授权请求用户最终确认后的结果,请勿持续重试;Scopes 未授予的原因是多样的,如 scope 被禁用;具体原因已通过授权页提示用户。可执行 `lark-cli auth status` 查看账号当前已授予的全部 scopes;", @@ -96,7 +96,7 @@ var loginMsgEn = &loginMsg{ OpenURL: "Open this URL in your browser to authenticate:\n\n", WaitingAuth: "Waiting for user authorization...", AuthSuccess: "Authorization completed, fetching user info and validating granted scopes...", - LoginSuccess: "Login successful! User: %s (%s)", + LoginSuccess: "Authorization successful! User: %s (%s)", AuthorizedUser: "Authorized account: %s (%s)", ScopeMismatch: "authorization result is abnormal: these requested scopes were not granted: %s", ScopeHint: "The result above is the user's final confirmation for this authorization request. Do not retry continuously. Scopes may be not granted for various reasons, such as a scope being disabled. The specific reason has already been shown to the user on the authorization page. Run `lark-cli auth status` to inspect all scopes currently granted to the account.", diff --git a/cmd/auth/login_test.go b/cmd/auth/login_test.go index 01bc85fc8..fa4284fb3 100644 --- a/cmd/auth/login_test.go +++ b/cmd/auth/login_test.go @@ -392,7 +392,7 @@ func TestHandleLoginScopeIssue_NonJSONAlignsWithLoginSuccess(t *testing.T) { if strings.Contains(got, "最终已授权 scopes:") { t.Fatalf("stderr should not contain final granted scopes, got:\n%s", got) } - if strings.Contains(got, "登录成功") { + if strings.Contains(got, "授权成功") { t.Fatalf("stderr should not contain success wording, got:\n%s", got) } } @@ -469,7 +469,7 @@ func TestWriteLoginSuccess_TextOutputScenarios(t *testing.T) { Granted: []string{"im:message:send", "im:message:reply"}, }, expectedPresent: []string{ - "登录成功! 用户: tester (ou_user)", + "授权成功! 用户: tester (ou_user)", "本次请求 scopes: im:message:send im:message:reply", "本次新授予 scopes: im:message:send", "本次未授予 scopes: (空)", @@ -619,7 +619,7 @@ func TestAuthLoginRun_MissingRequestedScopeAlignsWithLoginSuccess(t *testing.T) } got := stderr.String() for _, want := range []string{ - "OK: 登录成功! 用户: tester (ou_user)", + "OK: 授权成功! 用户: tester (ou_user)", "授权完成,但以下请求 scopes 未被授予: im:message:send", "本次请求 scopes: im:message:send", "本次未授予 scopes: im:message:send", @@ -743,7 +743,7 @@ func TestAuthLoginRun_DeviceCodeUsesCachedRequestedScopes(t *testing.T) { } got := stderr.String() for _, want := range []string{ - "OK: 登录成功! 用户: tester (ou_user)", + "OK: 授权成功! 用户: tester (ou_user)", "本次请求 scopes: im:message:send", "本次新授予 scopes: im:message:send", "可执行 `lark-cli auth status` 查看账号当前已授予的全部 scopes;", @@ -771,7 +771,7 @@ func TestWriteLoginSuccess_TextOutputEnglishIncludesStatusHintWhenNoMissingScope got := stderr.String() for _, want := range []string{ - "Login successful! User: tester (ou_user)", + "Authorization successful! User: tester (ou_user)", "Requested scopes: im:message:send", "Newly granted scopes: im:message:send", "Not granted scopes: (none)", From d424367394803da577f8828af48f0894efc80ef8 Mon Sep 17 00:00:00 2001 From: zhaojunchang Date: Fri, 17 Apr 2026 11:04:19 +0800 Subject: [PATCH 3/3] test(auth): update login test for missing scope case Update test assertions to verify correct error messages when requested scopes are not granted. Remove checks for success message in this scenario. --- cmd/auth/login_test.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cmd/auth/login_test.go b/cmd/auth/login_test.go index fa4284fb3..e110c7903 100644 --- a/cmd/auth/login_test.go +++ b/cmd/auth/login_test.go @@ -619,8 +619,8 @@ func TestAuthLoginRun_MissingRequestedScopeAlignsWithLoginSuccess(t *testing.T) } got := stderr.String() for _, want := range []string{ - "OK: 授权成功! 用户: tester (ou_user)", - "授权完成,但以下请求 scopes 未被授予: im:message:send", + "授权结果异常:以下请求 scopes 未被授予: im:message:send", + "当前授权账号: tester (ou_user)", "本次请求 scopes: im:message:send", "本次未授予 scopes: im:message:send", "以上结果是本次授权请求用户最终确认后的结果,请勿持续重试", @@ -634,6 +634,9 @@ func TestAuthLoginRun_MissingRequestedScopeAlignsWithLoginSuccess(t *testing.T) if strings.Contains(got, "最终已授权 scopes:") { t.Fatalf("stderr should not contain final granted scopes, got:\n%s", got) } + if strings.Contains(got, "OK: 授权成功") { + t.Fatalf("stderr should not contain success prefix when scopes are missing, got:\n%s", got) + } if strings.Contains(got, "ERROR:") { t.Fatalf("stderr should not contain error prefix, got:\n%s", got) }