From 73f068c54aa7142808a4b0809535f5c3683c93c9 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Thu, 19 Jan 2023 15:40:41 -0500
Subject: [PATCH] failing token invites fail with 401; display a hint about
 --token in the cli error message (#172)

---
 cmd/zrok/invite.go                            |  1 +
 controller/invite.go                          |  2 +-
 rest_client_zrok/account/invite_responses.go  | 57 +++++++++++++++++++
 rest_server_zrok/embedded_spec.go             |  6 ++
 .../operations/account/invite_responses.go    | 25 ++++++++
 specs/zrok.yml                                |  2 +
 6 files changed, 92 insertions(+), 1 deletion(-)

diff --git a/cmd/zrok/invite.go b/cmd/zrok/invite.go
index 86639216..424f32b4 100644
--- a/cmd/zrok/invite.go
+++ b/cmd/zrok/invite.go
@@ -83,6 +83,7 @@ func (cmd *inviteCommand) run(_ *cobra.Command, _ []string) {
 func (cmd *inviteCommand) endpointError(apiEndpoint, _ string) {
 	fmt.Printf("%v\n\n", tui.SeriousBusiness.Render("there was a problem creating an invitation!"))
 	fmt.Printf("you are trying to use the zrok service at: %v\n\n", tui.Code.Render(apiEndpoint))
+	fmt.Printf("%v\n\n", tui.Attention.Render("should you be using a --token? check with your instance administrator!"))
 	fmt.Printf("you can change your zrok service endpoint using this command:\n\n")
 	fmt.Printf("%v\n\n", tui.Code.Render("$ zrok config set apiEndpoint <newEndpoint>"))
 	fmt.Printf("(where newEndpoint is something like: %v)\n\n", tui.Code.Render("https://some.zrok.io"))
diff --git a/controller/invite.go b/controller/invite.go
index dd4c9fa1..dcadb766 100644
--- a/controller/invite.go
+++ b/controller/invite.go
@@ -41,7 +41,7 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
 		inviteToken, err := str.GetInviteTokenByToken(params.Body.Token, tx)
 		if err != nil {
 			logrus.Errorf("cannot get invite token '%v' for '%v': %v", params.Body.Token, params.Body.Email, err)
-			return account.NewInviteBadRequest()
+			return account.NewInviteUnauthorized()
 		}
 		if err := str.DeleteInviteToken(inviteToken.Id, tx); err != nil {
 			logrus.Error(err)
diff --git a/rest_client_zrok/account/invite_responses.go b/rest_client_zrok/account/invite_responses.go
index a54a05e3..53a68299 100644
--- a/rest_client_zrok/account/invite_responses.go
+++ b/rest_client_zrok/account/invite_responses.go
@@ -32,6 +32,12 @@ func (o *InviteReader) ReadResponse(response runtime.ClientResponse, consumer ru
 			return nil, err
 		}
 		return nil, result
+	case 401:
+		result := NewInviteUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
 	case 500:
 		result := NewInviteInternalServerError()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
@@ -145,6 +151,57 @@ func (o *InviteBadRequest) readResponse(response runtime.ClientResponse, consume
 	return nil
 }
 
+// NewInviteUnauthorized creates a InviteUnauthorized with default headers values
+func NewInviteUnauthorized() *InviteUnauthorized {
+	return &InviteUnauthorized{}
+}
+
+/*
+InviteUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type InviteUnauthorized struct {
+}
+
+// IsSuccess returns true when this invite unauthorized response has a 2xx status code
+func (o *InviteUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this invite unauthorized response has a 3xx status code
+func (o *InviteUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this invite unauthorized response has a 4xx status code
+func (o *InviteUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this invite unauthorized response has a 5xx status code
+func (o *InviteUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this invite unauthorized response a status code equal to that given
+func (o *InviteUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+func (o *InviteUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /invite][%d] inviteUnauthorized ", 401)
+}
+
+func (o *InviteUnauthorized) String() string {
+	return fmt.Sprintf("[POST /invite][%d] inviteUnauthorized ", 401)
+}
+
+func (o *InviteUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
 // NewInviteInternalServerError creates a InviteInternalServerError with default headers values
 func NewInviteInternalServerError() *InviteInternalServerError {
 	return &InviteInternalServerError{}
diff --git a/rest_server_zrok/embedded_spec.go b/rest_server_zrok/embedded_spec.go
index 38df9433..5c755e24 100644
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@@ -425,6 +425,9 @@ func init() {
           "400": {
             "description": "invitation not created (already exists)"
           },
+          "401": {
+            "description": "unauthorized"
+          },
           "500": {
             "description": "internal server error"
           }
@@ -1596,6 +1599,9 @@ func init() {
           "400": {
             "description": "invitation not created (already exists)"
           },
+          "401": {
+            "description": "unauthorized"
+          },
           "500": {
             "description": "internal server error"
           }
diff --git a/rest_server_zrok/operations/account/invite_responses.go b/rest_server_zrok/operations/account/invite_responses.go
index 03f919f5..8fa0c503 100644
--- a/rest_server_zrok/operations/account/invite_responses.go
+++ b/rest_server_zrok/operations/account/invite_responses.go
@@ -61,6 +61,31 @@ func (o *InviteBadRequest) WriteResponse(rw http.ResponseWriter, producer runtim
 	rw.WriteHeader(400)
 }
 
+// InviteUnauthorizedCode is the HTTP code returned for type InviteUnauthorized
+const InviteUnauthorizedCode int = 401
+
+/*
+InviteUnauthorized unauthorized
+
+swagger:response inviteUnauthorized
+*/
+type InviteUnauthorized struct {
+}
+
+// NewInviteUnauthorized creates InviteUnauthorized with default headers values
+func NewInviteUnauthorized() *InviteUnauthorized {
+
+	return &InviteUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *InviteUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
 // InviteInternalServerErrorCode is the HTTP code returned for type InviteInternalServerError
 const InviteInternalServerErrorCode int = 500
 
diff --git a/specs/zrok.yml b/specs/zrok.yml
index d24e24cb..0cde4b2b 100644
--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@@ -30,6 +30,8 @@ paths:
           description: invitation created
         400:
           description: invitation not created (already exists)
+        401:
+          description: unauthorized
         500:
           description: internal server error