CVGreeter/welcome-to-codevalet-as-a-contributor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rewrite onboarding prose to a neutral voice

Browse Source
This commit is contained in:
FanaticPythoner (Nathan Trudeau)
2026-04-26 12:26:19 -04:00
parent a591cd21f2
commit e27c8a2bd6
16 changed files with 69 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
scripts/forge_auth.py
View File

@@ -282,11 +282,12 @@ def _http_post_form(
def discover_endpoints(config: ForgeAuthConfig) -> dict[str, str]:
"""Call Gitea's ``/.well-known/openid-configuration`` and return the
three endpoints we care about, validated against the issuer.
three required endpoints, validated against the issuer.
"""
url = f"{config.gitea_base_url}/.well-known/openid-configuration"
payload = _http_get_json(url, insecure_tls=config.insecure_tls)
issuer = payload.get("issuer")
if not isinstance(issuer, str) or issuer.rstrip("/") != config.gitea_base_url.rstrip("/"):
raise AuthError(
f"OIDC discovery issuer {issuer!r} does not match "
@@ -401,7 +402,7 @@ class _CallbackHandler(BaseHTTPRequestHandler):
self.send_header("Content-Type", "text/html; charset=utf-8")
self.end_headers()
self.wfile.write(
b"<html><body><h1>Login failed</h1><p>You can close this window.</p></body></html>"
b"<html><body><h1>Login failed</h1><p>Window close is safe.</p></body></html>"
)
server.result_queue.put(
_build_authorize_error(
@@ -426,7 +427,7 @@ class _CallbackHandler(BaseHTTPRequestHandler):
self.wfile.write(
b"<html><body style='font-family:sans-serif'>"
b"<h1>Login complete.</h1>"
b"<p>You can close this window and return to your terminal.</p>"
b"<p>Window close is safe. Terminal focus can resume.</p>"
b"</body></html>"
)
server.result_queue.put((code, state))
@@ -471,7 +472,7 @@ def _build_authorize_error(
gitea_base_url : str
Base URL of the Gitea server. Used to build the user-settings
URL in the remediation message. Empty string yields a
``<your-gitea-url>`` placeholder.
``<gitea-base-url>`` placeholder.
client_id : str, optional
OAuth client id requesting the authorization. Surfaced in the
"different scope" message to disambiguate the grant row in
@@ -493,7 +494,7 @@ def _build_authorize_error(
settings_url = (
f"{base}/user/settings/applications"
if base
else "<your-gitea-url>/user/settings/applications"
else "<gitea-base-url>/user/settings/applications"
)
if "different scope" in low or ("scope" in low and "grant" in low):
@@ -554,8 +555,8 @@ def wait_for_callback(
except OSError as exc:
raise AuthError(
f"cannot bind loopback server on {host}:{port}: {exc}. "
f"Is another 'just login' still running? "
f"If port {port} is held by an unrelated process, override "
f"Another 'just login' instance may still be running. "
f"If port {port} is held by an unrelated process, set "
f"FSDGG_CLI_REDIRECT_URI in .env (note: the port must match "
f"the OAuth app registered in Gitea)."
) from exc
@@ -566,7 +567,7 @@ def wait_for_callback(
except Exception as exc:
raise AuthError(
f"timed out after {int(timeout_seconds)}s waiting for OAuth "
f"callback. Did you complete the browser login?"
f"callback. Browser login completion was not detected."
) from exc
finally:
server.server_close()
@@ -763,18 +764,17 @@ def _print_headless_guidance(auth_url: str, redirect) -> None:
]
if in_ssh:
lines += [
f"{info_tag} this process is running inside an SSH session. From the",
" machine where you will open the browser, run:",
f"{info_tag} SSH session detected. From the browser-side machine run:",
"",
f" ssh -L {cb_port}:127.0.0.1:{cb_port} {user}@{hostname}",
"",
" and paste the URL above into THAT machine's browser.",
" Paste the URL above into that machine's browser.",
"",
]
else:
lines += [
f"{info_tag} if this machine is remote, from the machine with the",
" browser run (before pasting the URL):",
f"{info_tag} Remote-host case: from the browser-side machine run",
" the following command before pasting the URL:",
"",
f" ssh -L {cb_port}:127.0.0.1:{cb_port} {user}@{hostname}",
"",
@@ -825,8 +825,8 @@ def run_login(
if print_authorize_url:
if open_browser:
cli_info(
f"open this URL in your browser if it does not open "
f"automatically:\n {auth_url}"
f"authorization URL (fallback when automatic browser open fails):\n"
f" {auth_url}"
)
else:
_print_headless_guidance(auth_url, redirect)
@@ -882,7 +882,7 @@ def run_login(
f"'{config.expected_username}'. The stored auth file has "
"NOT been updated.\n"
" To fix:\n"
f" 1. Sign out of Gitea in your browser: {logout_url}\n"
f" 1. Sign out of Gitea in the browser: {logout_url}\n"
f" 2. Sign back in as '{config.expected_username}'\n"
" 3. Re-run 'just login'"
)
@@ -905,8 +905,7 @@ def run_refresh(config: ForgeAuthConfig, *, must_refresh: bool = False) -> AuthF
If ``must_refresh`` is False and the access token is still live,
this is a no-op. If refresh fails, raises ``AuthError`` (the
credential helper surfaces this to git as "fall through to prompt",
and the CLI ``just refresh`` surfaces it with an instruction to
re-run ``just login``).
and the CLI ``just refresh`` surfaces the failure to stderr).
"""
store = auth_store_path()
existing = AuthFile.read(store)
@@ -934,7 +933,7 @@ def run_refresh(config: ForgeAuthConfig, *, must_refresh: bool = False) -> AuthF
def run_logout() -> Path | None:
"""Remove every codevalet-managed field from the auth file.
If the file only ever held our fields, delete it entirely. If the
If the file only ever held repo-managed fields, delete it entirely. If the
gateway has already populated its own fields (access_token etc.),
wipe only the Gitea + welcome-repo keys and leave the rest.
"""