fix(auth): propagate error when token directory cannot be created#542
fix(auth): propagate error when token directory cannot be created#542dumko2001 wants to merge 3 commits intogoogleworkspace:mainfrom
Conversation
🦋 Changeset detectedLatest commit: 3565fc6 The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the robustness of the authentication system by addressing a critical flaw where failures in creating the token storage directory were previously ignored. By explicitly propagating these I/O errors, the system now provides clearer feedback on credential persistence issues, improving reliability and preventing confusing authentication behavior. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly propagates an error that was previously ignored when creating the token storage directory. My review identifies a similar issue where an error from setting directory permissions is also ignored, which could lead to a security risk. I've suggested a fix to make the error handling in this function fully robust.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly addresses an issue where errors during the creation of the token storage directory were silently ignored. The change ensures that any I/O error is now properly propagated, which is a great improvement. The implementation is correct and robust.
As a note for future improvement, I observed a related pattern on line 95 where the result of std::fs::set_permissions is ignored. This could lead to the token directory having insecure permissions. To improve robustness, this error should also be propagated. Since this is outside the direct changes of this PR, it can be addressed in a follow-up to avoid scope creep.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly addresses an issue where an I/O error was silently ignored when creating the token directory. The change now properly propagates the error, improving the robustness of the authentication flow. I've added one comment regarding sanitizing the path in the new error message to prevent potential terminal escape sequence injection, which is a good practice for security.
… fail Previously, failures to create the token directory or set its permissions were silently ignored using 'let _ = ...'. This could lead to confusing errors later or security issues if permissions were left insecure. Now properly propagates errors from: - tokio::fs::create_dir_all() - std::fs::set_permissions() (on Unix) Also sanitizes the path in error messages to prevent terminal escape sequence injection, aligned with codebase security practices.
dumko2001
force-pushed
the
fix/issue-493-token-dir-error-v2
branch
from
ec2b687 to
1d237ed
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly addresses an issue where errors during the creation of the token storage directory were silently ignored. By propagating these I/O errors, the change improves the robustness and debuggability of the authentication flow. My review includes one suggestion to avoid using a blocking I/O call within an async context, which can improve performance and prevent potential deadlocks.
…sync runtime Following the reviewer suggestion, std::fs::set_permissions is now executed via tokio::task::spawn_blocking to avoid potentially blocking the async runtime thread, which can cause performance issues or deadlocks under load.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request successfully addresses the issue of silently ignoring errors during token directory creation by properly propagating them. The change to handle blocking I/O for setting permissions in an async context is also correct. My review includes a suggestion to further improve the implementation by using Tokio's native async function, which simplifies the code and is more idiomatic.
Simplifies the code by using Tokio's native async set_permissions, removing the need for manual thread spawning.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly addresses an issue where errors during the creation of the token storage directory were silently ignored. The changes ensure that I/O errors from creating the directory and setting its permissions are properly propagated. Additionally, the pull request improves the code by replacing a blocking synchronous file system call (std::fs::set_permissions) with its asynchronous equivalent (tokio::fs::set_permissions), which is appropriate for the async context. The changes are well-implemented and enhance the robustness and correctness of the authentication flow.
2 participants
Description
Previously, errors encountered during the creation of the token storage directory were silently discarded. This could lead to confusing behavior where authentication appears to succeed but credentials are not persisted to disk. This PR ensures that IO errors during directory creation are properly propagated.
Fixes #493
Checklist:
AGENTS.mdguidelines (no generatedgoogle-*crates).cargo fmt --allto format the code perfectly.cargo clippy -- -D warningsand resolved all warnings.pnpx changeset) to document my changes.