fix(codex): correct managed auth checks and browser login completion#490
Open
morluto wants to merge 4 commits into
Open
fix(codex): correct managed auth checks and browser login completion#490morluto wants to merge 4 commits into
morluto wants to merge 4 commits into
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Comment on lines
142
to
148
| try await client.startIfNeeded() | ||
| let result = try await client.request( | ||
| method: "account/read", | ||
| params: ["refreshToken": true], | ||
| params: ["refreshToken": forceRefresh], | ||
| timeout: refreshRequestTimeout | ||
| ) | ||
| if Self.isValidAccountReadResult(result) { |
Contributor
There was a problem hiding this comment.
Bug: The startManagedChatgptLogin method is missing a check for an in-flight inFlightCheckTask, which can cause a race condition and create redundant RPC client connections.
Severity: MEDIUM
Suggested Fix
In startManagedChatgptLogin, add a check to await any inFlightCheckTask before proceeding, similar to how inFlightRefreshTask is handled. This will ensure that only one authentication-related task is active at a time, respecting the established synchronization pattern.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location:
Sources/RepoPrompt/Infrastructure/AI/Providers/Codex/Shared/CodexManagedAuthRecoveryService.swift#L142-L148
Potential issue: The `startManagedChatgptLogin()` method checks for an in-flight
`inFlightRefreshTask` but fails to check for an `inFlightCheckTask`. This can lead to
two simultaneous RPC client connections being created if a user initiates a connection
test (which creates an `inFlightCheckTask`) and then immediately tries to log in. This
race condition violates the intended single-flight pattern for authentication tasks,
leading to resource inefficiency and potential operational issues if the underlying
service has connection limits or rate-limiting.
Did we get this right? 👍 / 👎 to inform future reviews.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #479.
Corrects RepoPrompt's Codex managed-auth state handling so connection checks no longer invalidate otherwise usable sessions, and browser login cannot report success before OAuth actually completes.
Changes
account/read(refreshToken: false)for Test Connection and cached connection-status checks.account/login/completednotification matching the returnedloginId.account/logoutfallback when external authentication is active.User impact
Previously, a user could see this sequence:
401 refresh_token_reused.After this change:
Validation
CodexManagedAuthRecoveryServiceTests: 7 passedPromptContextPreAssemblyServiceTests: 16 passed