Skip to content

Comments

Perf improvements#1196

Merged
jayhack merged 1 commit intodevelopfrom
jay/perf-improvements
Aug 15, 2025
Merged

Perf improvements#1196
jayhack merged 1 commit intodevelopfrom
jay/perf-improvements

Conversation

@jayhack
Copy link
Contributor

@jayhack jayhack commented Aug 15, 2025

Motivation

Content

Testing

Please check the following before marking your PR as ready for review

  • I have added tests for my changes
  • I have updated the documentation or added new documentation as needed

@jayhack jayhack requested review from a team and codegen-team as code owners August 15, 2025 02:11
@codecov
Copy link

codecov bot commented Aug 15, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 17.75148% with 139 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
src/codegen/cli/auth/token_manager.py 24.44% 68 Missing ⚠️
src/codegen/cli/commands/profile/main.py 1.75% 56 Missing ⚠️
src/codegen/cli/utils/org.py 35.00% 13 Missing ⚠️
src/codegen/cli/auth/login.py 0.00% 2 Missing ⚠️

@jayhack jayhack merged commit 2bf8b6d into develop Aug 15, 2025
18 checks passed
@jayhack jayhack deleted the jay/perf-improvements branch August 15, 2025 02:12
codegen-sh[bot]
codegen-sh bot reviewed Aug 15, 2025
View reviewed changes
src/codegen/cli/auth/token_manager.py
"""Store the token locally."""
self.save_token(token)
"""Store the token locally and fetch organization info."""
self.save_token_with_org_info(token)
Copy link
Contributor

@codegen-sh codegen-sh bot Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security issue: Token is stored without validation
authenticate_token no longer verifies that the supplied token is active, so revoked or invalid tokens will be persisted.

Suggested change
self.save_token_with_org_info(token)
# Validate token before saving
identity = RestAPI(token).identify()
if not identity or identity.auth_context.status != "active":
raise AuthError("API token is invalid or inactive.")
# Save once validation succeeds
self.save_token_with_org_info(token)

codegen-sh[bot]
codegen-sh bot reviewed Aug 15, 2025
View reviewed changes
src/codegen/cli/auth/token_manager.py
return None
return None

def get_org_name(self) -> str | None:
Copy link
Contributor

@codegen-sh codegen-sh bot Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logic bug: get_current_token falls back to uncached get_token() but ignores cache invalidation
If an exception occurs, the global cache remains stale and may serve invalid data on subsequent calls.

Suggested change
def get_org_name(self) -> str | None:
except Exception:
_token_cache = None
_cache_mtime = None
# Fall back to uncached read
token_manager = TokenManager()
return token_manager.get_token()

@codegen-sh
Copy link
Contributor

codegen-sh bot commented Aug 15, 2025

Found 2 issues. Please review my inline comments above.

🔍 View my analysis

@github-actions
Copy link
Contributor

github-actions bot commented Aug 18, 2025

🎉 This PR is included in version 0.56.4 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@codegen-sh codegen-sh[bot] codegen-sh[bot] left review comments

+1 more reviewer

@codegen-team codegen-team codegen-team approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jayhack @codegen-team