feat: use token instead of username and password

[rokam]

Fixes: #13

Summary by CodeRabbit

• New Features

  • Updated README with instructions for retrieving an authentication token for the SunWeg Python library.
  • Shifted authentication method in code samples to use a token instead of username and password.

• Bug Fixes

  • Improved authentication process in the APIHelper class to handle missing credentials more robustly.

• Tests

  • Added new test methods to enhance coverage for token management and authentication scenarios.

[coderabbitai]

Walkthrough

The changes in this pull request involve updates to the README.md, sunweg/api.py, and tests/test_api.py files. The README.md now includes instructions for retrieving an authentication token for the SunWeg Python library, along with modifications to the code sample for token-based authentication. The APIHelper class in sunweg/api.py has been enhanced to support token authentication, including a new method for setting the token. Additionally, new test methods have been added to tests/test_api.py to improve test coverage for the updated authentication functionality.

Changes

File	Change Summary
README.md	Added "Retrieve token" section with instructions for accessing the authentication token; updated code sample for token-based authentication.
sunweg/api.py	Updated APIHelper constructor to accept an optional token parameter; added set_token method; modified authenticate method for improved checks.
tests/test_api.py	Added new test methods: test_initialize_token, test_set_token, and test_authenticate_fail_empty_credentials; fixed indentation in test_error500.

Poem

In the garden of code, a new path we tread,
With tokens in hand, old ways we shed.
The APIHelper now dances with grace,
Authentication's a breeze, a new embrace.
So hop along, friends, let’s celebrate,
For in every change, new wonders await! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (6)

README.md (2)

12-19: Excellent addition of token retrieval instructions.

The new section provides clear, step-by-step instructions for retrieving the authentication token, which is crucial for using the updated API. The inclusion of a screenshot is particularly helpful.

Consider adding information about token expiration and security best practices, such as:

• How long the token is valid for
• Whether users need to refresh the token periodically
• Recommendations for secure token storage

---

Line range hint 1-11: Consider adding a note about the authentication change.

The README has been successfully updated to reflect the new token-based authentication method. However, it might be helpful to explicitly mention this change in the introductory section of the document.

Consider adding a brief note after the introductory paragraph, such as:

**Note:** This library now uses token-based authentication instead of username and password. See the "Retrieve token" section for details on how to obtain your authentication token.

This addition would provide immediate context for the authentication change, especially for users familiar with the previous version.

sunweg/api.py (2)

86-102: LGTM! Consider enhancing the docstring.

The changes to the __init__ method are well-implemented, allowing for both token-based and username/password authentication. The use of str | None type hints for optional parameters is appropriate.

Consider updating the docstring to clarify that either token-based or username/password authentication can be used:

"""
Initialize APIHelper for SunWEG platform.

:param username: username for authentication (optional if using token)
:param password: password for authentication (optional if using token)
:param token: token for authentication (optional if using username/password)
:type username: str | None
:type password: str | None
:type token: str | None
"""

---

Hardcoded Credentials Found in Test Suite

The analysis revealed that tests/test_api.py still contains hardcoded username and password assignments. This practice undermines the introduction of token-based authentication and poses potential security risks.

• tests/test_api.py:
  • Hardcoded username and password assignments detected.

🔗 Analysis chain

Line range hint 1-489: Overall, good implementation with room for minor improvements.

The introduction of token-based authentication alongside the existing username/password method enhances the flexibility of the APIHelper class. The changes are generally well-implemented, with clear docstrings and appropriate type hints.

Consider implementing the suggested improvements to the authentication flow and docstrings to fully leverage the new token-based authentication option.

Ensure thorough testing of the new authentication methods, including:

1. Token-based authentication
2. Username/password authentication
3. Switching between authentication methods
4. Error handling for invalid tokens or credentials

Run the following script to verify the usage of the new token parameter and set_token method:

This script will help identify any places in the codebase where the new token authentication should be used, and also check for any remaining hardcoded credentials that should be replaced with token authentication.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of token authentication in the codebase.

# Test 1: Check for usage of token in APIHelper initialization
echo "Checking for token usage in APIHelper initialization:"
rg --type python "APIHelper\(.*token.*\)" -g '!sunweg/api.py'

# Test 2: Check for usage of set_token method
echo "Checking for usage of set_token method:"
rg --type python "\.set_token\(" -g '!sunweg/api.py'

# Test 3: Check for any remaining hardcoded credentials
echo "Checking for any remaining hardcoded credentials:"
rg --type python "(username|password)\s*=\s*['\"][^'\"]+['\"]" -g '!sunweg/api.py'

Length of output: 617

---

Script:

#!/bin/bash
# Description: Verify the usage of token authentication in the codebase.

# Test 1: Check for usage of token in APIHelper initialization
echo "Checking for token usage in APIHelper initialization:"
rg --type py "APIHelper\(.*token.*\)" --glob '!.git/*' --glob '!sunweg/api.py'

# Test 2: Check for usage of set_token method
echo "Checking for usage of set_token method:"
rg --type py "\.set_token\(" --glob '!.git/*' --glob '!sunweg/api.py'

# Test 3: Check for any remaining hardcoded credentials
echo "Checking for any remaining hardcoded credentials:"
rg --type py "(username|password)\s*=\s*['\"][^'\"]+['\"]" --glob '!.git/*' --glob '!sunweg/api.py'

Length of output: 853

tests/test_api.py (2)

105-109: LGTM: Good test for updating the token

This test correctly verifies that the set_token method of APIHelper works as expected. It aligns well with the PR objective of using a token for authentication.

Consider adding test cases for setting an empty token or an invalid token to ensure robust error handling.

---

120-123: LGTM with suggestions: Good test for authentication failure

This test correctly verifies that authentication fails when both username and password are None. However, consider the following improvements:

1. Rename the test to test_authenticate_fail_none_credentials for clarity, as it's testing None values rather than empty strings.
2. Add a separate test for empty string credentials:

def test_authenticate_fail_empty_string_credentials(self) -> None:
    """Test authentication failed with empty string credentials."""
    api = APIHelper("", "")
    assert not api.authenticate()

3. Consider adding a test for authentication with a token to align with the PR objective:

def test_authenticate_with_token(self) -> None:
    """Test authentication with a token."""
    api = APIHelper(token="valid_token")
    assert api.authenticate()

These additions will provide more comprehensive coverage of the authentication process.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 94c9357 and be1b8fc.

⛔ Files ignored due to path filters (1)

• img/image.png is excluded by !**/*.png

📒 Files selected for processing (3)

• README.md (1 hunks)
• sunweg/api.py (2 hunks)
• tests/test_api.py (2 hunks)

🔇 Additional comments (4)

README.md (1)

25-25: Code sample successfully updated to use token authentication.

The APIHelper instantiation has been correctly modified to use the new token-based authentication method. This change aligns with the new instructions provided in the "Retrieve token" section.

sunweg/api.py (1)

107-115: LGTM! Well-implemented token setter.

The set_token method is a good addition, allowing for token updates without reinitializing the APIHelper object. The docstring is clear and consistent with the class's documentation style.

tests/test_api.py (2)

100-103: LGTM: Good test for token initialization

This test correctly verifies that the APIHelper can be initialized with a token. It aligns well with the PR objective of using a token instead of username and password for authentication.

---

Line range hint 100-123: Overall assessment: Good additions to test suite

The new test methods (test_initialize_token, test_set_token, and test_authenticate_fail_empty_credentials) are valuable additions to the test suite. They align well with the PR objective of using a token instead of username and password for authentication.

The tests cover important scenarios such as token initialization, token updating, and authentication failure with empty credentials. The suggestions provided in the individual comments will help to further improve the clarity and coverage of these tests.

Great job on expanding the test coverage for the APIHelper class!