feat(auth): add named profile support for multiple Google accounts#612
feat(auth): add named profile support for multiple Google accounts#612joeVenner wants to merge 2 commits intogoogleworkspace:mainfrom
Conversation
🦋 Changeset detectedLatest commit: 356da68 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for named profiles, allowing users to manage multiple Google accounts with separate credentials and token caches. It adds gws auth profile subcommands (list, show, create, switch, delete) and a global --profile flag. Existing single-account installations are migrated to a default profile. However, there are two critical issues: the manual argument parsing for the global --profile flag is brittle and can lead to incorrect command parsing, and the timezone caching mechanism (read_cache, write_cache, resolve_account_timezone) has not been updated to be profile-aware, which could cause incorrect timezone usage across profiles.
|
/gemini review |
jpoehnelt
added
the
do not merge
|
I cannot merge this at this time, I will leave open for others to see the fork. Sorry! |
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
@jpoehnelt Thanks for the quick feedback ser! Can I know why we can't merge it ? if possible for sure (^-^) |
|
I will add this feature if and when allowed. There is nothing specific to the code here or underlying APIs blocking it. |
|
|
Add subcommands (list, show, create, switch, delete) and a global flag so users can authenticate multiple Google accounts without re-authenticating. Each profile gets its own encrypted credentials, token cache, and AES-256-GCM encryption key under ~/.config/gws/profiles/<name>/. Existing single-account installs are automatically migrated to the default profile on first use. Profile resolution priority: --profile flag > GOOGLE_WORKSPACE_CLI_PROFILE env > active_profile file > default Security: validated profile names (lowercase [a-z0-9_-], max 64 chars, no traversal), per-profile keyring isolation, proactive dir creation (no TOCTOU), tokio::fs in all async paths, profile threaded via function parameters (no env::set_var).
…ware - Validate --profile value is not a flag (prevents --profile --help misparse) - Make cache_path() resolve active profile so read_cache/write_cache operate on the correct profile-specific timezone cache file
joeVenner
force-pushed
the
feat/auth-profiles
branch
from
d4dd78e to
356da68
Compare
2 participants
Summary
gws auth profile list|show|create|switch|delete) and global--profileflag for multi-account authentication~/.config/gws/profiles/<name>/profiles/default/on first use--profileflag >GOOGLE_WORKSPACE_CLI_PROFILEenv var >active_profilefile >"default"fallbackSecurity
ProfileNamenewtype with strict validation: lowercase[a-z0-9_-], no leading-, no./.., max 64 chars, no/\%or control charsgws-cli/<username>/<profile>) for encryption key isolationcreate_dir_all(no check-then-create TOCTOU)active_profilefile contents validated before use as path componenttokio::fsused exclusively in async functions (no blocking I/O)std::env::set_var)active_profilevia tempfile + renameFiles changed
src/profile.rs(new) — centralized profile logic, single source of truthsrc/validate.rs—validate_profile_name()src/credential_store.rs— per-profile encrypt/decrypt + key managementsrc/token_storage.rs— profile-awareEncryptedTokenStoragesrc/auth_commands.rs— profile subcommands + threading through handlerssrc/auth.rs— profile-awareget_token()src/main.rs—--profilearg extraction +mod profilesrc/timezone.rs—invalidate_cache_for_profile().changeset/add-profile-support.mdTest plan
cargo fmt --all— no formatting issuescargo clippy -- -D warnings— zero warningscargo test— all 825 tests pass (including new profile tests)gws auth profile create work && gws auth login --profile workgws auth profile listshows both profilesgws auth profile switch work && gws auth statusshows work profileprofiles/default/