From e0c6387d4735ddac30b74e782b8b2a488328c228 Mon Sep 17 00:00:00 2001
From: Tim Heurich <theurichde@users.noreply.github.com>
Date: Wed, 8 Nov 2023 17:36:24 +0100
Subject: [PATCH] fix: display locked auth flow error for assume and refresh
 (#154)

fixes #148

Signed-off-by: Tim Heurich <theurichde@users.noreply.github.com>
---
 cmd/go-aws-sso/main.go | 10 ++++++++--
 pkg/sso/aws.go         | 27 ++++++++++++++-------------
 2 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/cmd/go-aws-sso/main.go b/cmd/go-aws-sso/main.go
index a6a7dc7..bfe65ce 100644
--- a/cmd/go-aws-sso/main.go
+++ b/cmd/go-aws-sso/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"log"
 	"os"
 	"strings"
 	"time"
@@ -96,6 +97,7 @@ func main() {
 			Usage:       "Refresh your previously used credentials.",
 			Description: "Refreshes the short living credentials based on your last account and role.",
 			Action: func(context *cli.Context) error {
+				initializeLogger(context)
 				checkMandatoryFlags(context)
 				applyForceFlag(context)
 				oidcApi, ssoApi := InitClients(context.String("region"))
@@ -110,6 +112,7 @@ func main() {
 			Usage:       "Assume directly into an account and SSO role",
 			Description: "Assume directly into an account and SSO role",
 			Action: func(context *cli.Context) error {
+				initializeLogger(context)
 				checkMandatoryFlags(context)
 				applyForceFlag(context)
 				oidcApi, ssoApi := InitClients(context.String("region"))
@@ -242,7 +245,7 @@ func applyForceFlag(context *cli.Context) {
 	if context.Bool("force") {
 		err := os.Remove(ClientInfoFileDestination())
 		if err != nil {
-			zap.S().Infof("Nothing to do, no temporary acces token found")
+			zap.S().Infof("Nothing to do, no temporary access token found")
 		}
 		zap.S().Infof("Removed temporary acces token")
 		err = os.Remove(os.TempDir() + "/go-aws-sso.lock")
@@ -286,7 +289,10 @@ func initializeLogger(context *cli.Context) {
 		zapcore.NewCore(encoder, stdOut, infoLevel),
 		zapcore.NewCore(encoder, stdErr, errorFatalLevel))
 	logger := zap.New(core, options...)
-	logger.Sync()
+	err := logger.Sync()
+	if err != nil {
+		log.Fatalf("Error while initializing logger: %s)", err)
+	}
 	zap.ReplaceGlobals(logger)
 
 	zap.S().Debug("Debug logging enabled")
diff --git a/pkg/sso/aws.go b/pkg/sso/aws.go
index 602e21b..7c5eb24 100644
--- a/pkg/sso/aws.go
+++ b/pkg/sso/aws.go
@@ -25,6 +25,7 @@ import (
 const grantType = "urn:ietf:params:oauth:grant-type:device_code"
 const clientType = "public"
 const clientName = "go-aws-sso"
+const lockedAuthFlowMsg = "There is already an authorization flow running. If you think that is wrong, try using --force"
 
 var AwsRegions = []string{
 	"us-east-2",
@@ -103,23 +104,23 @@ func (ati ClientInformation) isExpired() bool {
 // If the start url is overridden and differs from the previous one, a new Client is registered for the given start url.
 // When the ClientInformation.AccessToken is expired, it starts retrieving a new AccessToken
 func ProcessClientInformation(oidcClient ssooidciface.SSOOIDCAPI, startUrl string) ClientInformation {
+	if isAuthorizationFlowLocked() {
+		zap.S().Fatal(lockedAuthFlowMsg)
+	}
+
 	clientInformation, err := ReadClientInformation(ClientInfoFileDestination())
 	if err != nil || clientInformation.StartUrl != startUrl {
-		if isAuthorizationFlowLocked() {
-			zap.S().Fatal("There is already an authorization flow running")
-		} else {
-			lockAuthorizationFlow()
-			defer unlockAuthorizationFlow()
-			zap.S().Debugf("Encountered error while reading client information: %s", err)
-			var clientInfoPointer *ClientInformation
-			clientInfoPointer = registerClient(oidcClient, startUrl)
-			clientInfoPointer = retrieveToken(oidcClient, Time{}, clientInfoPointer)
-			WriteStructToFile(clientInfoPointer, ClientInfoFileDestination())
-			clientInformation = *clientInfoPointer
-		}
+		lockAuthorizationFlow()
+		defer unlockAuthorizationFlow()
+		zap.S().Debugf("Encountered error while reading client information: %s", err)
+		var clientInfoPointer *ClientInformation
+		clientInfoPointer = registerClient(oidcClient, startUrl)
+		clientInfoPointer = retrieveToken(oidcClient, Time{}, clientInfoPointer)
+		WriteStructToFile(clientInfoPointer, ClientInfoFileDestination())
+		clientInformation = *clientInfoPointer
 	} else if clientInformation.isExpired() {
 		if isAuthorizationFlowLocked() {
-			zap.S().Fatal("There is already an authorization flow running")
+			zap.S().Fatal(lockedAuthFlowMsg)
 		} else {
 			lockAuthorizationFlow()
 			defer unlockAuthorizationFlow()