Implement fallback authentication rather than requiring a "site prefix"

spec/commands/auth/login_spec.cr

@@ -1,20 +1,44 @@
 require "../../spec_helper"
 
-describe TandaCLI::Commands::Auth::Login do
-  it "logs in and prompts for organisation selection when multiple organisations" do
-    scope = "me"
+AUTH_TOKEN_BODY = {
+  access_token: "faketoken",
+  token_type:   "test",
+  scope:        "me",
+  created_at:   TandaCLI::Utils::Time.now.to_unix,
+}.to_json
+
+AUTH_FAILED_BODY = {
+  error:             "invalid_grant",
+  error_description: "The provided authorization grant is invalid",
+}.to_json
+
+private def stub_failed_auth(host : String)
+  WebMock
+    .stub(:post, "https://#{host}/api/oauth/token")
+    .to_return(status: 401, body: AUTH_FAILED_BODY)
+end
 
-    WebMock
-      .stub(:post, "https://eu.tanda.co/api/oauth/token")
-      .to_return(
-        status: 200,
-        body: {
-          access_token: "faketoken",
-          token_type:   "test",
-          scope:        scope,
-          created_at:   TandaCLI::Utils::Time.now.to_unix,
-        }.to_json
-      )
+private def stub_successful_auth(host : String)
+  WebMock
+    .stub(:post, "https://#{host}/api/oauth/token")
+    .to_return(status: 200, body: AUTH_TOKEN_BODY)
+end
+
+private def stub_all_regions_failed
+  stub_failed_auth("my.workforce.com")
+  stub_failed_auth("my.tanda.co")
+  stub_failed_auth("eu.tanda.co")
+end
+
+private def stub_eu_auth_success
+  stub_failed_auth("my.workforce.com")
+  stub_failed_auth("my.tanda.co")
+  stub_successful_auth("eu.tanda.co")
+end
+
+describe TandaCLI::Commands::Auth::Login do
+  it "auto-detects region and prompts for organisation selection when multiple organisations" do
+    stub_eu_auth_success
 
     WebMock
       .stub(:get, endpoint("/users/me"))
@@ -47,47 +71,28 @@ describe TandaCLI::Commands::Auth::Login do
       )
 
     stdin = build_stdin(
-      "eu",
       "test@example.com",
       "dummypassword",
       "2"
     )
 
     context = run(["auth", "login"], stdin: stdin)
 
-    expected = <<-OUTPUT
-    Site prefix (my, eu, us - Default is "my"):
-
-    What's your email?
-
-    What's your password?
-
-    Success: Retrieved token!
-    Which organisation would you like to use?
-    1: Test Organisation 1
-    2: Test Organisation 2
-
-    Enter a number:
-    Success: Selected organisation "Test Organisation 2"
-    Success: Organisations saved to config
-
-    OUTPUT
-
-    context.stdout.to_s.should eq(expected)
+    output = context.stdout.to_s
+    output.should contain("Tanda CLI Login")
+    output.should contain("Email:")
+    output.should contain("Password:")
+    output.should contain("Authenticating...")
+    output.should contain("Authenticated!")
+    output.should contain("Select an organisation:")
+    output.should contain("Test Organisation 1")
+    output.should contain("Test Organisation 2")
+    output.should contain("Selected organisation \"Test Organisation 2\"")
+    output.should contain("Organisations saved to config")
   end
 
   it "auto-selects organisation when only one is available" do
-    WebMock
-      .stub(:post, "https://eu.tanda.co/api/oauth/token")
-      .to_return(
-        status: 200,
-        body: {
-          access_token: "faketoken",
-          token_type:   "test",
-          scope:        "me",
-          created_at:   TandaCLI::Utils::Time.now.to_unix,
-        }.to_json
-      )
+    stub_eu_auth_success
 
     WebMock
       .stub(:get, endpoint("/users/me"))
@@ -113,48 +118,65 @@ describe TandaCLI::Commands::Auth::Login do
       )
 
     stdin = build_stdin(
-      "eu",
       "test@example.com",
       "dummypassword",
     )
 
     context = run(["auth", "login"], stdin: stdin)
 
-    expected = <<-OUTPUT
-    Site prefix (my, eu, us - Default is "my"):
-
-    What's your email?
+    output = context.stdout.to_s
+    output.should contain("Authenticated!")
+    output.should contain("Selected organisation \"Test Organisation\"")
+    output.should contain("Organisations saved to config")
+  end
 
-    What's your password?
+  it "errors when all regions fail authentication" do
+    stub_all_regions_failed
 
-    Success: Retrieved token!
-    Success: Selected organisation "Test Organisation"
-    Success: Organisations saved to config
+    stdin = build_stdin(
+      "bad@example.com",
+      "wrongpassword",
+    )
 
-    OUTPUT
+    context = run(["auth", "login"], stdin: stdin)
 
-    context.stdout.to_s.should eq(expected)
+    context.stderr.to_s.should contain("Unable to authenticate")
   end
 
-  it "errors with invalid credentials" do
+  it "stops at the first successful region" do
+    stub_successful_auth("my.workforce.com")
+
     WebMock
-      .stub(:post, "https://eu.tanda.co/api/oauth/token")
+      .stub(:get, "https://my.workforce.com/api/v2/users/me")
       .to_return(
-        status: 401,
+        status: 200,
         body: {
-          error:             "invalid_grant",
-          error_description: "The provided authorization grant is invalid",
+          name:          "Test",
+          email:         "test@example.com",
+          country:       "Australia",
+          time_zone:     "Australia/Sydney",
+          user_ids:      [1],
+          permissions:   ["test"],
+          organisations: [
+            {
+              id:      1,
+              name:    "Test Organisation",
+              locale:  "en-AU",
+              country: "Australia",
+              user_id: 1,
+            },
+          ],
         }.to_json
       )
 
     stdin = build_stdin(
-      "eu",
-      "bad@example.com",
-      "wrongpassword",
+      "test@example.com",
+      "dummypassword",
     )
 
     context = run(["auth", "login"], stdin: stdin)
 
-    context.stderr.to_s.should contain("Unable to authenticate")
+    output = context.stdout.to_s
+    output.should contain("Authenticated!")
   end
 end

spec/commands/auth/status_spec.cr

@@ -8,7 +8,7 @@ describe TandaCLI::Commands::Auth::Status do
     output.should contain("Authenticated (production)")
     output.should contain("test@testmailfakenotrealthisisntarealdomainaaaa.com")
     output.should contain("Test Organisation (user 1)")
-    output.should contain("eu")
+    output.should contain("EU (eu.tanda.co)")
   end
 
   it "displays authenticated status in staging" do

spec/fixtures/configuration/default.json

@@ -2,7 +2,7 @@
   "mode": "production",
   "treat_paid_breaks_as_unpaid": true,
   "production": {
-    "site_prefix": "eu",
+    "region": "eu",
     "access_token": {
       "email": "test@testmailfakenotrealthisisntarealdomainaaaa.com",
       "token": "testtoken",

spec/fixtures/configuration/default_staging.json

@@ -2,7 +2,7 @@
   "mode": "staging",
   "treat_paid_breaks_as_unpaid": true,
   "staging": {
-    "site_prefix": "eu",
+    "region": "eu",
     "access_token": {
       "email": "test@testmailfakenotrealthisisntarealdomainaaaa.com",
       "token": "testtoken",

spec/fixtures/configuration/no_regular_hours.json

@@ -2,7 +2,7 @@
   "mode": "production",
   "treat_paid_breaks_as_unpaid": true,
   "production": {
-    "site_prefix": "eu",
+    "region": "eu",
     "access_token": {
       "email": "test@testmailfakenotrealthisisntarealdomainaaaa.com",
       "token": "testtoken",

spec/fixtures/configuration/unauthenticated.json

@@ -1,7 +1,7 @@
 {
   "mode": "production",
   "production": {
-    "site_prefix": "eu",
+    "region": "eu",
     "access_token": {},
     "organisations": []
   },