add password auth, clearer setup prompts

Author: MNametissa

o2switch_cli/__init__.py

@@ -1,3 +1,3 @@
 __all__ = ["__version__"]
 
-__version__ = "0.1.1"
+__version__ = "0.1.2"

o2switch_cli/cli/config_cmd.py

@@ -65,7 +65,9 @@ def init_config(
     path: Path | None = typer.Option(None, "--path", help="Write credentials to this file. Defaults to global config."),
     cpanel_host: str | None = typer.Option(None, "--cpanel-host", help="cPanel host, for example saule.o2switch.net."),
     cpanel_user: str | None = typer.Option(None, "--cpanel-user", help="cPanel username."),
-    cpanel_token: str | None = typer.Option(None, "--cpanel-token", help="cPanel API token."),
+    cpanel_token: str | None = typer.Option(None, "--cpanel-token", help="cPanel API token (if using token auth)."),
+    cpanel_password: str | None = typer.Option(None, "--cpanel-password", help="cPanel password (if using password auth)."),
+    use_password: bool = typer.Option(False, "--password", "-p", help="Use password instead of API token."),
     default_ttl: int | None = typer.Option(None, "--default-ttl", help="Default TTL to write into the env file."),
     audit_log_path: str | None = typer.Option(
         None,
@@ -78,6 +80,13 @@ def init_config(
     force: bool = typer.Option(False, "--force", help="Overwrite an existing env file without confirmation."),
     test_api: bool = typer.Option(False, "--test-api/--no-test-api", help="Test cPanel API access after writing."),
 ) -> None:
+    """Configure cPanel credentials.
+
+    Examples:
+        o2switch-cli config setup                    # Interactive setup
+        o2switch-cli config setup --password         # Use password instead of token
+        o2switch-cli config setup --cpanel-user xxx  # Pre-fill username
+    """
     def action(app_context):
         ui = TerminalUI(app_context.console, app_context.output_format)
         current = app_context.settings
@@ -90,9 +99,22 @@ def action(app_context):
         elif target.exists() and not force and non_interactive:
             raise ValidationAppError("config_init", f"{target} already exists. Use --force to overwrite.", str(target))
 
+        # Determine auth method
+        auth_method = "password" if use_password or cpanel_password else current.auth_method
+        if not non_interactive and not cpanel_token and not cpanel_password:
+            auth_choice = questionary.select(
+                "Authentication method:",
+                choices=[
+                    {"name": "Password (cPanel login password)", "value": "password"},
+                    {"name": "API Token (generate in cPanel > Security > Manage API Tokens)", "value": "token"},
+                ],
+                default="password",
+            ).ask()
+            auth_method = auth_choice or "password"
+
         host = cpanel_host or current.cpanel_host
         user = cpanel_user or current.cpanel_user
-        token = cpanel_token or (current.cpanel_token.get_secret_value() if current.cpanel_token else None)
+        secret = cpanel_password or cpanel_token or (current.cpanel_token.get_secret_value() if current.cpanel_token else None)
         ttl = default_ttl if default_ttl is not None else current.default_ttl
         audit_path = (
             audit_log_path
@@ -101,36 +123,59 @@ def action(app_context):
         )
 
         if not non_interactive:
-            host = host or questionary.text("cPanel host", default=current.cpanel_host or "").ask()
-            user = user or questionary.text("cPanel user", default=current.cpanel_user or "").ask()
-            token = token or questionary.password("cPanel API token").ask()
-            ttl_text = questionary.text("Default TTL", default=str(ttl)).ask() or str(ttl)
-            try:
-                ttl = int(ttl_text)
-            except ValueError as exc:
-                raise ValidationAppError("config_init", "Default TTL must be an integer.", str(target)) from exc
-            audit_path = questionary.text("Audit log path", default=audit_path).ask() or audit_path
+            user = user or questionary.text("cPanel username").ask()
+            # o2switch server selection
+            if not host:
+                ui.console.print("\n[dim]Your o2switch server name is shown in your cPanel URL:[/]")
+                ui.console.print("[dim]  https://[bold]SERVER[/].o2switch.net:2083[/]\n")
+                server_name = questionary.text(
+                    "o2switch server name",
+                    instruction="(just the name: saule, if, herse, etc.)"
+                ).ask()
+                if server_name:
+                    server_name = server_name.strip().lower()
+                    if not server_name.endswith(".o2switch.net"):
+                        host = f"{server_name}.o2switch.net"
+                    else:
+                        host = server_name
+            else:
+                host = questionary.text("cPanel server", default=host).ask()
+
+            if auth_method == "password":
+                secret = secret or questionary.password("cPanel password").ask()
+            else:
+                ui.console.print("\n[dim]Generate a token in cPanel:[/]")
+                ui.console.print("[dim]  Security > Manage API Tokens > Create[/]\n")
+                secret = secret or questionary.password("cPanel API token").ask()
 
         host = host.strip() if host else None
         user = user.strip() if user else None
-        token = token.strip() if token else None
+        secret = secret.strip() if secret else None
         audit_path = (
             audit_path.strip()
             if isinstance(audit_path, str) and audit_path.strip()
             else default_audit_log_path()
         )
 
-        if not host or not user or not token:
+        if not host or not user or not secret:
+            missing = []
+            if not host:
+                missing.append("host")
+            if not user:
+                missing.append("user")
+            if not secret:
+                missing.append("password" if auth_method == "password" else "token")
             raise ValidationAppError(
                 "config_init",
-                "cpanel host, user, and token are required.",
+                f"Missing required fields: {', '.join(missing)}",
                 str(target),
             )
 
         settings = AppSettings(
             cpanel_host=host,
             cpanel_user=user,
-            cpanel_token=token,
+            cpanel_token=secret,
+            auth_method=auth_method,
             port=current.port,
             timeout_seconds=current.timeout_seconds,
             default_ttl=ttl,
@@ -141,13 +186,12 @@ def action(app_context):
         )
         written = write_env_file(target, settings)
         ui.print_mapping(
-            "Setup Written",
+            "Setup Complete",
             {
-                "path": str(written),
+                "config_file": str(written),
                 "cpanel_host": host,
                 "cpanel_user": user,
-                "default_ttl": ttl,
-                "audit_log_path": audit_path,
+                "auth_method": auth_method,
             },
         )
 

o2switch_cli/config/settings.py

@@ -50,7 +50,8 @@ class AppSettings(BaseSettings):
 
     cpanel_host: str | None = None
     cpanel_user: str | None = None
-    cpanel_token: SecretStr | None = None
+    cpanel_token: SecretStr | None = None  # token or password depending on auth_method
+    auth_method: Literal["token", "password"] = "token"
     port: int = 2083
     timeout_seconds: float = 20.0
     default_ttl: int = 300
@@ -115,10 +116,11 @@ def _dotenv_value(value: Any) -> str:
 def render_env_file(settings: AppSettings) -> str:
     token = settings.cpanel_token.get_secret_value() if settings.cpanel_token else None
     lines = [
-        "# Generated by o2switch-cli config init",
+        "# Generated by o2switch-cli config setup",
         f"O2SWITCH_CLI_CPANEL_HOST={_dotenv_value(settings.cpanel_host)}",
         f"O2SWITCH_CLI_CPANEL_USER={_dotenv_value(settings.cpanel_user)}",
         f"O2SWITCH_CLI_CPANEL_TOKEN={_dotenv_value(token)}",
+        f"O2SWITCH_CLI_AUTH_METHOD={_dotenv_value(settings.auth_method)}",
         f"O2SWITCH_CLI_PORT={_dotenv_value(settings.port)}",
         f"O2SWITCH_CLI_TIMEOUT_SECONDS={_dotenv_value(settings.timeout_seconds)}",
         f"O2SWITCH_CLI_DEFAULT_TTL={_dotenv_value(settings.default_ttl)}",

o2switch_cli/core/auth.py

@@ -1,5 +1,7 @@
 from __future__ import annotations
 
+import base64
+
 import questionary
 from pydantic import SecretStr
 
@@ -24,5 +26,10 @@ def ensure_credentials(settings: AppSettings, *, allow_prompt: bool) -> AppSetti
     return merged
 
 
-def auth_header(user: str, token: SecretStr) -> dict[str, str]:
-    return {"Authorization": f"cpanel {user}:{token.get_secret_value()}"}
+def auth_header(user: str, token: SecretStr, *, use_basic: bool = False) -> dict[str, str]:
+    """Generate auth header. use_basic=True for password auth."""
+    secret = token.get_secret_value()
+    if use_basic:
+        encoded = base64.b64encode(f"{user}:{secret}".encode()).decode()
+        return {"Authorization": f"Basic {encoded}"}
+    return {"Authorization": f"cpanel {user}:{secret}"}

o2switch_cli/core/cpanel_client.py

@@ -16,9 +16,10 @@ def __init__(self, settings: AppSettings, client: httpx.Client | None = None) ->
         if not settings.cpanel_user:
             raise AuthAppError("cpanel_client_init", "cpanel_user is required but not configured.")
         self._settings = settings
+        use_basic = settings.auth_method == "password"
         headers = {
-            **auth_header(settings.cpanel_user, settings.cpanel_token),  # type: ignore[arg-type]
-            "User-Agent": "o2switch-cli/0.1.0",
+            **auth_header(settings.cpanel_user, settings.cpanel_token, use_basic=use_basic),  # type: ignore[arg-type]
+            "User-Agent": "o2switch-cli/0.1.2",
             "Accept": "application/json",
         }
         self._client = client or httpx.Client(