fix(auth): address CodeRabbit review feedback on OAuth UX

Made-with: Cursor
2026-02-26 13:08:13 +07:00 · 2026-02-26 13:08:13 +07:00 · fd1a9b7a07
commit fd1a9b7a07
parent 2d5c0142d2
2 changed files with 5 additions and 4 deletions
--- a/src/auth/openai_oauth.rs
+++ b/src/auth/openai_oauth.rs
@ -298,8 +298,9 @@ pub fn parse_code_from_redirect(input: &str, expected_state: Option<&str>) -> Re
        if let Some(got) = params.get("state") {
            if got != expected_state {
                let mut err_msg = format!(
-                    "OAuth state mismatch: expected {}, got {}",
-                    expected_state, got
+                    "OAuth state mismatch (expected length={}, got length={})",
+                    expected_state.len(),
+                    got.len()
                );

                // Add helpful hint if truncation detected
@ -307,7 +308,7 @@ pub fn parse_code_from_redirect(input: &str, expected_state: Option<&str>) -> Re
                    crate::auth::oauth_common::detect_url_truncation(input, expected_state.len())
                {
                    let _ = write!(
-                        err_msg,
+                        &mut err_msg,
                        "\n\n💡 Tip: {}\n   \
                        Try copying ONLY the authorization code instead of the full URL.\n   \
                        The code looks like: eyJh...",
--- a/src/main.rs
+++ b/src/main.rs
@ -1577,7 +1577,7 @@ fn set_owner_only_permissions(_path: &std::path::Path) -> Result<()> {
 fn is_pending_login_stale(pending: &PendingOAuthLogin) -> bool {
    if let Ok(created) = chrono::DateTime::parse_from_rfc3339(&pending.created_at) {
        let age = chrono::Utc::now().signed_duration_since(created);
-        age.num_hours() > 24
+        age > chrono::Duration::hours(24)
    } else {
        // If we can't parse the timestamp, consider it stale
        true