From fd1a9b7a07c4deafbd14bda4ed3325a76b7e806b Mon Sep 17 00:00:00 2001 From: ZeroClaw Bot Date: Thu, 26 Feb 2026 13:08:13 +0700 Subject: [PATCH] fix(auth): address CodeRabbit review feedback on OAuth UX Made-with: Cursor --- src/auth/openai_oauth.rs | 7 ++++--- src/main.rs | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/auth/openai_oauth.rs b/src/auth/openai_oauth.rs index 9d765f85a..68966c683 100644 --- a/src/auth/openai_oauth.rs +++ b/src/auth/openai_oauth.rs @@ -298,8 +298,9 @@ pub fn parse_code_from_redirect(input: &str, expected_state: Option<&str>) -> Re if let Some(got) = params.get("state") { if got != expected_state { let mut err_msg = format!( - "OAuth state mismatch: expected {}, got {}", - expected_state, got + "OAuth state mismatch (expected length={}, got length={})", + expected_state.len(), + got.len() ); // Add helpful hint if truncation detected @@ -307,7 +308,7 @@ pub fn parse_code_from_redirect(input: &str, expected_state: Option<&str>) -> Re crate::auth::oauth_common::detect_url_truncation(input, expected_state.len()) { let _ = write!( - err_msg, + &mut err_msg, "\n\n💡 Tip: {}\n \ Try copying ONLY the authorization code instead of the full URL.\n \ The code looks like: eyJh...", diff --git a/src/main.rs b/src/main.rs index 83e3f80a4..be9cbda58 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1577,7 +1577,7 @@ fn set_owner_only_permissions(_path: &std::path::Path) -> Result<()> { fn is_pending_login_stale(pending: &PendingOAuthLogin) -> bool { if let Ok(created) = chrono::DateTime::parse_from_rfc3339(&pending.created_at) { let age = chrono::Utc::now().signed_duration_since(created); - age.num_hours() > 24 + age > chrono::Duration::hours(24) } else { // If we can't parse the timestamp, consider it stale true