refactor: streamline OpenAI session clearing by consolidating storage methods

vinhnx · vinhnx · commit 23a6c55b6c9b · 2026-03-19T00:48:08.000+07:00
diff --git a/src/cli/auth.rs b/src/cli/auth.rs
@@ -3,7 +3,7 @@ use std::future::Future;
 use vtcode_auth::{
     AuthCallbackOutcome, AuthCredentialsStoreMode, AuthStatus, OAuthCallbackPage, OAuthProvider,
     OpenAIChatGptAuthStatus, OpenAIChatGptSession, OpenRouterToken, PkceChallenge,
-    clear_oauth_token_with_mode, clear_openai_chatgpt_session_with_mode, exchange_code_for_token,
+    clear_oauth_token_with_mode, clear_openai_chatgpt_session, exchange_code_for_token,
     exchange_openai_chatgpt_code_for_tokens, generate_openai_oauth_state, generate_pkce_challenge,
     get_auth_status_with_mode, get_auth_url, get_openai_chatgpt_auth_status_with_mode,
     get_openai_chatgpt_auth_url, load_openai_chatgpt_session_with_mode,
@@ -221,9 +221,7 @@ pub(crate) fn clear_openrouter_login(vt_cfg: Option<&VTCodeConfig>) -> Result<()
 }
 
 pub(crate) fn clear_openai_login(_vt_cfg: Option<&VTCodeConfig>) -> Result<()> {
-    clear_openai_chatgpt_session_with_mode(AuthCredentialsStoreMode::File)?;
-    clear_openai_chatgpt_session_with_mode(AuthCredentialsStoreMode::Keyring)?;
-    Ok(())
+    clear_openai_chatgpt_session()
 }
 
 pub(crate) fn openrouter_auth_status(vt_cfg: Option<&VTCodeConfig>) -> Result<AuthStatus> {
diff --git a/vtcode-auth/src/openai_chatgpt_oauth.rs b/vtcode-auth/src/openai_chatgpt_oauth.rs
@@ -457,9 +457,7 @@ pub fn load_openai_chatgpt_session_with_mode(
 }
 
 pub fn clear_openai_chatgpt_session() -> Result<()> {
-    let _ = clear_session_from_keyring();
-    let _ = clear_session_from_file();
-    Ok(())
+    clear_session_from_all_stores()
 }
 
 pub fn clear_openai_chatgpt_session_with_mode(mode: AuthCredentialsStoreMode) -> Result<()> {
@@ -540,7 +538,7 @@ async fn refresh_openai_chatgpt_session_without_lock(
         .context("failed to refresh openai chatgpt token")?;
     response
         .error_for_status_ref()
-        .map_err(|err| classify_refresh_error(err, storage_mode))?;
+        .map_err(classify_refresh_error)?;
     let token_response: OpenAITokenResponse = response
         .json()
         .await
@@ -745,22 +743,43 @@ async fn acquire_refresh_lock() -> Result<RefreshLockGuard> {
     Ok(RefreshLockGuard { file })
 }
 
-fn classify_refresh_error(
-    err: reqwest::Error,
-    storage_mode: AuthCredentialsStoreMode,
-) -> anyhow::Error {
+fn classify_refresh_error(err: reqwest::Error) -> anyhow::Error {
     let status = err.status();
     let message = err.to_string();
     if status.is_some_and(|status| status == reqwest::StatusCode::BAD_REQUEST)
         && (message.contains("invalid_grant") || message.contains("refresh_token"))
     {
-        let _ = clear_openai_chatgpt_session_with_mode(storage_mode);
+        if let Err(clear_err) = clear_session_from_all_stores() {
+            tracing::warn!(
+                "failed to clear expired openai chatgpt session across all stores: {clear_err}"
+            );
+        }
         anyhow!("Your ChatGPT session expired. Run `vtcode login openai` again.")
     } else {
         anyhow!(message)
     }
 }
 
+fn clear_session_from_all_stores() -> Result<()> {
+    let mut errors = Vec::new();
+
+    if let Err(err) = clear_session_from_keyring() {
+        errors.push(err.to_string());
+    }
+    if let Err(err) = clear_session_from_file() {
+        errors.push(err.to_string());
+    }
+
+    if errors.is_empty() {
+        Ok(())
+    } else {
+        Err(anyhow!(
+            "failed to clear openai session from all stores: {}",
+            errors.join("; ")
+        ))
+    }
+}
+
 fn save_session_to_keyring(serialized: &str) -> Result<()> {
     let entry = keyring::Entry::new(OPENAI_STORAGE_SERVICE, OPENAI_STORAGE_USER)
         .context("failed to access keyring for openai session")?;
@@ -1245,6 +1264,39 @@ mod tests {
             .expect("clear session");
     }
 
+    #[test]
+    #[serial]
+    fn clear_openai_chatgpt_session_removes_file_and_keyring_sessions() {
+        let _guard = TestAuthDirGuard::new();
+        let session = sample_session();
+        save_openai_chatgpt_session_with_mode(&session, AuthCredentialsStoreMode::File)
+            .expect("save file session");
+
+        if save_openai_chatgpt_session_with_mode(&session, AuthCredentialsStoreMode::Keyring)
+            .is_err()
+        {
+            clear_openai_chatgpt_session().expect("clear session");
+            assert!(
+                load_openai_chatgpt_session_with_mode(AuthCredentialsStoreMode::File)
+                    .expect("load file session")
+                    .is_none()
+            );
+            return;
+        }
+
+        clear_openai_chatgpt_session().expect("clear session");
+        assert!(
+            load_openai_chatgpt_session_with_mode(AuthCredentialsStoreMode::File)
+                .expect("load file session")
+                .is_none()
+        );
+        assert!(
+            load_openai_chatgpt_session_with_mode(AuthCredentialsStoreMode::Keyring)
+                .expect("load keyring session")
+                .is_none()
+        );
+    }
+
     #[test]
     fn active_api_bearer_token_falls_back_to_access_token() {
         let mut session = sample_session();
