Summary

Allow the open browser and web login options to be used on all commands.

Review Request #14573 — Created Sept. 8, 2025 and updated Dec. 4, 2025, 9:34 p.m.

Information

Owner

maubin

Repository

RBTools

Branch

release-5.x

Bugs

Depends On

Blocks

14575

Reviewers

Groups

rbtools

People

Description

We received a bug report that the web login option was not working for
the rbt post command. Upon investigation, it was found that web login only
actually worked correctly for rbt login. It also worked for commands that
call get_authenticated_session before doing any requests that require
authentication (such as rbt status), but this only worked when the
WEB_LOGIN option was set in .reviewboardrc, not when the option was
passed through the command line.

This change is the beginning in a series of ones that allow web login to be
used for authentication when using any rbt command. This change only
generalizes command options, it doesn't actually implement web login on the
commands (that happens in /r/14575 and /r/14576).

We make the web login option a general server option, instead of only
applying to the login command. The command's long form has been renamed to
--web-login instead of just --web, but we keep the existing -w/--web
option on the login command for compatibility and since -w is a
convenient short-form of the option.

Similarly, we make the open browser option a general one, instead of only
applying to the login and post commands. In the future, any commands that
navigate to a URL can make use of this option to open URLs automatically in a
browser. It has also been renamed to --open-browser, but keeping the old
-o/--open version like we did for the --web option.

We also deprecate the --enable-logging option for rbt login, instead we'll
just use the --debug option to enable server logs.

These options now get set on RBClient as the web_login_options dict. It
makes sense to centralize these settings onto the client, so that callers can
easily set things in one place instead of having to plumb values through
various functions to reach the web login server. This will make more sense
in the context of the upcoming changes.

Testing Done


Used in upcoming changes.
Ran unit tests.
Tested using all versions of the web login, open browser, and

  debug/logging options and their .reviewboardrc config values

  on rbt login, rbt post and rbt status.

Commits

Summary	ID
Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	ff33cd7379280856195f9b01d5ac63d27ad43313

Summary

Allow the open browser and web login options to be used on all commands.

We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.

ff33cd7379280856195f9b01d5ac63d27ad43313

Issues

Description	From	Last Updated
I don't like the idea of storing the options as an attribute on RBClient when the client isn't actually using …	david	Sept. 18, 2025, 8:42 a.m.
I think -o is still very important here, and we should keep it for the long term. rbt post -o …	david	Sept. 11, 2025, 3:30 a.m.
Perhaps we should use a dataclass here instead of a dict?	david	Sept. 22, 2025, 2:04 a.m.
This should be RBClientWebLoginOptions \| None	david	Sept. 19, 2025, 1:32 a.m.
This should use (RBClientWebLoginOptions \| None) = None	david	Sept. 19, 2025, 1:32 a.m.
Type here is incorrect.	david	Sept. 19, 2025, 1:34 a.m.
This should be able to go in the if TYPE_CHECKING block.	david	Sept. 25, 2025, 4:09 a.m.
I have an idea here. Right now, this will make it so help output will show two separate lines each …	david	Sept. 22, 2025, 12:51 a.m.
Can we add something that triggers a deprecation warning if this option is used?	david	Sept. 22, 2025, 1:36 a.m.
Can you add docs for the return value and CommandError raise?	david	Sept. 22, 2025, 12:21 a.m.
This should be able to go in the if TYPE_CHECKING block.	david	Sept. 25, 2025, 4:09 a.m.
This is no longer true.	david	Sept. 22, 2025, 12:21 a.m.
We could do the same thing here modifying self._global_options instead of duplicating the option.	david	Sept. 22, 2025, 1:35 a.m.
These should use \| None syntax	david	Sept. 22, 2025, 12:23 a.m.
This should fit on one line.	david	Sept. 22, 2025, 12:23 a.m.
Let's go with 5.4 for this release, since we're introducing new abilities. This will apply to other version references.	chipx86	Oct. 14, 2025, 11:34 p.m.
Blank line between the class docstring and attributes.	chipx86	Oct. 14, 2025, 11:34 p.m.
Can we alphabetize these?	chipx86	Oct. 14, 2025, 11:35 p.m.
Both of these need their own Version Changed.	chipx86	Oct. 14, 2025, 11:36 p.m.
I think this will end up polluting the shared options. We'd have to make a copy. Also, do we want …	chipx86	Oct. 15, 2025, 2:17 a.m.
Same note here as with the other location.	chipx86	Oct. 15, 2025, 2:17 a.m.
line too long (80 > 79 characters) Column: 80 Error code: E501	reviewbot	Oct. 16, 2025, 12:17 a.m.
Each one of these needs its own Version Changed.	chipx86	Dec. 4, 2025, 9:34 p.m.
I think this probably should be a Sequence, unless we're allowing manipulation of it. This may become a larger change …	chipx86	Dec. 4, 2025, 9:34 p.m.
Same note here with Sequence, if going this route for this change.	chipx86	Dec. 4, 2025, 9:34 p.m.

flake8 passed.

JSHint passed.

Two big-picture things before I get into a detailed review.

The issue has been dropped. Show all issues

I don't like the idea of storing the options as an attribute on RBClient when the client isn't actually using it at all. I also can't see where web-based auth is implemented for commands other than rbt login.
Architecturally, how does this sound:

Update auth_callback to return a dict instead of a tuple[str, str]. This dict can include either username/password or an API token (actually, probably either dict or tuple and trigger a DeprecationWarning if the caller receives a tuple back).
Update ReviewBoardHTTPPasswordMgr to also plumb that through.
Update ReviewBoardServer.retry_http_basic_auth to handle an API token result.
Add the web-login implementation to BaseCommand.credentials_prompt. This has access to self.options directly.

maubin Sept. 11, 2025, 3:32 a.m.

Web-based auth gets implemented for all commands in /r/14576 (and /r/14575 has some context). This was just the first change in the stack where I generalize our command options (I'll clarify this in the description).
You're right that web-based auth for commands doesn't necessitate storing the options on RBClient, since our auth callback (which in my changes is BaseCommand.web_login_callback) will have access to self.options directly. But the reason why I put these settings on RBClient is because it simplifies supplying these options to the web login server when using get_authenticated_session() and other potential areas that deal with authenticating a client.
We do have the via_web, open_browser and enable_logging args for get_authenticated_session() which were added when I originally implemented web-based auth. Ideally I would've made this one RBClientWebLoginOptions-typed argument instead of individual arguments but oh well. Anyways while working on this I realized how messy it could be to only rely on these arguments. We have the get_user() and get_username() functions that both call get_authenticated_session(). And those functions are used in some of our commands, which kick off the auth process before our HTTP handlers can. Without the web login attributes on RBClient, I'd have to add a RBClientWebLoginOptions argument to get_user() and to get_username(), and update each of their calls so that we're passing in the options. And any new functions that call  get_authenticated_session() and want to benefit from web login would have to add and care about a RBClientWebLoginOptions argument as well, just to plumb it through to get_authenticated_session().
With the web login attributes on RBClient, the caller doesn't have to care about the web login options each time they call get_user(), get_username(), and get_authenticated_session().
The RBClient isn't technically "using" these options itself, but its still information that is relevant to the client. It's saying whether this client is allowed to authenticate using web-based login or not, and details on how to use it. And then, from any function/class that deals with authenticating a client (commands, http handlers, these user session functions, the new attempt_web_login() function) we can define these options on the RBClient, or expect them to already be defined (as is the case with commands that call these user session functions), instead of being forced to include these options in all the function or class definitions that want to benefit from web login.

rbtools/commands/post.py (Diff revision 1)

The issue has been resolved. Show all issues

I think -o is still very important here, and we should keep it for the long term. rbt post -o is a lot easier to type than rbt post --open-browser

maubin Sept. 11, 2025, 3:32 a.m.
```
That's a good point, we can keep it.
```

Description:

		We received a bug report that the web login option was not working for
		the `rbt post` command. Upon investigation, it was found that web login only
		actually worked correctly for `rbt login`. It also worked for commands that
		call `get_authenticated_session` before doing any requests that require
		authentication (such as `rbt status`), but this only worked when the
		`WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was
		passed through the command line.

~		This change is the beginning in a series of ones that fix web login, allowing
~		it to be used for authentication when using any rbt command. We make the
~		web login option a general server option, instead of only applying to
~		the login command. The command's long form has been renamed to `--web-login`
~		instead of just `--web`, but we keep and deprecate the existing `-w/--web`
~		option on the login command for compatibility. When we remove this option
~		in the future, users will no longer be able to pass `-w` but `--web` will
~		still work since our arg parser allows for the abbreviation of long
~		arguments.
	~	This change is the beginning in a series of ones that allow web login to be
	~	used for authentication when using any rbt command. This change only
	~	generalizes command options, it doesn't actually implement web login on the
	~	commands (that happens in /r/14575 and /r/14576).
	~
	~	We make the web login option a general server option, instead of only
	~	applying to the login command. The command's long form has been renamed to
	~	`--web-login` instead of just `--web`, but we keep the existing `-w/--web`
	~	option on the login command for compatibility and since `-w` is a
	+	convenient short-form of the option.

		Similarly, we make the open browser option a general one, instead of only
		applying to the login and post commands. In the future, any commands that
		navigate to a URL can make use of this option to open URLs automatically in a
		browser. It has also been renamed to `--open-browser`, but keeping the old
		`-o/--open` version like we did for the `--web` option.

		We also deprecate the `--enable-logging` option for `rbt login`, instead we'll
		just use the `--debug` option to enable server logs.

		These options now get set on `RBClient` as the `web_login_options` dict. It
		makes sense to centralize these settings onto the client, so that callers can
		easily set things in one place instead of having to plumb values through
		various functions to reach the web login server. This will make more sense
		in the context of the upcoming changes.

Commits:

	Summary	ID
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	a8e6d286ea4315f0c8cfcf14b4d58e67a7719407
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	5679ce5963d83f0a29c80bdd74e6fe1ae381ed24

Diff:

Revision 2 (+330 -106)

Show changes

	rbtools/api/client.py
	rbtools/commands/login.py
	rbtools/commands/post.py
	rbtools/commands/base/commands.py
	rbtools/utils/users.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Change Summary:

Actually remove the deprecation on the -o and -w options, which I forgot to do in the last review request update.

Commits:

	Summary	ID
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	5679ce5963d83f0a29c80bdd74e6fe1ae381ed24
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	a5b73b72c08d333df3a5f15712953843a59fba27

Diff:

Revision 3 (+322 -102)

Show changes

	rbtools/api/client.py
	rbtools/commands/login.py
	rbtools/commands/post.py
	rbtools/commands/base/commands.py
	rbtools/utils/users.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

rbtools/api/client.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Perhaps we should use a dataclass here instead of a dict?
```
rbtools/api/client.py (Diff revision 3)
The issue has been resolved. Show all issues
```
This should be RBClientWebLoginOptions | None
```
rbtools/api/client.py (Diff revision 3)
The issue has been resolved. Show all issues
```
This should use (RBClientWebLoginOptions | None) = None
```
rbtools/api/client.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Type here is incorrect.
```

rbtools/commands/login.py (Diff revision 3)

The issue has been resolved. Show all issues

I have an idea here. Right now, this will make it so help output will show two separate lines each of these.
How about, instead of duplicating the options, we do:

def create_parser(
    self,
    config: RBToolsConfig,
    argv: (list[str] | None) = None,
) -> argparse.ArgumentParser:
    for option in self._global_options:
        if option.opts[0] == '--open-browser':
            option.opts = ['-o', '--open', '--open-browser']
        elif option.opts[0] == '--web-login':
            option.opts = ['-w', '--web', '--web-login']

    return super.create_parser(config, argv)


That'll simplify the RBClientWebLoginOptions creation too.

rbtools/commands/login.py (Diff revision 3)

The issue has been resolved. Show all issues

Can we add something that triggers a deprecation warning if this option is used?

maubin Sept. 22, 2025, 8:49 p.m.

Python 3.13 adds a deprecated arg to add_argument which would be nice to use. For now I'll make our own custom thing in a separate change, so that we can use it for any deprecated arg.

rbtools/commands/login.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Can you add docs for the return value and CommandError raise?
```
rbtools/commands/post.py (Diff revision 3)
The issue has been resolved. Show all issues
```
This is no longer true.
```

rbtools/commands/post.py (Diff revision 3)

The issue has been resolved. Show all issues

We could do the same thing here modifying self._global_options instead of duplicating the option.

rbtools/utils/users.py (Diff revision 3)
The issue has been resolved. Show all issues
```
These should use | None syntax
```
rbtools/utils/users.py (Diff revision 3)
The issue has been resolved. Show all issues
```
This should fit on one line.
```

Change Summary:


Use a dataclass instead of TypedDict for the RBClientWebLoginOptions definition.
Typing fixes.
Combine some args in create_parser() instead of duplicating them in the option lists.

Commits:

	Summary	ID
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	a5b73b72c08d333df3a5f15712953843a59fba27
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	5853519760195f5d3e225d9a233a75705961665a

Diff:

Revision 4 (+444 -136)

Show changes

	rbtools/api/client.py
	rbtools/commands/login.py
	rbtools/commands/post.py
	rbtools/commands/base/commands.py
	rbtools/utils/users.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

rbtools/commands/login.py (Diff revisions 3 - 4)
The issue has been resolved. Show all issues
```
This should be able to go in the if TYPE_CHECKING block.
```
rbtools/commands/post.py (Diff revisions 3 - 4)
The issue has been resolved. Show all issues
```
This should be able to go in the if TYPE_CHECKING block.
```

Commits:

	Summary	ID
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	5853519760195f5d3e225d9a233a75705961665a
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	6d3e0136fbfd254a7af117e4cf3b0aa689d732a0

Diff:

Revision 5 (+448 -136)

Show changes

	rbtools/api/client.py
	rbtools/commands/login.py
	rbtools/commands/post.py
	rbtools/commands/base/commands.py
	rbtools/utils/users.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

rbtools/api/client.py (Diff revision 5)

The issue has been resolved. Show all issues

Let's go with 5.4 for this release, since we're introducing new abilities.

This will apply to other version references.

rbtools/api/client.py (Diff revision 5)
The issue has been resolved. Show all issues
```
Blank line between the class docstring and attributes.
```
rbtools/api/client.py (Diff revision 5)
The issue has been resolved. Show all issues
```
Can we alphabetize these?
```
rbtools/commands/login.py (Diff revision 5)
The issue has been resolved. Show all issues
```
Both of these need their own Version Changed.
```

rbtools/commands/login.py (Diff revision 5)

The issue has been resolved. Show all issues

I think this will end up polluting the shared options. We'd have to make a copy.

Also, do we want to break after we find the option?

rbtools/commands/post.py (Diff revision 5)
The issue has been resolved. Show all issues
```
Same note here as with the other location.
```

Change Summary:


Changed to target version 5.4.
Doesn't modify shared option lists on the base command class.

Commits:

	Summary	ID
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	6d3e0136fbfd254a7af117e4cf3b0aa689d732a0
	Allow the open browser and web login options to be used on all commands. We received a bug report that the web login option was not working for the `rbt post` command. Upon investigation, it was found that web login only actually worked correctly for `rbt login`. It also worked for commands that call `get_authenticated_session` before doing any requests that require authentication (such as `rbt status`), but this only worked when the `WEB_LOGIN` option was set in `.reviewboardrc`, not when the option was passed through the command line. This change is the beginning in a series of ones that fix web login, allowing it to be used for authentication when using any rbt command. We make the web login option a general server option, instead of only applying to the login command. The command's long form has been renamed to `--web-login` instead of just `--web`, but we keep and deprecate the old `--web` version on the login command for compatibility. Similarly, we make the open browser option a general one, instead of only applying to the login and post commands. In the future, any commands that navigate to a URL can make use of this option to open URLs automatically in a browser. It has also been renamed to `--open-browser`, but keeping the old `--open` version like we did for the `--web` option. We also deprecate the `--enable-logging` option for `rbt login`, instead we'll just use the `--debug` option to enable server logs. These options now get passed to `RBClient`, which will make more sense with the next change. These are needed here to get around a problem with the commands that call `get_authenticated_session` before doing any authentication requests (before our web-login auth handler, which is added in an upcoming change, can kick in). In those cases we have no way to pass these options to the web login server unless we update every function call that directly or indirectly calls `get_authenticated_session` to include the options. Right now that includes `get_user`, `get_username` and `find_review_request_by_change_id`. That seemed too messy to deal with and it's not reasonable to make every function which calls `get_authenticated_session` have to include web-based login related options in their definitions.	ff33cd7379280856195f9b01d5ac63d27ad43313

Diff:

Revision 6 (+522 -138)

Show changes

	rbtools/api/client.py
	rbtools/commands/login.py
	rbtools/commands/post.py
	rbtools/commands/base/commands.py
	rbtools/utils/users.py

Checks run (1 failed, 1 succeeded)

flake8 failed.

JSHint passed.

flake8

rbtools/commands/login.py (Diff revision 6)
The issue has been resolved. Show all issues
```
line too long (80 > 79 characters)

Column: 80
Error code: E501
```

Ship it!

```
Ship It!
```

Fix it!

rbtools/commands/login.py (Diff revision 6)
An issue was opened. Show all issues
```
Each one of these needs its own Version Changed.
```

rbtools/commands/login.py (Diff revision 6)

An issue was opened. Show all issues

I think this probably should be a Sequence, unless we're allowing manipulation of it. This may become a larger change though, I'm not sure. If so, don't worry about this.

rbtools/commands/post.py (Diff revision 6)
An issue was opened. Show all issues
```
Same note here with Sequence, if going this route for this change.
```