Skip to content

[ONB-2396] Detallar el error de IP allow list en la verificación de conectividad de fintoc doctor#55

Merged
vacodoceo merged 3 commits into
mainfrom
ONB-2396-detallar-error-ip-allow-list-conectividad
Jun 26, 2026
Merged

[ONB-2396] Detallar el error de IP allow list en la verificación de conectividad de fintoc doctor#55
vacodoceo merged 3 commits into
mainfrom
ONB-2396-detallar-error-ip-allow-list-conectividad

Conversation

@vacodoceo

@vacodoceo vacodoceo commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Contexto

Al correr fintoc doctor, la sección de Connectivity tiraba siempre el mismo error genérico (could not reach api.fintoc.com) aunque hubiera internet y la API key fuera correcta. El caso real era que la IP no estaba en la allow list de la organización, y costaba cacharlo. Los clientes que usan IP allow list y prueban la CLI iban a toparse con lo mismo.

El catch de checkConnectivity aplastaba cualquier error en el mensaje genérico, pero la API en realidad responde un 401 authentication_error con código allowed_cidr_blocks_does_not_contain_ip (o missing_allowed_cidr_block): la request sí llega a la API.

Que hay de nuevo?

  • checkConnectivity clasifica el error: si es de IP allow list muestra que la API es alcanzable pero la IP no está permitida, con link al dashboard
  • Distingue el caso de API key rechazada y deja el mensaje genérico solo para fallas reales de red
  • handleError gana una rama para los códigos de IP allow list, así cualquier comando (no solo doctor) muestra un mensaje claro
  • De paso, alineo las columnas de doctor (labels, valores y líneas de detalle quedaban corridas a veces)

Tests

  • Tests unitarios

Screenshot

Screenshot 2026-06-24 at 12 39 00

Created with Claude Code /fast-track command

When an org restricts API access by IP, the API replies 401 with code
allowed_cidr_blocks_does_not_contain_ip (or missing_allowed_cidr_block).
These fell into the generic "Authentication failed: check your API key"
path, which misled callers whose key was actually fine.

Detect those codes in handleError and point users to the dashboard allow
list instead. Export parseFintocError so doctor can reuse the parsing.
checkConnectivity swallowed every failure into "could not reach
api.fintoc.com", so an IP-not-allow-listed org looked like a network
outage even though the request reached the API. Classify the caught
error: report the host as reachable but the IP as blocked (with a link
to fix it), distinguish a rejected key, and keep the generic message
only for real network failures.
@vacodoceo vacodoceo self-assigned this Jun 24, 2026
The continuation lines (e.g. the "Run `fintoc login`" hint) were indented
to column 20, but values sit at column 22 (status glyph + space + label),
so they drifted left. The skipped checks were also printed as raw hints
with a leading indent and a width-ambiguous skip glyph, breaking the
column entirely.

Route every line through row()/detail() helpers that pad to a single
width, and render skipped checks via info() like the rest, so labels,
values and follow-up lines share one column.
@vacodoceo vacodoceo force-pushed the ONB-2396-detallar-error-ip-allow-list-conectividad branch from 43ca76e to acf071f Compare June 24, 2026 16:40
@vacodoceo vacodoceo marked this pull request as ready for review June 24, 2026 16:40
@vacodoceo vacodoceo requested a review from FranciscaOtero June 24, 2026 16:40
@vacodoceo vacodoceo merged commit 67f273e into main Jun 26, 2026
2 checks passed
@vacodoceo vacodoceo deleted the ONB-2396-detallar-error-ip-allow-list-conectividad branch June 26, 2026 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants