From 37b294680c5dec1ba2e18802e5d987afe2c965f4 Mon Sep 17 00:00:00 2001
From: Chris Roberts <croberts@hashicorp.com>
Date: Mon, 11 Nov 2024 15:48:46 -0800
Subject: [PATCH] Update authentication handling with client wrapper

---
 .../add_downloader_authentication.rb           |  5 +++--
 plugins/commands/cloud/client/client.rb        | 18 +++++++++++++-----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/plugins/commands/cloud/auth/middleware/add_downloader_authentication.rb b/plugins/commands/cloud/auth/middleware/add_downloader_authentication.rb
index cdd9c8e33ee..befaf2a12ae 100644
--- a/plugins/commands/cloud/auth/middleware/add_downloader_authentication.rb
+++ b/plugins/commands/cloud/auth/middleware/add_downloader_authentication.rb
@@ -5,9 +5,8 @@
 Vagrant.require "uri"
 Vagrant.require "vagrant/util/credential_scrubber"
 
-require_relative "./add_authentication"
-
 require Vagrant.source_root.join("plugins/commands/cloud/client/client")
+require_relative "./add_authentication"
 
 # Similar to AddAuthentication this middleware will add authentication for interacting
 # with Vagrant cloud. It does this by adding Authentication headers to a
@@ -54,6 +53,8 @@ def call(env)
               else
                 env[:downloader].headers << "Authorization: Bearer #{token}"
               end
+            else
+              @logger.debug("Not adding authentication header, host mismatch #{target_url.host} != #{server_uri.host}")
             end
 
             env[:downloader]
diff --git a/plugins/commands/cloud/client/client.rb b/plugins/commands/cloud/client/client.rb
index 945700c3a77..83c212fe52a 100644
--- a/plugins/commands/cloud/client/client.rb
+++ b/plugins/commands/cloud/client/client.rb
@@ -37,10 +37,13 @@ def self.reset!
       def initialize(env)
         @logger = Log4r::Logger.new("vagrant::cloud::client")
         @env    = env
-        @client = VagrantCloud::Client.new(
-          access_token: token,
-          url_base: api_server_url
-        )
+        if !defined?(@@client)
+          @@client = VagrantCloud::Client.new(
+            access_token: token,
+            url_base: api_server_url
+          )
+        end
+        @client = @@client
       end
 
       # Removes the token, effectively logging the user out.
@@ -54,7 +57,8 @@ def clear_token
       #
       # @return [Boolean]
       def logged_in?
-        return false if !client.access_token
+        return false if !client&.access_token
+
         Vagrant::Util::CredentialScrubber.sensitive(client.access_token)
 
         with_error_handling do
@@ -128,6 +132,10 @@ def store_token(token)
       #
       # @return [String]
       def token
+        # If the client is defined, use the client for the access token
+        # to allow proper token generation if required
+        return client.access_token if client && !client.access_token.nil?
+
         if present?(ENV["VAGRANT_CLOUD_TOKEN"]) && token_path.exist?
           # Only show warning if it has not been previously shown
           if !defined?(@@double_token_warning)