Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: allow auth token-login flag value as filepath to avoid leaking token into shell history #1787

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: allow auth token-login flag value as filepath to avoid leaking token into shell history #1787

wants to merge 3 commits into from

Conversation

jakedoublev
Copy link

@jakedoublev jakedoublev commented Jan 22, 2025
edited
Loading

Description

This PR adds the functionality to take in a token-login flag value in the form of a file path containing the auth token. There is backwards compatibility with the existing state, but providing the token from a file location is a more secure way of authenticating the CLI via access token directly. Passing a token directly leaks the value into the shell history, which can make it available to other processes on a machine.

The current state:

jakevanvorhis$ ./astro login --token-login 'my-super-secret-token'
Welcome to the Astro CLI 🚀
To learn more about Astro, go to https://www.astronomer.io/docs
You are logging into Astro via an OAuth token
This token will expire in 1 hour and will not refresh
Error: cannot retrieve userinfo: API error (401): Unauthorized

jakevanvorhis$ history | grep astro
  523  ./astro login --token-login 'my-super-secret-token'

🎟 Issue(s)

Related #XXX

🧪 Functional Testing

  1. Save your authenticated JWT to a file.
  2. Pass the file location to the command as flag value ./astro login --token-login < token file path >
  3. Observe

📸 Screenshots

Add screenshots to illustrate the validity of these changes.

📋 Checklist

  • Rebased from the main (or release if patching) branch (before testing)
  • Ran make test before taking out of draft
  • Ran make lint before taking out of draft
  • Added/updated applicable tests
  • Tested against Astro-API (if necessary).
  • Tested against Houston-API and Astronomer (if necessary).
  • Communicated to/tagged owners of respective clients potentially impacted by these changes.
  • Updated any related documentation

@jakedoublev jakedoublev marked this pull request as ready for review January 22, 2025 05:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neel-astro neel-astro Awaiting requested review from neel-astro neel-astro is a code owner

@jeremybeard jeremybeard Awaiting requested review from jeremybeard jeremybeard is a code owner

@kushalmalani kushalmalani Awaiting requested review from kushalmalani kushalmalani is a code owner

@lzdanski lzdanski Awaiting requested review from lzdanski lzdanski is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jakedoublev