New credentials backend (Transient store)

New backend to not store the password and ask for it every time.
2024-11-10 06:46:15 +01:00 · 2019-08-27 16:26:20 +02:00 · 2019-08-27 16:26:20 +02:00 · abf206fa0d
commit abf206fa0d
parent eb3a3ef0ec
2 changed files with 53 additions and 3 deletions
--- a/osc/conf.py
+++ b/osc/conf.py
@ -776,6 +776,15 @@ def _get_credentials_manager(url, cp):
        return credentials.ObfuscatedConfigFileCredentialsManager(cp, None)
    return credentials.PlaintextConfigFileCredentialsManager(cp, None)

+
+class APIHostOptionsEntry(dict):
+    def __getitem__(self, key, *args, **kwargs):
+        value = super(self.__class__, self).__getitem__(key, *args, **kwargs)
+        if key == 'pass' and callable(value):
+            value = value()
+        return value
+
+
 def get_config(override_conffile=None,
               override_apiurl=None,
               override_debug=None,
@ -881,9 +890,10 @@ def get_config(override_conffile=None,
                    raise oscerr.ConfigError(msg, conffile)
                aliases[key] = url

-        api_host_options[apiurl] = {'user': user,
-                                    'pass': password,
-                                    'http_headers': http_headers}
+        entry = {'user': user,
+                 'pass': password,
+                 'http_headers': http_headers}
+        api_host_options[apiurl] = APIHostOptionsEntry(entry)

        optional = ('realname', 'email', 'sslcertck', 'cafile', 'capath')
        for key in optional:
--- a/osc/credentials.py
+++ b/osc/credentials.py
@ -1,6 +1,7 @@
 import importlib
 import bz2
 import base64
+import getpass
 try:
    from urllib.parse import urlsplit
 except ImportError:
@ -113,6 +114,44 @@ class ObfuscatedConfigFileDescriptor(AbstractCredentialsManagerDescriptor):
        return ObfuscatedConfigFileCredentialsManager(cp, None)


+class TransientCredentialsManager(AbstractCredentialsManager):
+    def __init__(self, *args, **kwargs):
+        super(self.__class__, self).__init__(*args, **kwargs)
+        self._password = None
+
+    def _process_options(self, options):
+        if options is not None:
+            raise RuntimeError('options must be None')
+
+    def get_password(self, url, user, defer=True):
+        if defer:
+            return self
+        return self()
+
+    def set_password(self, url, user, password):
+        self._password = password
+        self._cp.set(url, self.config_entry, self._qualified_name())
+
+    def delete_password(self, url, user):
+        self._password = None
+
+    def __call__(self):
+        if self._password is None:
+            self._password = getpass.getpass('Password: ')
+        return self._password
+
+
+class TransientDescriptor(AbstractCredentialsManagerDescriptor):
+    def name(self):
+        return 'Transient password store'
+
+    def description(self):
+        return 'Do not store the password and always ask for the password'
+
+    def create(self, cp):
+        return TransientCredentialsManager(cp, None)
+
+
 class KeyringCredentialsManager(AbstractCredentialsManager):
    def __init__(self, cp, options, appname='osc'):
        super(self.__class__, self).__init__(cp, options)
@ -232,6 +271,7 @@ def get_credentials_manager_descriptors():
        descriptors.append(GnomeKeyringCredentialsDescriptor())
    descriptors.append(PlaintextConfigFileDescriptor())
    descriptors.append(ObfuscatedConfigFileDescriptor())
+    descriptors.append(TransientDescriptor())
    return descriptors