1
0
mirror of https://github.com/openSUSE/osc.git synced 2025-01-14 01:26:23 +01:00

Print user and apiurl when prompting for a password

It's not a good idea to send a password to a different server
than it belongs. Now the server identity is obvious.
This commit is contained in:
Daniel Mach 2022-09-07 16:10:55 +02:00
parent 7de13ea597
commit f8a8c9c91c
2 changed files with 18 additions and 13 deletions

View File

@ -794,7 +794,7 @@ def get_config(override_conffile=None,
user = _extract_user_compat(cp, url, creds_mgr) user = _extract_user_compat(cp, url, creds_mgr)
if user is None: if user is None:
raise oscerr.ConfigMissingCredentialsError('No user found in section %s' % url, conffile, url) raise oscerr.ConfigMissingCredentialsError('No user found in section %s' % url, conffile, url)
password = creds_mgr.get_password(url, user, defer=True) password = creds_mgr.get_password(url, user, defer=True, apiurl=apiurl)
if password is None: if password is None:
raise oscerr.ConfigMissingCredentialsError('No password found in section %s' % url, conffile, url) raise oscerr.ConfigMissingCredentialsError('No password found in section %s' % url, conffile, url)

View File

@ -80,14 +80,14 @@ class AbstractCredentialsManager:
def create(cls, cp, options): def create(cls, cp, options):
return cls(cp, options) return cls(cp, options)
def _get_password(self, url, user): def _get_password(self, url, user, apiurl=None):
raise NotImplementedError() raise NotImplementedError()
def get_password(self, url, user, defer=True): def get_password(self, url, user, defer=True, apiurl=None):
if defer: if defer:
return _LazyPassword(lambda: self._get_password(url, user)) return _LazyPassword(lambda: self._get_password(url, user, apiurl=apiurl))
else: else:
return self._get_password(url, user) return self._get_password(url, user, apiurl=apiurl)
def set_password(self, url, user, password): def set_password(self, url, user, password):
raise NotImplementedError() raise NotImplementedError()
@ -103,7 +103,7 @@ class AbstractCredentialsManager:
class PlaintextConfigFileCredentialsManager(AbstractCredentialsManager): class PlaintextConfigFileCredentialsManager(AbstractCredentialsManager):
def get_password(self, url, user, defer=True): def get_password(self, url, user, defer=True, apiurl=None):
return self._cp.get(url, 'pass', raw=True) return self._cp.get(url, 'pass', raw=True)
def set_password(self, url, user, password): def set_password(self, url, user, password):
@ -132,13 +132,12 @@ class PlaintextConfigFileDescriptor(AbstractCredentialsManagerDescriptor):
return PlaintextConfigFileCredentialsManager(cp, None) return PlaintextConfigFileCredentialsManager(cp, None)
class ObfuscatedConfigFileCredentialsManager( class ObfuscatedConfigFileCredentialsManager(PlaintextConfigFileCredentialsManager):
PlaintextConfigFileCredentialsManager): def get_password(self, url, user, defer=True, apiurl=None):
def get_password(self, url, user, defer=True):
if self._cp.has_option(url, 'passx', proper=True): if self._cp.has_option(url, 'passx', proper=True):
passwd = self._cp.get(url, 'passx', raw=True) passwd = self._cp.get(url, 'passx', raw=True)
else: else:
passwd = super(self.__class__, self).get_password(url, user) passwd = super(self.__class__, self).get_password(url, user, apiurl=apiurl)
return self.decode_password(passwd) return self.decode_password(passwd)
def set_password(self, url, user, password): def set_password(self, url, user, password):
@ -182,9 +181,15 @@ class TransientCredentialsManager(AbstractCredentialsManager):
if options is not None: if options is not None:
raise RuntimeError('options must be None') raise RuntimeError('options must be None')
def _get_password(self, url, user): def _get_password(self, url, user, apiurl=None):
if self._password is None: if self._password is None:
self._password = getpass.getpass('Password: ') if apiurl:
# strip scheme from apiurl because we don't want to display it to the user
apiurl_no_scheme = urlsplit(apiurl)[1]
msg = f'Password [{user}@{apiurl_no_scheme}]: '
else:
msg = 'Password: '
self._password = getpass.getpass(msg)
return self._password return self._password
def set_password(self, url, user, password): def set_password(self, url, user, password):
@ -229,7 +234,7 @@ class KeyringCredentialsManager(AbstractCredentialsManager):
return None return None
return super(cls, cls).create(cp, options) return super(cls, cls).create(cp, options)
def _get_password(self, url, user): def _get_password(self, url, user, apiurl=None):
self._load_backend() self._load_backend()
return keyring.get_password(urlsplit(url)[1], user) return keyring.get_password(urlsplit(url)[1], user)