fix(auth): Add prompt for providing oauth access token directly rathe…

…r than force `client id` and `client secret`. fix(auth): For interactive passwords trim leading and/or trailing `\n` characters. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com>
Keyfactor · Nov 18, 2024 · 4bdd166 · 4bdd166
1 parent 91376ae
commit 4bdd166
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 33 deletions.
diff --git a/cmd/login.go b/cmd/login.go
@@ -379,7 +379,7 @@ func promptForInteractivePassword(parameterName string, defaultValue string) str
 
 	// Trim newline and check if password is empty; if so, return default
 	if len(password) > 0 {
-		password = password[:len(password)-1]
+		password = strings.Trim(password, "\n")
 	}
 	if password == "" {
 		return defaultValue
@@ -442,51 +442,93 @@ func authInteractive(
 			}
 		}
 	} else if serverConf.AuthType == "oauth" {
-		if serverConf.ClientID == "" || forcePrompt {
-			serverConf.ClientID = promptForInteractiveParameter(
-				"Keyfactor Command OAuth Client ID",
-				serverConf.ClientID,
+		if serverConf.AccessToken == "" || forcePrompt {
+			log.Debug().Msg("prompting for OAuth access token")
+			serverConf.AccessToken = promptForInteractiveParameter(
+				"Keyfactor Command OAuth Access Token (to use client ID and secret, leave blank)",
+				serverConf.AccessToken,
 			)
 		}
-		if serverConf.ClientSecret == "" || forcePrompt {
-			serverConf.ClientSecret = promptForInteractivePassword(
-				"Keyfactor Command OAuth Client Secret",
-				serverConf.ClientSecret,
-			)
-		}
-		if serverConf.OAuthTokenUrl == "" || forcePrompt {
-			serverConf.OAuthTokenUrl = promptForInteractiveParameter(
-				"Keyfactor Command OAuth Token URL",
-				serverConf.OAuthTokenUrl,
-			)
-		}
-		if len(serverConf.Scopes) == 0 || forcePrompt {
-			scopesCsv := promptForInteractiveParameter(
-				"OAuth Scopes",
-				strings.Join(serverConf.Scopes, ","),
-			)
-			serverConf.Scopes = strings.Split(scopesCsv, ",")
-		}
-		if serverConf.Audience == "" || forcePrompt {
-			serverConf.Audience = promptForInteractiveParameter(
-				"OAuth Audience",
-				serverConf.Audience,
-			)
+		if serverConf.AccessToken == "" {
+			log.Debug().Msg("no oauth access token provided")
+			if serverConf.ClientID == "" || forcePrompt {
+				log.Debug().
+					Str("serverConf.ClientID", serverConf.ClientID).
+					Msg("prompting for OAuth client ID")
+				serverConf.ClientID = promptForInteractiveParameter(
+					"Keyfactor Command OAuth Client ID",
+					serverConf.ClientID,
+				)
+			}
+			if serverConf.ClientSecret == "" || forcePrompt {
+				log.Debug().Msg("prompting for OAuth client secret")
+				serverConf.ClientSecret = promptForInteractivePassword(
+					"Keyfactor Command OAuth Client Secret",
+					serverConf.ClientSecret,
+				)
+			}
+
+			if serverConf.OAuthTokenUrl == "" || forcePrompt {
+				log.Debug().
+					Str("serverConf.OAuthTokenUrl", serverConf.OAuthTokenUrl).
+					Msg("prompting for OAuth token URL")
+				serverConf.OAuthTokenUrl = promptForInteractiveParameter(
+					"Keyfactor Command OAuth Token URL",
+					serverConf.OAuthTokenUrl,
+				)
+			}
+			if len(serverConf.Scopes) == 0 || forcePrompt {
+				log.Debug().
+					Strs("serverConf.Scopes", serverConf.Scopes).
+					Msg("prompting for OAuth scopes")
+				scopesCsv := promptForInteractiveParameter(
+					"OAuth Scopes",
+					strings.Join(serverConf.Scopes, ","),
+				)
+				serverConf.Scopes = strings.Split(scopesCsv, ",")
+			}
+			if serverConf.Audience == "" || forcePrompt {
+				log.Debug().Msg("prompting for OAuth audience")
+				serverConf.Audience = promptForInteractiveParameter(
+					"OAuth Audience",
+					serverConf.Audience,
+				)
+			}
+		} else {
+			log.Debug().
+				Str("serverConf.AccessToken", hashSecretValue(serverConf.AccessToken)).
+				Msg("using provided OAuth access token")
 		}
 	}
 
 	if serverConf.APIPath == "" || forcePrompt {
+		log.Debug().
+			Str("serverConf.APIPath", serverConf.APIPath).
+			Msg("prompting for API path")
 		serverConf.APIPath = promptForInteractiveParameter("Keyfactor Command API path", serverConf.APIPath)
 	}
 
 	if serverConf.CACertPath == "" || forcePrompt {
+		log.Debug().
+			Str("serverConf.CACertPath", serverConf.CACertPath).
+			Msg("prompting for CA cert path")
 		serverConf.CACertPath = promptForInteractiveParameter("Keyfactor Command CA Cert Path", serverConf.CACertPath)
 	}
+	if !serverConf.SkipTLSVerify || forcePrompt {
+		log.Debug().
+			Bool("serverConf.SkipTLSVerify", serverConf.SkipTLSVerify).
+			Msg("prompting for Skip TLS Verify")
+		serverConf.SkipTLSVerify = promptForInteractiveParameter(
+			"Keyfactor Command Skip TLS Verify [true,false]",
+			fmt.Sprintf("%t", serverConf.SkipTLSVerify),
+		) == "true"
+	}
 
 	if profileName == "" {
-		profileName = "default"
+		profileName = auth_providers.DefaultConfigProfile
 	}
 	if configPath == "" {
+		log.Debug().Msg("configPath is empty, calling prepHomeDir()")
 		userHomeDir, hErr := prepHomeDir()
 		if hErr != nil {
 			//log.Println("[ERROR] Unable to create home directory: ", hErr)
@@ -502,13 +544,15 @@ func authInteractive(
 	confFile.Servers[profileName] = *serverConf
 
 	if saveConfig {
+		log.Debug().Bool("saveConfig", saveConfig).Msg("calling writeConfigFile()")
 		saveErr := writeConfigFile(&confFile, configPath)
 		if saveErr != nil {
 			//log.Println("[ERROR] Unable to save configuration file to disk: ", saveErr)
 			log.Error().Err(saveErr)
 			return confFile, saveErr
 		}
 	}
+	log.Debug().Msg("authInteractive() returning")
 	return confFile, nil
 }
 

diff --git a/go.mod b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/Jeffail/gabs v1.4.0
-	github.com/Keyfactor/keyfactor-auth-client-go v1.1.0-rc.3
+	github.com/Keyfactor/keyfactor-auth-client-go v1.1.0-rc.4
 	github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0-rc.2
 	github.com/Keyfactor/keyfactor-go-client/v3 v3.0.0-rc.11
 	github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2

diff --git a/go.sum b/go.sum
@@ -18,8 +18,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mx
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo=
 github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
-github.com/Keyfactor/keyfactor-auth-client-go v1.1.0-rc.3 h1:pQvbBM3DmSDdGMLh9s648Md+fHOoZtL7tjmVnHNDeVc=
-github.com/Keyfactor/keyfactor-auth-client-go v1.1.0-rc.3/go.mod h1:Ia3VmXsumFrr01BMc1Rp5OpDWmfXWjdeMituda14T4I=
+github.com/Keyfactor/keyfactor-auth-client-go v1.1.0-rc.4 h1:2TTlhVjPvPV6UrKN/VEqdcNGb4mgwAcsLcGuoQofg28=
+github.com/Keyfactor/keyfactor-auth-client-go v1.1.0-rc.4/go.mod h1:Ia3VmXsumFrr01BMc1Rp5OpDWmfXWjdeMituda14T4I=
 github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0-rc.2 h1:RNrfgrC+mPvqOc1wPsFjB4thuw7qJbP3gOycRDcRwxI=
 github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0-rc.2/go.mod h1:11WXGG9VVKSV0EPku1IswjHbGGpzHDKqD4pe2vD7vas=
 github.com/Keyfactor/keyfactor-go-client/v3 v3.0.0-rc.11 h1:nYc7fEidu26ZKGwEByQNr2EWPCsCs0zxnHUKnRT6/rY=