Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI: Tokens must not be saved in plain text #22545

Closed
Tracked by #22540
fabrizzio-dotCMS opened this issue Jul 8, 2022 · 5 comments
Closed
Tracked by #22540

CLI: Tokens must not be saved in plain text #22545

fabrizzio-dotCMS opened this issue Jul 8, 2022 · 5 comments
Labels
dotCMS : CLI Merged Note to QA QA : Approved QA : Passed Internal Release : 23.03 Team : Scout Type : Enhancement

Comments

@fabrizzio-dotCMS
Copy link
Contributor

fabrizzio-dotCMS commented Jul 8, 2022
edited
Loading

We need to be able to log in and save the currently selected user and the respective returned token for the given selected dotCMS instance.
using the KeyTar library
@fabrizzio-dotCMS fabrizzio-dotCMS changed the title Write Status/Login Commands Tokens must not be saved in plain text Jul 28, 2022
@stale
Copy link

stale bot commented Dec 1, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Dec 1, 2022
@stale stale bot closed this as completed Dec 8, 2022
@fabrizzio-dotCMS fabrizzio-dotCMS self-assigned this Jan 30, 2023
@fabrizzio-dotCMS
Copy link
Contributor Author

PR #23949

@nollymar nollymar moved this from New to In Review in dotCMS - Product Planning Feb 21, 2023
@nollymar nollymar changed the title Tokens must not be saved in plain text CLI: Tokens must not be saved in plain text Feb 23, 2023
@fabrizzio-dotCMS
Copy link
Contributor Author

fabrizzio-dotCMS commented Feb 23, 2023
edited
Loading

Note for QA:
in the user directory, there should be a hidden directory named .dotcms
inside that directory, there should be a file named dot-service.yml
This is where the user profile and dot-cms instances are saved/configured and this is where the token used to be saved
So.. just make sure it does not appear here.
In case the OS does not support password storage natively using a Key-Ring or something
then the access token gets saved as plain text in this file. But I don't really know how to simulate such scenery

@nollymar
Copy link
Contributor

Internal QA: Passed

@nollymar nollymar moved this from In Review to QA - Backlog in dotCMS - Product Planning Feb 28, 2023
@nollymar nollymar mentioned this issue Mar 2, 2023
Closed
@bryanboza
Copy link
Contributor

Fixed, tested on release-23.03 // Docker // FF

@bryanboza bryanboza moved this from QA - Backlog to Done in dotCMS - Product Planning Mar 20, 2023
@wezell wezell closed this as completed May 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dotCMS : CLI Merged Note to QA QA : Approved QA : Passed Internal Release : 23.03 Team : Scout Type : Enhancement
Projects
dotCMS - Product Planning
Archived in project
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wezell @bryanboza @nollymar @fabrizzio-dotCMS