Mask sensitive information when print into console

dimitrystd commented 7 years ago

We got a couple feedbacks around passwords:

When you run commands with -vv you can see tokens in output
When you run init command and enter Token Secret would be nice don't print it

When you run init command once again then you see secret

smartling-cli.exe init
Generating smartling.yml...
Enter User ID [service+marketo-conector@smartling.com]:
Enter Token Secret [7237017401940192438012948731]:
Enter Account ID (optional) [2f23eaae9]:
Enter Project ID [22b60fe12]:

DoD:

Replace tokens before print API output. We did a very simple code in PHP and it still works well
Don't show secret when user enters it. Like a regular login in linux
Mask secret when you print config file. I know that everyone can run cat smartling.yml, but this will prevent issue when you share screen

seletskiy commented 7 years ago

@dimitrystd: Check it out.

dimitrystd commented 7 years ago

Wanted to check -vv and -vvv with some commands, but got error

$ smartling-cli -vv files list
* 2017-09-27 17:17:49   [DEBUG] looking for config file in: "/Users/dstudinskiy/Projects/smartling-cli-workspace"
* 2017-09-27 17:17:49   [DEBUG] config file found: "/Users/dstudinskiy/Projects/smartling-cli-workspace/smartling.yml"
panic: runtime error: slice bounds out of range

goroutine 1 [running]:
main.redactedWriter.Write(0xc42012ed80, 0x3, 0x4, 0xc42009a700, 0xfc, 0x100, 0xc4202da7c8, 0xc4202da7d0, 0x10450a1)
    /go/src/cli/redacted_log.go:54 +0x2f5
main.(*redactedWriter).Write(0xc42011e000, 0xc42009a700, 0xfc, 0x100, 0xc4202da801, 0x1044a31, 0xc42009a700)
    <autogenerated>:1 +0x74
github.com/kovetskiy/lorg.(*Output).WriteWithLevel(0xc42010e050, 0xc42009a700, 0xfc, 0x100, 0x4, 0x0, 0x0, 0x0)
    /go/src/github.com/kovetskiy/lorg/output.go:62 +0x119
github.com/kovetskiy/lorg.(*Log).write(0xc42011a000, 0xc42009a600, 0xfc, 0x4, 0xc4202da8f0, 0x1044687)
    /go/src/github.com/kovetskiy/lorg/log_write.go:63 +0x81
github.com/kovetskiy/lorg.(*Log).doLog.func2(0xc42011a000, 0xc42009a600, 0xfc, 0x4)
    /go/src/github.com/kovetskiy/lorg/log_write.go:55 +0x93
github.com/kovetskiy/lorg.(*Log).doLog(0xc42011a000, 0x4, 0xc4202da9e0, 0x1, 0x1)
    /go/src/github.com/kovetskiy/lorg/log_write.go:59 +0x161
github.com/kovetskiy/lorg.(*Log).logf(0xc42011a000, 0x4, 0x140faaf, 0x21, 0xc42010ba40, 0x5, 0x5)
    /go/src/github.com/kovetskiy/lorg/log_write.go:27 +0x107
github.com/kovetskiy/lorg.(*Log).Debugf(0xc42011a000, 0x140faaf, 0x21, 0xc42010ba40, 0x5, 0x5)
    /go/src/github.com/kovetskiy/lorg/log_api.go:194 +0x66
github.com/kovetskiy/lorg.(Logger).Debugf-fm(0x140faaf, 0x21, 0xc42010ba40, 0x5, 0x5)
    /go/src/cli/set_logger.go:17 +0x61
github.com/Smartling/api-sdk-go.(*Client).request(0xc42012edc0, 0x1404d45, 0x4, 0x140bbad, 0x19, 0x0, 0xc42018c090, 0x7a, 0x81, 0xc4202db138, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_request.go:90 +0xcb4
github.com/Smartling/api-sdk-go.(*Client).requestJSON(0xc42012edc0, 0x1404d45, 0x4, 0x140bbad, 0x19, 0x0, 0xc42018c090, 0x7a, 0x81, 0x1374400, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_request.go:156 +0x11a
github.com/Smartling/api-sdk-go.(*Client).Post(0xc42012edc0, 0x140bbad, 0x19, 0xc42018c090, 0x7a, 0x81, 0x1374400, 0xc420241560, 0xc4202db138, 0x1, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_request.go:28 +0xe0
github.com/Smartling/api-sdk-go.(*Client).Authenticate(0xc42012edc0, 0xc420241380, 0x16bdef0)
    /go/src/github.com/Smartling/api-sdk-go/client_authenticate.go:65 +0x34b
github.com/Smartling/api-sdk-go.(*Client).request(0xc42012edc0, 0x1404ac5, 0x3, 0xc42015c390, 0x2b, 0xc4202413e0, 0x0, 0x0, 0x0, 0x0, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_request.go:80 +0xee3
github.com/Smartling/api-sdk-go.(*Client).requestJSON(0xc42012edc0, 0x1404ac5, 0x3, 0xc42015c390, 0x2b, 0xc4202413e0, 0x0, 0x0, 0x0, 0x136dd00, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_request.go:156 +0x11a
github.com/Smartling/api-sdk-go.(*Client).GetJSON(0xc42012edc0, 0xc42015c390, 0x2b, 0xc4202413e0, 0x136dd00, 0xc4202838e0, 0x0, 0x0, 0x0, 0x0, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_request.go:39 +0xd8
github.com/Smartling/api-sdk-go.(*Client).ListFiles(0xc42012edc0, 0xc4200422a0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_list_files.go:30 +0x181
github.com/Smartling/api-sdk-go.(*Client).ListAllFiles(0xc42012edc0, 0xc4200422a0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /go/src/github.com/Smartling/api-sdk-go/client_list_files.go:57 +0x112
main.globFilesRemote(0xc42012edc0, 0xc4200422a0, 0x9, 0x14048fb, 0x2, 0x3, 0x3, 0x1, 0xc4200129a0, 0xc4200129ae)
    /go/src/cli/glob_files.go:35 +0x166
main.doFilesList(0xc42012edc0, 0xc420012500, 0x1e, 0xc42012a1c0, 0x37, 0x0, 0x0, 0xc4200422a0, 0x9, 0x4, ...)
    /go/src/cli/do_files_list.go:32 +0x228
main.doFiles(0xc420012500, 0x1e, 0xc42012a1c0, 0x37, 0x0, 0x0, 0xc4200422a0, 0x9, 0x4, 0xc420240de0, ...)
    /go/src/cli/main.go:492 +0x6d8
main.main()
    /go/src/cli/main.go:225 +0x515

seletskiy commented 7 years ago

@dimitrystd: Please test it again, it should be fixed.

dimitrystd commented 7 years ago

Verified

Smartling / smartling-cli

Mask sensitive information when print into console #36