search

duritong / trocla

A password store for password creation and retrieval
Other
75 stars 18 forks source link

trocla create user1 plain --no-random #43

Open qwertologe opened 7 years ago

qwertologe commented 7 years ago

creates the following output:

Action failed with the following message: Password must be present as plaintext if you don't want a random password
(See full trace by running task with --trace)

As i understand, this feature is not implemented but would be really helpful (one step instead of two).

duritong commented 7 years ago

I'm not sure what you expect that "feature" todo, can you elaborate a bit more?

qwertologe commented 7 years ago

Sorry for the late answer!

I am not sure if i understand the handling but i did my best. Here are my problems:

$ dpkg -l trocla
...
ii  trocla   0.2.3-1   all   generate and store passwords and
$ trocla -v
0.2.3.

# creating non-random passwords with format != plain - e.g. sha1:

$ trocla create user1 sha1 # generates random sha1 and plain
$ trocla set user2 sha1 # asks and generates sha1, but no plain
Enter your password: xxx
Repeat password: xxx

# here is my try (enter a password which is stored in plain and sha1 or md5crypt...):
$ trocla create user3 sha1 --no-random # assumed: asks and generates sha1 and plain - but:
Action failed with the following message: Password must be present as plaintext if you don't want a random password
(See full trace by running task with --trace)
$ trocla create user3 sha1 --no-random -p foo # same problem
Action failed with the following message: Password must be present as plaintext if you don't want a random password
(See full trace by running task with --trace)
$ echo -n foo | trocla create user3 sha1 --no-random -p # same problem
Action failed with the following message: Password must be present as plaintext if you don't want a random password
(See full trace by running task with --trace)

# testing workarounds (part1):

$ trocla set user4 sha1 --no-random -p foo # creates but without plain
$ trocla set user4 plain --no-random -p foo # sha1 is gone, only plain remains

# testing workarounds (part2):
$ trocla create user5 sha1
{SHA}kQslyuxgrLcqU9l7XTgwxn8hZdU=
$ cat trocla.yaml
---
user5:
  plain: AlnC)BoYvX*Ry]JL
  sha1: "{SHA}kQslyuxgrLcqU9l7XTgwxn8hZdU=\n"
$ trocla set user5 plain -p foo
$ cat trocla.yaml # plain is replaced, sha1 is removed
---
user5:
  plain: foo

# testing workarounds (part3):
$ trocla create user6 sha1
{SHA}vZNCeAjTh5ehBzWShDvvg/5RCRc=
$ cat trocla.yaml
---
user6:
  plain: 8r:]ihU2-HpEM/h_
  sha1: "{SHA}vZNCeAjTh5ehBzWShDvvg/5RCRc=\n"
$ trocla set user6 sha1 -p foo
$ cat trocla.yaml  # sha1 is replaced, plain remains
---
user6:
  plain: 8r:]ihU2-HpEM/h_
  sha1: "{SHA}C+7Hteo/D9vJXQ3UfzxbwnXaijM=\n"
duritong commented 6 years ago

So I tried again to understand your use-case, to see where we could improve the cli UX (besides the help). For every step I assume the trocla database is empty.

Usecase:

You can do that by using

trocla set user2 sha1

This will ask you for the plain text password, and create a sha1 of that one, but not store the plain-text one.

If you want to store the plain text password, you can first set the plain text:

trocla set user2 plain

And then create the sha1 from that one:

trocla create user2 sha1

This will store both plain and sha1 version of the password. It requires 2 steps:

trocla set user2 plain
trocla create user2 sha1

Which I don't see as a big deal or do I miss something?

qwertologe commented 6 years ago

I did expect the --no-random parameter to work together with create (which doesn't). Not a real problem - you can close it if you want.

duritong commented 6 years ago

But what should be the behavior? --no-random tells to not create a random password and if none is present, a random one would need to be created. What would you expect not to be random?

qwertologe commented 6 years ago

I expected it to ask for the password.