search

oxidecomputer / oxide.rs

The Oxide Rust SDK and CLI
Mozilla Public License 2.0
38 stars 14 forks source link

oxide auth allows auth to the same silo multiple times #794

Open twinfees opened 2 months ago

twinfees commented 2 months ago

Component

What was the expected behaviour

Once a user is auth'd to a silo, if they accidentally try to auth to that same silo again, perhaps we should check to make sure they aren't already authenticated to that silo, and let the user know if they are?

What is the current behaviour and what actions did you take to get there

Users can auth to the same silo multiple times. I learned this due to the desire to auth to a new silo, but copy/pasted the wrong host URL, resulting in a duplicate auth to a silo I was already authenticated to. Out of curiosity, I did it again, and again, and each time it worked, generating a new profile.

izzyfee@Elizabeths-MBP ~/.config/oxide$ cat credentials.toml                                                                                                                   

[profile.oxide]
host = "https://blah.sys.blah2.differentblah.com"
token = "oxide-token-xxxx0"
user = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

[profile.oxide2]
host = "https://blah.sys.blah3.blahblah.com" <----------------
token = "oxide-token-xxxx1"
user = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

[profile.oxide3]
host = "https://blah.sys.blah3.blahblah.com" <----------------
token = "oxide-token-xxxx2"
user = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

[profile.oxide4]
host = "https://blah.sys.blah3.blahblah.com" <----------------
token = "oxide-token-xxxx3"
user = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Maybe this is expected behavior?

CLI or SDK version

0.6.2+20240710.0

Operating system

Sonoma 14.3

Anything else you would like to add?

No response

ahl commented 2 months ago

I don't think we should prohibit logging into the same silo twice (nor do I think that's what you're suggesting). How do you think we should handle this? By prompting the user to confirm this is what they want?

I could see a couple of ways of handling this. For example, we could check the URL provided. I'm not sure that's 100% foolproof as I could imagine DNS aliases (?). We could also infer that you added a duplicate profile if the host / username / siloname trio was all the same.

I guess the best thing to do would be to prompt the user? Is that what you had in mind?

@twinfees I would love your thoughts on these choices. Thanks!!

david-crespo commented 2 months ago

I know you didn't ask me, but I like something along the lines of "you already have a profile 'dogfood' for that domain. Would you like to overwrite it or add another one?" If they already have more than one profile for that domain, I'm not sure what to do there. "You already have two profiles for this domain, so pick which one to overwrite, or create a new one"?

I think looking at the domain is sufficient — coming from the web (which may be my bias, or it may also be intuitive to users more generally, hard to say) tying session to the domain (regardless of whether the two domains happen to point to the same place) is intuitive.

twinfees commented 2 months ago

@ahl and @david-crespo - Yes, I think in my mind a prompt to the user will be helpful, in case they aren't meaning to create multiple profiles for a single domain/silo. I like David's suggestion:

You already have a profile 'blah' for that silo(?) domain(?). Would you like to overwrite it or add a new profile?

Maybe if they have one or more profiles already setup for a domain, it can say:

You already have the following profile(s) setup for this domain:
   1 - dogfood
   2 - dogfood1
   3 - dogfood2

Please select the number of the profile you'd like to overwrite, or press return to create a new one. 
Otherwise, you can press 0 to cancel.

?

Thanks to you both for the feedback, suggestions, and help!