auth: Read passphrase from env var or stdin #237
Conversation
auth/src/lib.rs
Outdated
| let passphrase = term::read_passphrase(options.stdin, false)?; | ||
| let secret = keys::pwhash(passphrase); | ||
|
|
||
| // let pass = keys::pwhash(passphrase); |
There was a problem hiding this comment.
| // let pass = keys::pwhash(passphrase); |
common/src/test.rs
Outdated
| @@ -29,6 +29,7 @@ pub mod setup { | |||
|
|
|||
| pub fn lnk_home() -> Result<(), BoxedError> { | |||
| env::set_var(LNK_HOME, env::current_dir()?.join("lnk_home")); | |||
| env::set_var("RAD_PASSPHRASE", USER_PASS); | |||
There was a problem hiding this comment.
Perhaps introducing a constant for the env var name to avoid typos.
| @@ -310,6 +302,47 @@ pub fn secret_input_with_confirmation() -> SecUtf8 { | |||
| ) | |||
| } | |||
|
|
|||
| pub fn secret_stdin() -> Result<SecUtf8, anyhow::Error> { | |||
| let mut input: Zeroizing<String> = Zeroizing::new(Default::default()); | |||
| std::io::stdin().read_line(&mut input)?; | |||
There was a problem hiding this comment.
Can't stdin().read_line() read into SecUtf8 type directly, bypassing Zeroizing? SecUtf8 does everything Zeroizing does and more, so maybe we could ditch the zeroize dependency altogether?
There was a problem hiding this comment.
Mmh, it seems that it should work with the latest version of secstr: https://docs.rs/secstr/latest/secstr/struct.SecUtf8.html#method.unsecure_mut.
Unfortunately, we're on 0.3.2 though and it's not supported it that version.
There was a problem hiding this comment.
Opened a PR in radicle-keystore that updates secstr to 0.5.x: radicle-dev/radicle-keystore#35
There was a problem hiding this comment.
Great, thanks! I Didn't realise it's going to require a version update 😬
There was a problem hiding this comment.
Cool, we can fix this in a later PR
cloudhead
force-pushed
the
erak/auth-env
branch
from
5e59e0b to
8484ea3
Compare
Closes #213.