VULN-44842 Add a flag that allows users to not send the Access JWT to stdout

2023-11-15 15:07:39 -06:00 · 2023-11-15 15:07:39 -06:00 · 45236a1f7d
parent e0a55f9c0e
commit 45236a1f7d
1 changed files with 12 additions and 0 deletions
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@ -26,6 +26,7 @@ import (
 )

 const (
+	loginQuietFlag     = "quiet"
 	sshHostnameFlag    = "hostname"
 	sshDestinationFlag = "destination"
 	sshURLFlag         = "url"
@ -90,6 +91,13 @@ func Commands() []*cli.Command {
 					Once authenticated with your identity provider, the login command will generate a JSON Web Token (JWT)
 					scoped to your identity, the application you intend to reach, and valid for a session duration set by your
 					administrator. cloudflared stores the token in local storage.`,
+					Flags: []cli.Flag{
+						&cli.BoolFlag{
+							Name:    loginQuietFlag,
+							Aliases: []string{"q"},
+							Usage:   "do not print the jwt to the command line",
+						},
+					},
 				},
 				{
 					Name:   "curl",
@ -246,6 +254,10 @@ func login(c *cli.Context) error {
 		fmt.Fprintln(os.Stderr, "token for provided application was empty.")
 		return errors.New("empty application token")
 	}
+
+	if c.Bool(loginQuietFlag) {
+		return nil
+	}
 	fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken)

 	return nil