VULN-44842 Add a flag that allows users to not send the Access JWT to stdout

This commit is contained in:
James Royal 2023-11-15 15:07:39 -06:00
parent e0a55f9c0e
commit 45236a1f7d
1 changed files with 12 additions and 0 deletions

View File

@ -26,6 +26,7 @@ import (
) )
const ( const (
loginQuietFlag = "quiet"
sshHostnameFlag = "hostname" sshHostnameFlag = "hostname"
sshDestinationFlag = "destination" sshDestinationFlag = "destination"
sshURLFlag = "url" sshURLFlag = "url"
@ -90,6 +91,13 @@ func Commands() []*cli.Command {
Once authenticated with your identity provider, the login command will generate a JSON Web Token (JWT) Once authenticated with your identity provider, the login command will generate a JSON Web Token (JWT)
scoped to your identity, the application you intend to reach, and valid for a session duration set by your scoped to your identity, the application you intend to reach, and valid for a session duration set by your
administrator. cloudflared stores the token in local storage.`, administrator. cloudflared stores the token in local storage.`,
Flags: []cli.Flag{
&cli.BoolFlag{
Name: loginQuietFlag,
Aliases: []string{"q"},
Usage: "do not print the jwt to the command line",
},
},
}, },
{ {
Name: "curl", Name: "curl",
@ -246,6 +254,10 @@ func login(c *cli.Context) error {
fmt.Fprintln(os.Stderr, "token for provided application was empty.") fmt.Fprintln(os.Stderr, "token for provided application was empty.")
return errors.New("empty application token") return errors.New("empty application token")
} }
if c.Bool(loginQuietFlag) {
return nil
}
fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken) fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken)
return nil return nil