diff options
Diffstat (limited to 'src/zen/authutils.cpp')
| -rw-r--r-- | src/zen/authutils.cpp | 80 |
1 files changed, 50 insertions, 30 deletions
diff --git a/src/zen/authutils.cpp b/src/zen/authutils.cpp index d68e60b11..922007ac8 100644 --- a/src/zen/authutils.cpp +++ b/src/zen/authutils.cpp @@ -126,21 +126,34 @@ AuthCommandLineOptions::ParseOptions(cxxopts::Options& Ops, ZEN_ASSERT(!SystemRootDir.empty()); if (!Auth) { - if (m_EncryptionKey.empty()) + static const std::string_view DefaultEncryptionKey("abcdefghijklmnopqrstuvxyz0123456"); + static const std::string_view DefaultEncryptionIV("0123456789abcdef"); + if (m_EncryptionKey.empty() && m_EncryptionIV.empty()) { - m_EncryptionKey = "abcdefghijklmnopqrstuvxyz0123456"; + m_EncryptionKey = DefaultEncryptionKey; + m_EncryptionIV = DefaultEncryptionIV; if (!Quiet) { - ZEN_CONSOLE_WARN("Using default encryption key"); + ZEN_CONSOLE_WARN("Auth: Using default encryption key and initialization vector for auth storage"); } } - - if (m_EncryptionIV.empty()) + else { - m_EncryptionIV = "0123456789abcdef"; - if (!Quiet) + if (m_EncryptionKey.empty()) + { + m_EncryptionKey = DefaultEncryptionKey; + if (!Quiet) + { + ZEN_CONSOLE_WARN("Auth: Using default encryption key for auth storage"); + } + } + if (m_EncryptionIV.empty()) { - ZEN_CONSOLE_WARN("Using default encryption initialization vector"); + m_EncryptionIV = DefaultEncryptionIV; + if (!Quiet) + { + ZEN_CONSOLE_WARN("Auth: Using default encryption initialization vector for auth storage"); + } } } @@ -159,9 +172,9 @@ AuthCommandLineOptions::ParseOptions(cxxopts::Options& Ops, { ExtendableStringBuilder<128> SB; SB << "\n RootDirectory: " << AuthMgrConfig.RootDirectory.string(); - SB << "\n EncryptionKey: " << m_EncryptionKey; - SB << "\n EncryptionIV: " << m_EncryptionIV; - ZEN_CONSOLE("Creating auth manager with:{}", SB.ToString()); + SB << "\n EncryptionKey: " << HideSensitiveString(m_EncryptionKey); + SB << "\n EncryptionIV: " << HideSensitiveString(m_EncryptionIV); + ZEN_CONSOLE("Auth: Creating auth manager with:{}", SB.ToString()); } Auth = AuthMgr::Create(AuthMgrConfig); } @@ -176,13 +189,18 @@ AuthCommandLineOptions::ParseOptions(cxxopts::Options& Ops, ExtendableStringBuilder<128> SB; SB << "\n Name: " << ProviderName; SB << "\n Url: " << m_OpenIdProviderUrl; - SB << "\n ClientId: " << m_OpenIdClientId; - ZEN_CONSOLE("Adding openid auth provider:{}", SB.ToString()); + SB << "\n ClientId: " << HideSensitiveString(m_OpenIdClientId); + ZEN_CONSOLE("Auth: Adding Open ID auth provider:{}", SB.ToString()); } Auth->AddOpenIdProvider({.Name = ProviderName, .Url = m_OpenIdProviderUrl, .ClientId = m_OpenIdClientId}); if (!m_OpenIdRefreshToken.empty()) { - ZEN_CONSOLE("Adding open id refresh token {} to provider {}", m_OpenIdRefreshToken, ProviderName); + if (!Quiet) + { + ZEN_CONSOLE("Auth: Adding open id refresh token {} to provider {}", + HideSensitiveString(m_OpenIdRefreshToken), + ProviderName); + } Auth->AddOpenIdToken({.ProviderName = ProviderName, .RefreshToken = m_OpenIdRefreshToken}); } } @@ -197,21 +215,21 @@ AuthCommandLineOptions::ParseOptions(cxxopts::Options& Ops, if (!m_AccessToken.empty()) { - if (Verbose) + if (!Quiet) { - ZEN_CONSOLE("Adding static auth token: {}", m_AccessToken); + ZEN_CONSOLE("Auth: Using static auth token: {}", HideSensitiveString(m_AccessToken)); } ClientSettings.AccessTokenProvider = httpclientauth::CreateFromStaticToken(m_AccessToken); } else if (!m_AccessTokenPath.empty()) { - MakeSafeAbsolutePathÍnPlace(m_AccessTokenPath); + MakeSafeAbsolutePathInPlace(m_AccessTokenPath); std::string ResolvedAccessToken = ReadAccessTokenFromJsonFile(m_AccessTokenPath); if (!ResolvedAccessToken.empty()) { - if (Verbose) + if (!Quiet) { - ZEN_CONSOLE("Adding static auth token from {}: {}", m_AccessTokenPath, ResolvedAccessToken); + ZEN_CONSOLE("Auth: Adding static auth token from {}: {}", m_AccessTokenPath, HideSensitiveString(ResolvedAccessToken)); } ClientSettings.AccessTokenProvider = httpclientauth::CreateFromStaticToken(ResolvedAccessToken); } @@ -222,9 +240,9 @@ AuthCommandLineOptions::ParseOptions(cxxopts::Options& Ops, { ExtendableStringBuilder<128> SB; SB << "\n Url: " << m_OAuthUrl; - SB << "\n ClientId: " << m_OAuthClientId; - SB << "\n ClientSecret: " << m_OAuthClientSecret; - ZEN_CONSOLE("Adding oauth provider:{}", SB.ToString()); + SB << "\n ClientId: " << HideSensitiveString(m_OAuthClientId); + SB << "\n ClientSecret: " << HideSensitiveString(m_OAuthClientSecret); + ZEN_CONSOLE("Auth: Adding oauth provider:{}", SB.ToString()); } ClientSettings.AccessTokenProvider = httpclientauth::CreateFromOAuthClientCredentials( {.Url = m_OAuthUrl, .ClientId = m_OAuthClientId, .ClientSecret = m_OAuthClientSecret}); @@ -232,25 +250,27 @@ AuthCommandLineOptions::ParseOptions(cxxopts::Options& Ops, else if (!m_OpenIdProviderName.empty()) { CreateAuthMgr(); - if (Verbose) + if (!Quiet) { - ZEN_CONSOLE("Using openid provider: {}", m_OpenIdProviderName); + ZEN_CONSOLE("Auth: Using OpenId provider: {}", m_OpenIdProviderName); } ClientSettings.AccessTokenProvider = httpclientauth::CreateFromOpenIdProvider(*Auth, m_OpenIdProviderName); } else if (std::string ResolvedAccessToken = GetEnvAccessToken(m_AccessTokenEnv); !ResolvedAccessToken.empty()) { - if (Verbose) + if (!Quiet) { - ZEN_CONSOLE("Using environment variable '{}' as access token '{}'", m_AccessTokenEnv, ResolvedAccessToken); + ZEN_CONSOLE("Auth: Resolved environment variable '{}' to access token '{}'", + m_AccessTokenEnv, + HideSensitiveString(ResolvedAccessToken)); } ClientSettings.AccessTokenProvider = httpclientauth::CreateFromStaticToken(ResolvedAccessToken); } else if (std::filesystem::path OidcTokenExePath = FindOidcTokenExePath(m_OidcTokenAuthExecutablePath); !OidcTokenExePath.empty()) { - if (Verbose) + if (!Quiet) { - ZEN_CONSOLE("Running oidctoken exe from path '{}'", m_OidcTokenAuthExecutablePath); + ZEN_CONSOLE("Auth: Using oidctoken exe from path '{}'", OidcTokenExePath); } ClientSettings.AccessTokenProvider = httpclientauth::CreateFromOidcTokenExecutable(OidcTokenExePath, HostUrl, Quiet, m_OidcTokenUnattended, Hidden); @@ -263,9 +283,9 @@ AuthCommandLineOptions::ParseOptions(cxxopts::Options& Ops, if (!ClientSettings.AccessTokenProvider) { CreateAuthMgr(); - if (Verbose) + if (!Quiet) { - ZEN_CONSOLE("Using default openid provider"); + ZEN_CONSOLE("Auth: Using default Open ID provider"); } ClientSettings.AccessTokenProvider = httpclientauth::CreateFromDefaultOpenIdProvider(*Auth); } |