Giters

GitGuardian / ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

Home Page:https://gitguardian.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Auth login flow and env variables interact in an unclear way

pierrelalanne opened this issue · comments

commented

Environment

  • ggshield version: 1.14.5
  • Operating system (Linux, macOS, Windows): macOS
  • Operating system version: -
  • Python version: -

Describe the bug

If an API key was generated with ggshield auth login and then revoked in the dashboard, and if in the meantime an environment variable is set for GITGUARDIAN_API_KEY, a new run of ggshield auth login will state that ggshield is already authenticated without an expiry date.

This is not exactly true : ggshield is authenticated indeed, yet this is not due to ggshield auth login, but to the env variable being setup.

Steps to reproduce:

  1. Run ggshield auth login to get a token
  2. From GitGuardian's dashboard : revoke the token
  3. Run ggshield auth login again, this will generate another token
  4. Revoke the token once again from the dashboard
  5. Setup an environment variable GITGUARDIAN_API_KEY with a valid key
  6. Run ggshield auth login, you should get the ggshield is already authenticated without an expiry date message

Expected result:

We would expect the auth login flow to start again.