Auth login flow and env variables interact in an unclear way
pierrelalanne opened this issue · comments
Environment
- ggshield version: 1.14.5
- Operating system (Linux, macOS, Windows): macOS
- Operating system version: -
- Python version: -
Describe the bug
If an API key was generated with ggshield auth login
and then revoked in the dashboard, and if in the meantime an environment variable is set for GITGUARDIAN_API_KEY
, a new run of ggshield auth login
will state that ggshield is already authenticated without an expiry date
.
This is not exactly true : ggshield is authenticated indeed, yet this is not due to ggshield auth login
, but to the env variable being setup.
Steps to reproduce:
- Run
ggshield auth login
to get a token - From GitGuardian's dashboard : revoke the token
- Run
ggshield auth login
again, this will generate another token - Revoke the token once again from the dashboard
- Setup an environment variable GITGUARDIAN_API_KEY with a valid key
- Run
ggshield auth login
, you should get theggshield is already authenticated without an expiry date
message
Expected result:
We would expect the auth login flow to start again.