micha/resty

A way to make password information not visible

Closed this issue · 4 comments

I really love this tool, but I would love it even more if there was a way to enter basic authentication information in such a way that it wasn't put in my bash history. Any suggestions on how this could be done?

Could be done by having resty ask for a uid/password.

Have you tried the -u curl option?

From the manpage of curl(1):

   -u/--user <user:password>
          Specify the user name and password to use for server authentication. Overrides -n/--netrc
          and --netrc-optional.

          If  you  just  give the user name (without entering a colon) curl will prompt for a pass‐
          word.

          If you use an SSPI-enabled curl binary and do NTLM authentication, you can force curl  to
          pick  up  the  user name and password from your environment by simply specifying a single
          colon with this option: "-u :".

          If this option is used several times, the last one will be used.

This could probably done with a plugin that WrapsCurlCommand in my fork: https://github.com/frioux/app-adenosine-prefab

You could have it prompt the user for the password.

If you do something like

GET / -u my-user-name

you will be prompted for your password, and echoing is off when you type it in. You won't see a prompt, though, so just type in your password and press enter. The request will be made with the correct Authorization headers.

Check it out:

$ resty
http://adzerk.com*
$ GET / -u foo -v > /dev/null
Enter host password for user 'foo':
* <url> malformed
* Closing connection -1
* <url> malformed
* Closing connection -1
* Hostname was NOT found in DNS cache
*   Trying 23.21.234.186...
* Connected to adzerk.com (23.21.234.186) port 80 (#0)
* Server auth using Basic with user 'foo'
> GET / HTTP/1.1
> Authorization: Basic Zm9vOmFzZGY=
> User-Agent: curl/7.35.0
> Host: adzerk.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Age: 0
< Content-Type: text/html
< Date: Mon, 09 Mar 2015 14:12:00 GMT
< ETag: "84a43226c049f733bdb5afac4e12891b"
< Last-Modified: Fri, 06 Mar 2015 16:25:14 GMT
* Server nginx/1.6.2 is not blacklisted
< Server: nginx/1.6.2
< Via: 1.1 varnish
< x-amz-id-2: oyWbSKQo+/rKc8JiHoddzu5zwR0k83y28O7FDl1EIE/MSotQjg2aZsvxbnoLKih0
< x-amz-meta-s3cmd-attrs: uid:1000/gname:ubuntu/uname:ubuntu/gid:1000/mode:33204/mtime:1425658798/atime:1425057357/md5:84a43226c049f733bdb5afac4e12891b/ctime:1425658798
< x-amz-request-id: 3A2C921084EDE333
< X-Varnish: 904944050
< Content-Length: 12828
< Connection: keep-alive
< 
{ [data not shown]
* Connection #0 to host adzerk.com left intact