cli: signin with optional password

[remyla]

damas signin <username> <password>

when password is not present we could ask it from stdin in order to increase security preventing to write passwords to the shell history

[zankia]

This command has been added in order to sign in with a script
If the authentication is required it will ask the client when he uses any action therefore I think password from stdin is not needed

[remyla]

thank you, i will try this workflow

• as far as i understand, the user is asked to type the password in stdin if a 401 occurs
• maybe now that we implemented the permissions for operations, 403 could occur too, which means that the user can be authentified (401) but not have the permission for the requested operation (403)
• I think that when we are not in an interactive mode (eg damas is ran from a script) we expect that the command exits an error status code and not ask something from stdin?

[zankia]

• True
• Do we have to do something special when user is not authorized?
• I agree. To check interactive mode, we could watch what's in PS1 or in $-

[remyla]

I would say:

• a user may want to sign in with a different username (after a 403 or not) so a good signin command to call directly is needed for this. it should accept username password parameters or only username and then ask the password from the stdin (interactive shell is assumed). as do ssh, rsync commands, etc for the security reasons mentioned
• when 401, suggest the user to use signin
• when 403, tell the user that he is not allowed to perform the action
• and quit in any case, but the only exception could be when 401 and PS1, then we may want to provide the user a quicker way to signin, so he does not have to use the signin command and rerun the command he wanted to run first

[zankia]

What is the difference between the moment you want password to be asked and not ?
If there is no, there should be a -p argument for giving password without prompt...