Add visual feedback for API token input with asterisk masking #28
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replace hidden token input with asterisk-masked input using pwinput library to provide visual feedback when users type or paste their API token during workato init. This improves user experience by confirming input is being captured while maintaining security through character masking. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR replaces the password input mechanism for API tokens from click.prompt with hide_input=True to the pwinput library with visible masking characters. The change addresses terminal buffer issues when pasting long tokens, where the async wrapper in click was causing characters to leak through before being masked.
Key changes:
- Adds
pwinput>=1.0.3as a new dependency across all configuration files - Updates token input in
ConfigManager._create_new_profile()to usepwinput.pwinput()with asterisk masking - Updates test mocks to reflect the new pwinput-based token input mechanism
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| uv.lock | Adds pwinput 1.0.3 package and updates dependency tree |
| pyproject.toml | Adds pwinput>=1.0.3 to dependencies and mypy ignore list |
| .pre-commit-config.yaml | Adds pwinput>=1.0.3 to pre-commit hook dependencies |
| src/workato_platform_cli/cli/utils/config/manager.py | Replaces click.prompt with pwinput.pwinput for masked token input |
| tests/unit/config/test_manager.py | Updates test mocks to use pwinput instead of click.prompt for token input |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
hovu96
added a commit
that referenced
this pull request
Nov 5, 2025
Implements a new token input utility that provides visual feedback for API token entry with intelligent paste detection: - Shows asterisks (****) for manually typed characters - Detects long paste operations (>50 chars) via bracketed paste mode - Displays inline confirmation with character count in gray text - Combines typed and pasted content seamlessly - Handles very long tokens (750+ chars) without truncation - Avoids terminal buffer limitations of character-by-character input Technical Implementation: - Uses prompt_toolkit for password input with bracketed paste support - Custom key bindings to detect and handle paste events - ANSI escape sequences for inline confirmation prompt - Proper error handling and retry logic Dependencies: - Added prompt-toolkit>=3.0.0 - Updated mypy configuration and pre-commit hooks Testing: - 13 comprehensive unit tests with 61% code coverage - Tests cover typing, pasting, confirmation, retries, and error cases - All tests pass with proper mocking of terminal interaction Related to PR #28 (reverted in #29 due to pwinput truncation issues) This solution resolves the truncation problem by using bracketed paste mode instead of character-by-character input processing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
oalami
added a commit
that referenced
this pull request
Nov 6, 2025
* feat: Add smart token input with bracketed paste detection Implements a new token input utility that provides visual feedback for API token entry with intelligent paste detection: - Shows asterisks (****) for manually typed characters - Detects long paste operations (>50 chars) via bracketed paste mode - Displays inline confirmation with character count in gray text - Combines typed and pasted content seamlessly - Handles very long tokens (750+ chars) without truncation - Avoids terminal buffer limitations of character-by-character input Technical Implementation: - Uses prompt_toolkit for password input with bracketed paste support - Custom key bindings to detect and handle paste events - ANSI escape sequences for inline confirmation prompt - Proper error handling and retry logic Dependencies: - Added prompt-toolkit>=3.0.0 - Updated mypy configuration and pre-commit hooks Testing: - 13 comprehensive unit tests with 61% code coverage - Tests cover typing, pasting, confirmation, retries, and error cases - All tests pass with proper mocking of terminal interaction Related to PR #28 (reverted in #29 due to pwinput truncation issues) This solution resolves the truncation problem by using bracketed paste mode instead of character-by-character input processing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * feat: Integrate smart token input into workato init command Replaced click.prompt with get_token_with_smart_paste utility in both token prompt locations (_create_profile_with_env_vars and _create_new_profile). This provides visual feedback (asterisk masking) and handles long token pastes without truncation. Changes: - Added asyncio import and get_token_with_smart_paste import to manager.py - Replaced token prompts with asyncio.to_thread(get_token_with_smart_paste) - Updated 4 tests to mock get_token_with_smart_paste instead of click.prompt All 944 tests passing. Type checking, linting, and formatting all pass. Fixes DEVP-498 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Update src/workato_platform_cli/cli/utils/config/manager.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/workato_platform_cli/cli/utils/token_input.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * refactor: replace sys.exit with ClickException for proper error handling - Remove try-except wrapper in _prompt_and_validate_credentials that was masking UnauthorizedException, preventing proper error handling - Replace all sys.exit(1) calls with click.ClickException for validation errors and user cancellations - Remove unused sys import - Update tests to expect click.ClickException instead of SystemExit This allows @handle_api_exceptions and @handle_cli_exceptions decorators to properly catch and format all errors consistently. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor: standardize token error messages for consistency - Change "No token provided" to "API token cannot be empty" for consistency - Change prompt_text from "Workato API token" to "API token" (context is already clear from CLI name) - Update token_input.py to dynamically use prompt_text in error messages instead of hardcoded "Token" - Update tests to expect new consistent messaging All token-related error messages now consistently use "API token" across the codebase. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Ossama Alami <ossama.alami@workato.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Replaces hidden token input with asterisk-masked input using the
pwinputlibrary to provide visual feedback when users type or paste their API token duringworkato init. This improves user experience by confirming input is being captured while maintaining security through character masking.Changes Made
Code Changes
pwinput>=1.0.3dependency topyproject.tomlmanager.py:344to usepwinput.pwinput()for masked token inputclick.prompt(hide_input=True)with asterisk maskingpwinput.*to mypy overrides and pre-commit configurationKey Implementation Details
pwinput.pwinput()synchronously (not wrapped inasyncio.to_thread)Test Updates
pwinput.pwinputinstead ofclick.promptQuality Checks ✅
Acceptance Criteria Met
✅ User sees asterisks when typing/pasting API token
✅ Token validation works correctly
✅ Empty token handling works as before
✅ All unit tests pass with 100% coverage for changed code
✅ Type checker passes with no errors
✅ Linter passes with no issues
✅ Pre-commit hooks pass successfully
✅ Manual testing confirms correct behavior
✅ Backspace works correctly when editing token input
✅ Pasting long tokens works without character leakage
Test Plan
uv run pytest tests/unit/config/test_manager.py -v✅uv run pytest✅ (903 tests passed)uv run mypy✅uv run ruff check✅uv run ruff format✅pre-commit run --all-files✅workato init(interactive mode) ✅Notes
getpass.getpass(echo_char='*')ae15bd7🤖 Generated with Claude Code