Skip to content

Commit

Permalink
change decrypt credentials to only request your own creds (#112)
Browse files Browse the repository at this point in the history 
Changes "decrypt-credential" to only request credentials for app users you are the owner of.
This preempts a coming change to c1 that forbids requesting credentials for other users.
  • Loading branch information
@mj-palanker
mj-palanker authored Dec 11, 2024
1 parent 1ff7a7b commit 00f0fca
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions cmd/cone/decrypt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,13 @@ func decryptCredentialRun(cmd *cobra.Command, args []string) error {
}
}

// Get the c1 user ID
resp, err := c.AuthIntrospect(ctx)
if err != nil {
return err
}
userID := client.StringFromPtr(resp.UserID)

allCreds := make([]shared.AppUserCredential, 0)

for _, app := range apps {
Expand All @@ -115,6 +122,9 @@ func decryptCredentialRun(cmd *cobra.Command, args []string) error {
return err
}
for _, appUser := range appUsers {
if *appUser.GetIdentityUserID() != userID {
continue
}
creds, err := c.ListAppUserCredentials(ctx, *app.ID, *appUser.ID)
if err != nil {
return err
Expand Down

0 comments on commit 00f0fca

Please sign in to comment.