From 00f0fca7684885c692765ebad569c0c28e2f553e Mon Sep 17 00:00:00 2001
From: mj-palanker <mj.palanker@conductorone.com>
Date: Wed, 11 Dec 2024 10:13:11 -0800
Subject: [PATCH] change decrypt credentials to only request your own creds
 (#112)

Changes "decrypt-credential" to only request credentials for app users you are the owner of.
This preempts a coming change to c1 that forbids requesting credentials for other users.
---
 cmd/cone/decrypt.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/cmd/cone/decrypt.go b/cmd/cone/decrypt.go
index 4086bdf9..c1c122f2 100644
--- a/cmd/cone/decrypt.go
+++ b/cmd/cone/decrypt.go
@@ -104,6 +104,13 @@ func decryptCredentialRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
+	// Get the c1 user ID
+	resp, err := c.AuthIntrospect(ctx)
+	if err != nil {
+		return err
+	}
+	userID := client.StringFromPtr(resp.UserID)
+
 	allCreds := make([]shared.AppUserCredential, 0)
 
 	for _, app := range apps {
@@ -115,6 +122,9 @@ func decryptCredentialRun(cmd *cobra.Command, args []string) error {
 			return err
 		}
 		for _, appUser := range appUsers {
+			if *appUser.GetIdentityUserID() != userID {
+				continue
+			}
 			creds, err := c.ListAppUserCredentials(ctx, *app.ID, *appUser.ID)
 			if err != nil {
 				return err