dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth): C2 review — not-found throws (no spurious audit) on update/delete/set-methods, reject empty methods (unusable-key/stealth-disable), richer set-methods response, token advisory to stderr

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-02 04:21:28 -04:00
parent 6518e93424
commit 8219b8ee18
4 changed files with 188 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.ScadaBridge.CLI/Commands/SecurityCommands.cs
+3 -2
View File
@@ -122,9 +122,10 @@ public static class SecurityCommands
/// <summary>
/// Renders the create-key response, surfacing the one-time bearer token prominently —
/// it is the only moment the secret is available and cannot be retrieved afterwards.
/// The advisory line is written to stderr so that piping stdout captures only the token.
/// </summary>
/// <param name="json">The JSON success body returned by the management API.</param>
private static int PrintCreatedKey(string json)
internal static int PrintCreatedKey(string json)
{
using var doc = System.Text.Json.JsonDocument.Parse(json);
var root = doc.RootElement;
@@ -133,7 +134,7 @@ public static class SecurityCommands
Console.WriteLine($"API key created. KeyId: {keyId}");
Console.WriteLine();
Console.WriteLine("Save this token now — it will not be shown again:");
Console.Error.WriteLine("Save this token now — it will not be shown again:");
Console.WriteLine($" {token}");
return 0;
}