fix: sanitize access token when reading from stdin (#1404)

https://coveord.atlassian.net/browse/kit-2928
coveo · Jan 16, 2024 · 4db2b8c · 4db2b8c
1 parent 990c2c8
commit 4db2b8c
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 1 deletion.
diff --git a/packages/cli-e2e/__tests__/authToken.ts b/packages/cli-e2e/__tests__/authToken.ts
@@ -0,0 +1,63 @@
+import {ProcessManager} from '../utils/processManager';
+import {Terminal} from '../utils/terminal/terminal';
+
+describe('auth:token', () => {
+  let stdout: string;
+  let processManager: ProcessManager;
+
+  const accessToken = 'xx564559b1-0045-48e1-953c-3addd1ee4457'; // searchuisample public token
+  const stdoutListener = (chunk: string) => {
+    stdout += chunk;
+  };
+
+  afterEach(async () => {
+    await processManager.killAllProcesses();
+  }, 5e3);
+
+  function authenticate() {
+    const args: string[] = [
+      'echo',
+      accessToken,
+      '|',
+      'node',
+      process.env.CLI_EXEC_PATH!,
+      'auth:token',
+      '-o=searchuisamples',
+    ];
+
+    const terminal = new Terminal(
+      args.shift()!,
+      args,
+      undefined,
+      processManager,
+      'auth-token'
+    );
+
+    return terminal.when('exit').on('process').do().once();
+  }
+
+  it('should authenticate to searchuisamples organization', async () => {
+    await authenticate();
+
+    const args: string[] = ['node', process.env.CLI_EXEC_PATH!, 'config:get'];
+
+    const configGetTerminal = new Terminal(
+      args.shift()!,
+      args,
+      undefined,
+      processManager,
+      'config-get'
+    );
+
+    await configGetTerminal
+      .when('exit')
+      .on('process')
+      .do((proc) => {
+        proc.stdout.off('data', stdoutListener);
+      })
+      .once();
+
+    const accessTokenRgx = new RegExp(`^${accessToken}$`);
+    expect(stdout).toMatch(accessTokenRgx);
+  }, 10e3);
+});
diff --git a/packages/cli/core/src/commands/auth/token.ts b/packages/cli/core/src/commands/auth/token.ts
@@ -60,10 +60,14 @@ export default class Token extends CLICommand {
           type: 'hide',
         });
 
-    this.configuration.set('accessToken', tok);
+    this.configuration.set('accessToken', this.sanitizeToken(tok));
     this.configuration.set('anonymous', true);
   }
 
+  private sanitizeToken(token: string) {
+    return token.replace(/\n/gi, '').trim();
+  }
+
   private async saveRegionAndEnvironment() {
     const {flags} = await this.parse(Token);
     const cfg = this.configuration;