WIP: Add password confirmation to Get-Credential #10692
Conversation
jboeshart
requested review from
PaulHigin,
anmenaga and
daxian-dbw
as code owners
|
Still need to work on tests, and possibly documentation for the new parameter (need a little clarification on this). |
src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHostUserInterfaceSecurity.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHostUserInterfaceSecurity.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHostUserInterfaceSecurity.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHostUserInterfaceSecurity.cs
Show resolved
Hide resolved
src/Microsoft.PowerShell.ConsoleHost/resources/ConsoleHostUserInterfaceSecurityResources.resx
Outdated
Show resolved
Hide resolved
src/Microsoft.PowerShell.Security/security/CredentialCommands.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.PowerShell.Security/security/CredentialCommands.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.PowerShell.Security/security/CredentialCommands.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHostUserInterfacePrompt.cs
Outdated
Show resolved
Hide resolved
…InterfaceSecurityResources.resx Co-Authored-By: Ilya <darpa@yandex.ru>
Co-Authored-By: Ilya <darpa@yandex.ru>
Co-Authored-By: Ilya <darpa@yandex.ru>
…nterfacePrompt.cs Co-Authored-By: Ilya <darpa@yandex.ru>
| null, | ||
| string.Empty); | ||
| string.Empty, | ||
| confirmPassword: false); |
There was a problem hiding this comment.
Please do the same for all arguments for consistency.
There was a problem hiding this comment.
Can do, but those were already there before I made any changes. Do you want me to include those changes here as well?
There was a problem hiding this comment.
Yes, I see. My request is to get consistency. This makes a code more readable.
There was a problem hiding this comment.
So what do we want to do with this? Change it back to just false for consistency or leave it at confirmPassword: false?
There was a problem hiding this comment.
Please add names for all, not only you changed, constants.
| passwordBstr = Marshal.SecureStringToBSTR(password); | ||
| retypedPasswordBstr = Marshal.SecureStringToBSTR(retypedPassword); | ||
| int passwordLength = Marshal.ReadInt32(passwordBstr, -4); | ||
| int confirmPasswordLength = Marshal.ReadInt32(retypedPasswordBstr, -4); |
There was a problem hiding this comment.
See answer in https://stackoverflow.com/questions/4502676/c-sharp-compare-two-securestrings-for-equality
It looks more reliable:
ss_bstr1_ptr = Marshal.SecureStringToBSTR(secureString1);
ss_bstr2_ptr = Marshal.SecureStringToBSTR(secureString2);
String str1 = Marshal.PtrToStringBSTR(ss_bstr1_ptr);
String str2 = Marshal.PtrToStringBSTR(ss_bstr2_ptr);
return str1.Equals(str2);
``
Make sense use Ordinal for the Equals.
| WriteToConsole(passwordPrompt, true); | ||
| password = ReadLineAsSecureString(); | ||
| WriteToConsole(retypePasswordPrompt, true); | ||
| retypedPassword = ReadLineAsSecureString(); |
There was a problem hiding this comment.
If you look "else" block there is a null check that is Ctrl-C. I'd expect the same logic here too.
| retypedPassword = ReadLineAsSecureString(); | ||
|
|
||
| passwordsMatch = ComparePasswords(password, retypedPassword); | ||
| if (!passwordsMatch) |
There was a problem hiding this comment.
In continue my previous comment I'd reverse the logic
do
{
…
if (passwd… == null)
{
return null;
}
…
if (passwordsMatch)
{
return;
}
WriteToConsole(StringUtil.Format(ConsoleHostUserInterfaceSecurityResources…….
}
while (true);| else | ||
| { | ||
| return null; | ||
| WriteToConsole(passwordPrompt, true); |
There was a problem hiding this comment.
Please use named argument for true.
ghost
assigned
|
This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days. |
|
Replaced with #12782 |
4 participants
PR Summary
This PR adds a
-ConfirmPasswordparameter toGet-Credential. This helps to ensure that when entering a password, you really typed what you intended to (especially helpful with complex passwords). This only validates the text entered, and does not actually validate that the password meets any complexity requirements, nor does it actually validate it with any providers.PR Context
Originally logged as an enhancement request in #10625.
PR Checklist
.h,.cpp,.cs,.ps1and.psm1files have the correct copyright headerWIP:or[ WIP ]to the beginning of the title (theWIPbot will keep its status check atPendingwhile the prefix is present) and remove the prefix when the PR is ready.