From 982f92b6920f49816cfa14a2f8296feb256706aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Prpi=C4=8D?= Date: Tue, 16 Jul 2024 14:33:52 -0400 Subject: [PATCH] Make -u/--username required for user update/reset-token Making it optional and defaulting to the current user could have inadvertently updated your own user if you forgot to specify the target user. Requiring a value makes the update or reset token action more explicit. Resolves #86 --- cvelib/cli.py | 10 +++++++--- tests/test_cli.py | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/cvelib/cli.py b/cvelib/cli.py index ac6933d..c5479c0 100644 --- a/cvelib/cli.py +++ b/cvelib/cli.py @@ -895,7 +895,7 @@ def quota(ctx: click.Context, print_raw: bool) -> None: "-u", "--username", help="Specify the user to show.", - show_default="Current user specified in -u/--username/CVE_USER", + show_default="Current user specified in top-level -u/--username/$CVE_USER", ) @click.option("--raw", "print_raw", default=False, is_flag=True, help="Print response JSON.") @click.pass_context @@ -920,8 +920,8 @@ def show_user(ctx: click.Context, username: Optional[str], print_raw: bool) -> N @click.option( "-u", "--username", + required=True, help="User whose API key should be reset (only ADMIN role users can update other users).", - show_default="Current user specified in global -u/--username/CVE_USER", ) @click.option("--raw", "print_raw", default=False, is_flag=True, help="Print response JSON.") @click.pass_context @@ -929,6 +929,8 @@ def show_user(ctx: click.Context, username: Optional[str], print_raw: bool) -> N def reset_key(ctx: click.Context, username: Optional[str], print_raw: bool) -> None: """Reset a user's personal access token (API key). + You must explicitly specify the user being updated using the `-u` option. + This API key is used to authenticate each request to the CVE API. """ cve_api = ctx.obj.cve_api @@ -951,8 +953,8 @@ def reset_key(ctx: click.Context, username: Optional[str], print_raw: bool) -> N @click.option( "-u", "--username", + required=True, help="Username of the user being updated (only ADMIN role users can update other users).", - show_default="Current user specified in global -u/--username/CVE_USER", ) @click.option( "--mark-active/--mark-inactive", "active", default=None, help="Mark user as active or inactive." @@ -968,6 +970,8 @@ def reset_key(ctx: click.Context, username: Optional[str], print_raw: bool) -> N def update_user(ctx: click.Context, username: Optional[str], **opts_data: dict) -> None: """Update a user. + You must explicitly specify the user being updated using the `-u` option. + To reset a user's API key, use `cve user reset-key`. """ print_raw = opts_data.pop("print_raw") diff --git a/tests/test_cli.py b/tests/test_cli.py index e60824d..3e58970 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -649,7 +649,7 @@ def test_reset_key(): with mock.patch("cvelib.cli.CveApi.reset_api_key") as reset_api_key: reset_api_key.return_value = api_key runner = CliRunner() - result = runner.invoke(cli, DEFAULT_OPTS + ["user", "reset-key"]) + result = runner.invoke(cli, DEFAULT_OPTS + ["user", "reset-key", "-u", "test_user"]) assert result.exit_code == 0, result.output assert result.output == ( "New API key for test_user:\n\n"