+SHOW_PASS_OBFUS='{ echo -en "$(tput setaf 1)$(tput setab 1)"; cat -; echo -en
"$(tput sgr0)"; }'
+SHOW_PASS_CLEAR='{ cat -; }'
...
+> + if [[ $clip -eq 0 && $no_color -eq 0 ]]; then
+ echo "${pass}" | eval "${SHOW_PASS_OBFUS}"
I really don't like eval, and it doesn't make the code easier to read or
validate. how about using a function like this?
echo_pass() {
local pass="$1"
if [[ $no_color -eq 0 ]]; then
echo -e "$(tput setaf 1)$(tput setab 1)${pass}$(tput sgr0)"
else
echo "$pass"
fi
}
if [[ $clip -eq 0 ]]; then
echo_pass "$pass"
else
...
fi
Yup, good suggestion.
- Hides shown text using terminal color codes by default
- Adds --no-color/-n option to remove coloring
hmm. I prefer not changing the default behaviour.
I can understand not changing default behavior for compatibility
reasons, but it would be nice if pass was secure by default such that
users had to be explicit about showing their password in cleartext to
the screen.
- By default display only the first line regardless of whether clip is
specified
I don't like this change in behaviour either :-)
Besides the reasons already stated for this change of behavior, the
additional reason I did this was to enable the use case of copying the
entire contents of the file via "pass show --clip --full". An example
that I can think of is multiline content such as a software license that
needs to be copied in full, not just the first line.
- Full output can be toggled with --full/-f
but all of it is unreadable by default, even the non-secret stuff (which
is presumably in line 2 and below) ... IMHO, this alone is a good
reason to avoid the negative option "no-color". to avoid overlap with
"-c|--clip", I suggest "-r|--redact"
BTW, there have been many iterations of patches to implement "tail -n
+2" to only print the "non-secret" part of a file, perhaps you could
integrate some of those ideas as well. e.g., Mike Hobbs in «to display
the remainder of a multi-line file with "show -c"», suggests to emit the
non-secret part when using xclip. David Timothy Strauss had the same
idea in July, and Von Welch has advocated adding --tail to print this
part of the data.
What about the following (assuming a file is the last argument, not a
directory):
"pass show -c" - copies first line
"pass show -c --tail" - copies first line and outputs remainder to stdout
"pass show" - outputs first line colorized
"pass show --tail" - outputs the first line colorized and the remainder
in cleartext
"pass show --no-color" - outputs the first line in cleartext
"pass show --no-color --tail" - outputs full file in cleartext
Or if one wanted to keep the same behavior of "pass show":
"pass show -c" - copies first line
"pass show -c --tail" - copies first line and outputs remainder to stdout
"pass show" - outputs full file content
"pass show --tail" - outputs everything but the first line
"pass show --redact" - outputs the first line colorized
"pass show --redact --tail" - outputs the first line colorized but the
remainder in cleartext
-- Andrew
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
