From 14969908809f62ec02cac81008cd6038f1901bd0 Mon Sep 17 00:00:00 2001
From: Matthew <matthew@matthewliu.net>
Date: Fri, 1 May 2020 08:44:11 -0500
Subject: [PATCH] Fix infinite recursion issue for missing/invalid profile

Fixes #575 #545
---
 README.md      | 5 ++---
 cli/login.go   | 2 +-
 vault/vault.go | 4 ++++
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 6fabc97e6..d643858f6 100644
--- a/README.md
+++ b/README.md
@@ -151,11 +151,10 @@ The [macOS release builds](https://github.com/99designs/aws-vault/releases) are
 
     $ codesign --verify --verbose $(which aws-vault)
 
-If you are developing or compiling the aws-vault binary yourself, you can [generate a self-signed certificate](https://support.apple.com/en-au/guide/keychain-access/kyca8916/mac) by accessing Keychain Access > Certificate Assistant > Create Certificate > Code Signing Certificate. You can then sign your binary with:
+If you are developing or compiling the aws-vault binary yourself, you can [generate a self-signed certificate](https://support.apple.com/en-au/guide/keychain-access/kyca8916/mac) by accessing Keychain Access > Certificate Assistant > Create Certificate -> Certificate Type: Code Signing. You can then sign your binary with:
 
     $ go build .
-    $ codesign --sign "Name of my certificate" ./aws-vault
-
+    $ codesign --sign <Name of certificate created above> ./aws-vault
 
 ## References and Inspiration
 
diff --git a/cli/login.go b/cli/login.go
index 9fba324c1..59ee6f342 100644
--- a/cli/login.go
+++ b/cli/login.go
@@ -98,7 +98,7 @@ func LoginCommand(input LoginCommandInput, configLoader *vault.ConfigLoader, key
 		creds, err = vault.NewFederationTokenCredentials(input.ProfileName, ckr, config)
 	}
 	if err != nil {
-		return err
+		return fmt.Errorf("profile %s: %w", input.ProfileName, err)
 	}
 
 	val, err := creds.Get()
diff --git a/vault/vault.go b/vault/vault.go
index da5aa9fe1..64b6403b7 100644
--- a/vault/vault.go
+++ b/vault/vault.go
@@ -283,5 +283,9 @@ func MasterCredentialsFor(profileName string, keyring *CredentialKeyring, config
 		return profileName, nil
 	}
 
+	if profileName == config.SourceProfileName {
+		return "", fmt.Errorf("No master credentials found")
+	}
+
 	return MasterCredentialsFor(config.SourceProfileName, keyring, config)
 }