From a4e35f93e4a077c25397c98daaf49595ef7e5d59 Mon Sep 17 00:00:00 2001 From: Shane McLaughlin Date: Wed, 29 Sep 2021 15:18:08 -0500 Subject: [PATCH] feat: add security warning (#217) --- messages/display.json | 3 ++- src/commands/force/user/display.ts | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/messages/display.json b/messages/display.json index f4f77ffc..9f666160 100644 --- a/messages/display.json +++ b/messages/display.json @@ -2,5 +2,6 @@ "description": "displays information about a user of a scratch org\nOutput includes the profile name, org ID, access token, instance URL, login URL, and alias if applicable.", "examples": ["sfdx force:user:display", "sfdx force:user:display -u me@my.org --json"], "accessTokenError": "This command doesn't accept an access token for a username.", - "accessTokenAction": "Specify a username or an alias." + "accessTokenAction": "Specify a username or an alias.", + "securityWarning": "This command will expose sensitive information that allows for subsequent activity using your current authenticated session.\nSharing this information is equivalent to logging someone in under the current credential, resulting in unintended access and escalation of privilege.\nFor additional information, please review the authorization section of the https://developer.salesforce.com/docs/atlas.en-us.234.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm" } diff --git a/src/commands/force/user/display.ts b/src/commands/force/user/display.ts index d24fc3d6..8441b5ce 100644 --- a/src/commands/force/user/display.ts +++ b/src/commands/force/user/display.ts @@ -97,6 +97,8 @@ export class UserDisplayCommand extends SfdxCommand { result.password = userAuthData.password; } + this.ux.warn(messages.getMessage('securityWarning')); + this.ux.log(''); this.print(result); return result;