Merge pull request #8 from someengineering/lloesche/tokenfix

Fix token usage
someengineering · Jul 23, 2024 · d6d2934 · d6d2934
2 parents 7d3fdbd + 4a3f85d
commit d6d2934
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -25,17 +25,17 @@ Usage of fixctl:
   --endpoint: API endpoint URL (env FIX_ENDPOINT) (default "https://app.fix.security")
   --format: Output format: json, yaml or csv (default "json")
   --help: Display help information (default "false")
-  --password: Password (env FIX_PASSWORD) (default "")
   --search: Search string (default "")
   --token: Auth token (env FIX_TOKEN) (default "")
-  --username: Username (env FIX_USERNAME) (default "")
   --with-edges: Include edges in search results (default "false")
   --workspace: Workspace ID (env FIX_WORKSPACE) (default "")
 ```
 
-If no token is provided, the username and password will be used to authenticate and obtain a token. Does not support MFA.
 If an environment variable is set, it will be used and the command line flag ignored.
 
+Go to your [user settings](https://app.fix.security/user-settings) and create an API token. Set the `FIX_TOKEN` environment variable to the token value.
+Then go to your [workspace settings](https://app.fix.security/workspace-settings) and export `FIX_WORKSPACE` to the workspace ID you want to query.
+
 ### Example
 Search for available AWS EBS volumes that have not been accessed in the last 7 days and output in CSV format.
 ```bash

diff --git a/auth/auth.go b/auth/auth.go
@@ -75,6 +75,15 @@ func GetJWTFromToken(apiEndpoint, fixToken string) (string, error) {
 		return "", err
 	}
 
-	jwt := string(bodyBytes)
+	var result map[string]string
+	if err := json.Unmarshal(bodyBytes, &result); err != nil {
+		return "", err
+	}
+
+	jwt, ok := result["access_token"]
+	if !ok {
+		return "", fmt.Errorf("access_token not found in response")
+	}
+
 	return jwt, nil
 }
diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -48,8 +48,14 @@ func TestGetJWTFromToken(t *testing.T) {
 			t.Errorf("Expected token '%s', got '%s'", expectedToken, body["token"])
 		}
 
+		response := map[string]string{"access_token": "mock_jwt_token"}
+		responseBody, err := json.Marshal(response)
+		if err != nil {
+			t.Fatalf("Error marshaling response body: %v", err)
+		}
+
 		w.WriteHeader(http.StatusOK)
-		w.Write([]byte("mock_jwt_token"))
+		w.Write(responseBody)
 	}))
 	defer mockServer.Close()
 

diff --git a/cmd/root.go b/cmd/root.go
@@ -47,6 +47,8 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&csvHeaders, "csv-headers", "id,name,kind,/ancestors.cloud.reported.id,/ancestors.account.reported.id,/ancestors.region.reported.id", "CSV headers")
 	rootCmd.PersistentFlags().BoolVar(&withEdges, "with-edges", false, "Include edges in search results")
 	rootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, "enable verbose output")
+	rootCmd.PersistentFlags().MarkHidden("username")
+	rootCmd.PersistentFlags().MarkHidden("password")
 
 	viper.BindPFlags(rootCmd.PersistentFlags())
 	viper.SetEnvPrefix("FIX")