Skip to content

Improve the error messages for when the user provides a bad password #2530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bbockelm wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Improve the error messages for when the user provides a bad password #2530

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion cmd/config_mgr.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"net/http"
"os"

"github.com/pkg/errors"
"github.com/spf13/cobra"
"gopkg.in/yaml.v3"

Expand Down Expand Up @@ -101,12 +102,29 @@ func addConfigSubcommands(configCmd *cobra.Command) {
Run: func(cmd *cobra.Command, args []string) {
err := config.ResetPassword()
if err != nil {
fmt.Fprintln(os.Stderr, "Failed to get reset password:", err)
if errors.Is(err, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to reset password - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
} else {
fmt.Fprintln(os.Stderr, "Failed to reset password:", err)
}
os.Exit(1)
}
},
})

configCmd.AddCommand(&cobra.Command{
Use: "reset-local",
Short: "Delete all local credentials for the current user",
Long: "Delete all local credentials for the current user",
Run: func(cmd *cobra.Command, args []string) {
if err := config.DeleteCredentials(); err != nil {
fmt.Fprintln(os.Stderr, "Failed to delete local credentials:", err)
os.Exit(1)
}
},
})
}

func printOauthConfig() {
Expand Down
13 changes: 10 additions & 3 deletions cmd/object_copy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package main

import (
"fmt"
"os"
"path/filepath"
"strings"
Expand Down Expand Up @@ -177,10 +178,16 @@ func copyMain(cmd *cobra.Command, args []string) {
// Print the list of errors
errMsg := result.Error()
var te *client.TransferErrors
if errors.As(result, &te) {
errMsg = te.UserError()
if errors.Is(result, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
} else {
if errors.As(result, &te) {
errMsg = te.UserError()
}
log.Errorln("Failure transferring " + lastSrc + ": " + errMsg)
}
log.Errorln("Failure transferring " + lastSrc + ": " + errMsg)
if client.ShouldRetry(err) {
log.Errorln("Errors are retryable")
os.Exit(11)
Expand Down
9 changes: 8 additions & 1 deletion cmd/object_delete.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"fmt"
"os"

"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"

Expand Down Expand Up @@ -80,7 +81,13 @@ func deleteMain(cmd *cobra.Command, args []string) error {
err = client.DoDelete(ctx, remoteDestination, isRecursive, client.WithTokenLocation(tokenLocation))

if err != nil {
log.Errorf("Failure deleting %s: %v", remoteDestination, err.Error())
if errors.Is(err, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
} else {
log.Errorf("Failure deleting %s: %v", remoteDestination, err.Error())
}
os.Exit(1)
}

Expand Down
7 changes: 7 additions & 0 deletions cmd/object_get.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ package main

import (
"encoding/json"
"fmt"
"os"

"github.com/pkg/errors"
Expand Down Expand Up @@ -136,6 +137,12 @@ func getMain(cmd *cobra.Command, args []string) {
if errors.As(attemptErr, &te) {
errMsg = te.UserError()
}
if errors.Is(attemptErr, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
os.Exit(1)
}
Comment on lines +140 to +145
Copy link
Contributor

@h2zh h2zh Aug 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can use a helper function? For example:

func printPasswordError(err error, actionText string) {
	if errors.Is(err, config.ErrIncorrectPassword) {
		fmt.Fprintf(os.Stderr, "Failed to %s - entered incorrect local decryption password\n", actionText)
		fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
		fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
        os.Exit(1)
	} 
}

Copy link
Contributor

@aowen-uwmad aowen-uwmad Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I second creating a helper function, so changes to the text are consistent.

I also suggest adjusting the text like so:

- fmt.Fprintf(os.Stderr, "Failed to %s - entered incorrect local decryption password\n", actionText)
+ fmt.Fprintf(os.Stderr, "Failed to %s - password is incorrect\n", actionText)

Copy link
Contributor

@aowen-uwmad aowen-uwmad Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If password is incorrect is too vague, then maybe password for local credentials is incorrect.

if errors.Is(attemptErr, &pe) {
errMsg = pe.Error()
log.Errorln("Failure getting " + lastSrc + ": " + errMsg)
Expand Down
6 changes: 6 additions & 0 deletions cmd/object_ls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,12 @@ func listMain(cmd *cobra.Command, args []string) error {
// Print the list of errors
errMsg := err.Error()
var te *client.TransferErrors
if errors.Is(err, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
os.Exit(1)
}
if errors.As(err, &te) {
errMsg = te.UserError()
}
Expand Down
7 changes: 7 additions & 0 deletions cmd/object_prestage.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package main

import (
"fmt"
"os"

"github.com/pkg/errors"
Expand Down Expand Up @@ -115,6 +116,12 @@ func prestageMain(cmd *cobra.Command, args []string) {
errMsg := err.Error()
var pe error_codes.PelicanError
var te *client.TransferErrors
if errors.Is(err, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
os.Exit(1)
}
if errors.As(err, &te) {
errMsg = te.UserError()
}
Expand Down
7 changes: 7 additions & 0 deletions cmd/object_put.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"crypto/sha1"
"encoding/hex"
"encoding/json"
"fmt"
"hash"
"hash/crc32"
"io"
Expand Down Expand Up @@ -246,6 +247,12 @@ func putMain(cmd *cobra.Command, args []string) {
// Exit with failure
if result != nil {
// Print the list of errors
if errors.Is(result, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
os.Exit(1)
}
errMsg := result.Error()
var te *client.TransferErrors
if errors.As(result, &te) {
Expand Down
6 changes: 6 additions & 0 deletions cmd/object_stat.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,12 @@ func statMain(cmd *cobra.Command, args []string) {
// Exit with failure
if err != nil {
// Print the list of errors
if errors.Is(err, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
os.Exit(1)
}
errMsg := err.Error()
var te *client.TransferErrors
if errors.As(err, &te) {
Expand Down
7 changes: 7 additions & 0 deletions cmd/object_sync.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package main

import (
"fmt"
"net/url"
"os"
"strings"
Expand Down Expand Up @@ -197,6 +198,12 @@ func syncMain(cmd *cobra.Command, args []string) {
// Exit with failure
if err != nil {
// Print the list of errors
if errors.Is(err, config.ErrIncorrectPassword) {
fmt.Fprintln(os.Stderr, "Failed to access local credential file - entered incorrect local decryption password")
fmt.Fprintln(os.Stderr, "If you have forgotten your password, you can reset the local state (deleting all on-disk credentials)")
fmt.Fprintf(os.Stderr, "by running '%s credentials reset-local'\n", os.Args[0])
os.Exit(1)
}
errMsg := err.Error()
var pe error_codes.PelicanError
var te *client.TransferErrors
Expand Down
18 changes: 18 additions & 0 deletions config/encrypted.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import (
"io"
"os"
"path/filepath"
"strings"

log "github.com/sirupsen/logrus"
"github.com/spf13/viper"
Expand All @@ -48,6 +49,8 @@ import (
// the password again later.
var setEmptyPassword = false

var ErrIncorrectPassword = errors.New("incorrect password")

func GetEncryptedConfigName() (string, error) {
configDir := viper.GetString("ConfigDir")
if GetPreferredPrefix() == PelicanPrefix || IsRootExecution() {
Expand Down Expand Up @@ -79,6 +82,18 @@ func EncryptedConfigExists() (bool, error) {
return true, nil
}

// Delete the user's local credential file
func DeleteCredentials() error {
filename, err := GetEncryptedConfigName()
if err != nil {
return err
}
if err = os.Remove(filename); errors.Is(err, os.ErrNotExist) {
return nil
}
return err
}

// Return the PEM-formatted contents of the encrypted configuration file
func GetEncryptedContents() (string, error) {
filename, err := GetEncryptedConfigName()
Expand Down Expand Up @@ -242,6 +257,9 @@ func GetCredentialConfigContents() (OSDFConfig, error) {
return config, errors.New("Encrypted key present; must have non-empty password")
}
if key, err = pkcs8.ParsePKCS8PrivateKey(block.Bytes, password); err != nil {
if strings.Contains(err.Error(), "pkcs8: incorrect password") {
err = ErrIncorrectPassword
}
return config, err
}
if typedPassword {
Expand Down
Loading