Comments (25)
Another idea: let the user decide to store the password or not. So If the pw field is empty it will prompt for the password else it just continues to login the user
from anipy-cli.
Another idea: let the user decide to store the password or not. So If the pw field is empty it will prompt for the password else it just continues to login the user
lel u were faster xD
from anipy-cli.
If you want, I can implement that. I just didn't have time to research solutions for accessing keyrings and stuff, but this is pretty straight-forward
I have time tomorrow for this. If you have time now I would appreciate it, I will do it tomorrow if you don't
alright, I think I'll be able to do it today
from anipy-cli.
Um, since the file is local there shouldn't be any problem if it is left in plain text. With oauth we would just have the same problem again as the token would have to be stored somewhere. Without storing the token the user would have to login again everytime. The only real thing we could do (but it's actually just security through obscurity) is storing the password encrypted, but then we have the same problem again: where do we store the encryption keys?
from anipy-cli.
If you really don't want to store the password , you can put it in the config if needed and then delete it again, of course this is rather inconvenient.
from anipy-cli.
I think @nadi726 got a point, though.
Maybe instead of using OAuth ( the MAL API is somewaht inconsistent when it comes to Documentation)
we can provide the option to use Credential Managers or Keyrings provided by the OS.
There should be some options, but as of now I don't have time to look into this.
Maybe at some later point or if someone wants to give it a shot, feel free :P
from anipy-cli.
Yeah thought about that, but I imagine this would make it harder to support all Operating systems. As such vaults would require a password for unlocking every time anyway, we could just go ahead and encrypt the password with a key phrase and save the encrypted password (the user has to type the key phrase on login)
from anipy-cli.
Yeah thought about that, but I imagine this would make it harder to support all Operating systems. As such vaults would require a password for unlocking every time anyway, we could just go ahead and encrypt the password with a key phrase and save the encrypted password (the user has to type the key phrase on login)
True.
How about we provide following options:
- save password in config file (as is now)
- support only setting username and prompt for password every time MAL is being used ( stored in app during runtime)
from anipy-cli.
Yeah good then I will do that. What do you think @nadi726?
from anipy-cli.
We can maybe also provide a commandline option for passing the password in automated usecases
from anipy-cli.
We can maybe also provide a commandline option for passing the password in automated usecases
Then it would be possible to use an alias in bash which sets the password like:
alias anipy-cli='anipy-cli --mal_password $( cat secure_file_or_script_with_password) '
$() could be a script that interfaces some password manager like KeePass or a keyring or just a text file with 0600 permissions or whatever.
You get the idea ^^
from anipy-cli.
I believe it would be easier if we do something like this: anipy-cli -m < password.txt
this gives the password to the input()
prompt
from anipy-cli.
You can try it
a = input()
print(a)
then run it with the < somethin.txt
from anipy-cli.
I believe it would be easier if we do something like this:
anipy-cli -m < password.txt
this gives the password to theinput()
prompt
easier, yes, but I wouldn't consider that "clean" :D
from anipy-cli.
why tho it would save us implementing the commandline option
from anipy-cli.
Imagine you want to use it with the alias like I described earlier.
Now this could lead to issues if you don't wanna use the MAL cli.
You would either need to prompt for the password first things first in every mode or it would lead to unexpected behavior ^^
from anipy-cli.
If you want, I can implement that. I just didn't have time to research solutions for accessing keyrings and stuff, but this is pretty straight-forward
from anipy-cli.
Imagine you want to use it with the alias like I described earlier. Now this could lead to issues if you don't wanna use the MAL cli. You would either need to prompt for the password first things first in every mode or it would lead to unexpected behavior ^^
Ok fair enough. I thought you wanted this for automating, like the little script you put in the readme.
from anipy-cli.
Imagine you want to use it with the alias like I described earlier. Now this could lead to issues if you don't wanna use the MAL cli. You would either need to prompt for the password first things first in every mode or it would lead to unexpected behavior ^^
Ok fair enough. I thought you wanted this for automating, like the little script you put in the readme.
Oh for that I just use the config file. If someone is able to read that, I got different problems already.
Nevertheless you can use the --mal_password flag for this usecase as well, so it's a win-win I guess
from anipy-cli.
I think that's great and will provide a fluid experience without adding too much to do each time in order to log in.
I prefer @dymattic's approach
That's kinda unrelated, but maybe in order to further improve user experience we can prompt for username and password when there is no username in the config(like, upon first using the mal cli)
and also ask the user whether to store the password.
something like:
Mal login.
username:
>> example
password:
>> example
Remember password(Y/n) ?
>>
from anipy-cli.
Oh for that I just use the config file. If someone is able to read that, I got different problems already. Nevertheless you can use the --mal_password flag for this usecase as well, so it's a win-win I guess
I just thought this would be powerfull, because it enables anyone who has security concerns to come up with their own solution on how to provide the password securely and maybe even in a convenient way at the same time.
We jsut provide an interface and don't need to bother implementing a "more secure" solution for storing the password :P
from anipy-cli.
If you want, I can implement that. I just didn't have time to research solutions for accessing keyrings and stuff, but this is pretty straight-forward
I have time tomorrow for this. If you have time now I would appreciate it, I will do it tomorrow if you don't
from anipy-cli.
I think that's great and will provide a fluid experience without adding too much to do each time in order to log in. I prefer @dymattic's approach
That's kinda unrelated, but maybe in order to further improve user experience we can prompt for username and password when there is no username in the config(like, upon first using the mal cli) and also ask the user whether to store the password. something like:
Mal login. username: >> example password: >> example Remember password(Y/n) ? >>
While It probably would be easier to use, the overhead implementing this isn't really worth it.
How about, instead of prompting for the credentials, we provide the user with information on how to set them?
There already is a an option for displaying the config file location, so that should be easy enough.
from anipy-cli.
While It probably would be easier to use, the overhead implementing this isn't really worth it. How about, instead of prompting for the credentials, we provide the user with information on how to set them?
There already is a an option for displaying the config file location, so that should be easy enough.
Uhm, no prompting is fine, but storing is the issue.
from anipy-cli.
While It probably would be easier to use, the overhead implementing this isn't really worth it. How about, instead of prompting for the credentials, we provide the user with information on how to set them?
There already is a an option for displaying the config file location, so that should be easy enough.
That's fine. My main concern is how in the current state a user doesn't have enough indication of how to set it up.
I guess it can just be a detailed message if the mal cli is called without setting up first or maybe add something to the readme.
from anipy-cli.
Related Issues (20)
- Download broken (response code:502) HOT 2
- Program crashes on startup HOT 2
- Error when running Anipy-cli: OSError: FFmpeg version command returned an error HOT 2
- JSON decode error while syncing from MAL HOT 3
- Need to clean titles with special Character to valid filename characters HOT 6
- Requests: Invalid URL: no host supplied HOT 3
- Script Trying to Parse Invalid URL HOT 1
- .5 episode breaks seasonals download HOT 3
- "UnboundLocalError: local variable 'progress_bar' referenced before assignment" HOT 6
- VLC Player doesn't open HOT 1
- Unable to watch anime due to the change of the website HOT 3
- episode 0 is not downloadable HOT 4
- MAL Mode with Apple ID HOT 8
- [macOS Bug] does not initialize config file properly on a fresh install HOT 4
- Filename Error when downloading HOT 3
- Windows enviroment variables dont work HOT 2
- Just clean installed and get the following error HOT 3
- [API] Episodes that don't exist get sys.exit() instead of just raising an exception HOT 4
- anipy-cli: error: Specified player `mpvnet` is unknown HOT 1
- Configuring a different player via player_path which leads to mpv.exe on Windows side produces an error (WSL) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anipy-cli.