Configure SSL certificate #26
Conversation
The user now can set whether to use an SSL certificate or not, or even set their own self-signed certificate from the config file. The config file comes with additional instruction and warning about SSL certificates. If ssl_verify isn't set in the config file, it defaults to true.
User config file contains a secret API that shouldn't be readable to others
timetagger_cli/core.py
Outdated
| # Config file contains user secret so it should not be readable to others | ||
| os.chmod(filename, 0o640) |
There was a problem hiding this comment.
Would be cleaner to do this where the file is created, in prepare_config_file()
There was a problem hiding this comment.
What should happen if the config file already exists and the user wants to setup the config again? Should it overwrite the permissions just in case the user have messed with them or leave the permissions unchanged and potentially exposing the user's secret?
There was a problem hiding this comment.
I guess the file can be kindof considered an "implementation detail", so let's set it every time. What do you think?
There was a problem hiding this comment.
I think it would be better to check if the existing file is a config file and try to mess less with user files in case it just so happens the user have some important, non-program related information.
I can commit now with that fix, but in the future it would be better to add some additional check, including what if the path is actually a directory and not a file.
Add option for the user to configure SSL certificate and either set one that's self-signed or ignore it completely when creating the request. Might be useful for people self-hosting inside an internal network that can't issue a certificate for validity and have one that of their own that they trust.
Edit: No idea why but all my work got PRd at once.
Changes made also include fix of #23, the config file contains a private information thus should be unreadable for others, and a typo fix in the config file's comment.