Skip to content

Add an extra check for CredentialAttribute for the credential rules #391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 2, 2015
Merged

Add an extra check for CredentialAttribute for the credential rules #391

merged 2 commits into from
Dec 2, 2015

Conversation

quoctruong
Copy link

No description provided.

@raghushantha
Copy link
Member

Looks good. pls merge

@KirkMunro
Copy link
Contributor

Before you merge, can you replace your "or" with "and", and fix the logic accordingly?

"Checks that Credential parameters are of type PSCredential and have the Credential attribute"

(make sure that they are used in the proper order as well).

The proper best practice is to use both the type and the attribute. See my comments in the discussion on the post that got you started with these changes in the first place for more information.

@quoctruong
Copy link
Author

Thanks Kirk for the suggestion. Fixed and merged.

quoctruong pushed a commit that referenced this pull request Dec 2, 2015
Merge pull request #391 from PowerShell/AddCredentialAttributeCheck
7b1a13a 
Add an extra check for CredentialAttribute for the credential rules
@quoctruong quoctruong merged commit 7b1a13a into development Dec 2, 2015
@quoctruong quoctruong deleted the AddCredentialAttributeCheck branch December 2, 2015 18:54
@KirkMunro
Copy link
Contributor

I just skimmed over the code, and PSCredentialTypeNoViolations.ps1 has a bug. The parameter syntax is currently listed as:

# Param1 help description
[Parameter(Mandatory=$true,
           ValueFromPipelineByPropertyName=$true,
           Position=0)]
[System.Management.Automation.CredentialAttribute()]
[pscredential]
$Credential

This syntax is incorrect, and it highlights exactly why the order is important. You should use this syntax as a test of incorrect behaviour and check ordering of the Credential Attribute and the PSCredential type. The correct syntax is as follows:

# Param1 help description
[Parameter(Mandatory=$true,
           ValueFromPipelineByPropertyName=$true,
           Position=0)]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
$Credential

PowerShell evaluates attributes for parameters from the bottom up. With the PSCredential type first, as in the first, wrong example, if you attempt to pass a string value into the Credential parameter, PowerShell will try to convert that string into a PSCredential. The conversion will fail, and the function will return an error. In the second, correct example, PowerShell will pass a string it receives through the CredentialAttribute, which will prompt the user with a dialog window for the password to go with the username (string) they provided. Once the password has been provided and the dialog closed with the OK button, the PSCredential object will be compared against the PSCredential type to see if the types match, and since they will match, the parameter will be accepted.

All to say, the PSCredential type must be listed above or to the left of the Credential attribute. That is the only way to properly define a credential parameter in PowerShell.

@raghushantha raghushantha mentioned this pull request Dec 2, 2015
Closed
@quoctruong
Copy link
Author

Thanks for the suggestion Kirk. I've made a new pull request to enforce this: #394

@KirkMunro
Copy link
Contributor

Just had a look, and it looks better now. Thanks Quoc!

@quoctruong quoctruong mentioned this pull request Jan 4, 2016
Closed
@kilasuit kilasuit mentioned this pull request Mar 3, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Area - Documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@quoctruong @raghushantha @KirkMunro @msftclas