Revert "Add visual feedback for API token input with asterisk masking" #29
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR removes the pwinput dependency and replaces it with asyncclick's built-in hide_input parameter for secure token input. The change simplifies the dependency footprint by using functionality already available in the asyncclick library.
- Replaced
pwinput.pwinput()withclick.prompt(..., hide_input=True)for API token input - Removed
pwinputdependency from all configuration files - Updated test mocks to use
click.promptinstead ofpwinput.pwinput
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/workato_platform_cli/cli/utils/config/manager.py | Replaced pwinput import and usage with asyncclick's hide_input parameter, removed explanatory comments about pwinput behavior |
| tests/unit/config/test_manager.py | Updated test mocks to use click.prompt instead of pwinput.pwinput, added token prompts to test prompt_answers dictionaries |
| pyproject.toml | Removed pwinput dependency specification and mypy ignore configuration |
| uv.lock | Removed pwinput package definition and references |
| .pre-commit-config.yaml | Removed pwinput from additional dependencies list |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Collaborator
|
Approved. |
hovu96
added a commit
that referenced
this pull request
Nov 5, 2025
Implements a new token input utility that provides visual feedback for API token entry with intelligent paste detection: - Shows asterisks (****) for manually typed characters - Detects long paste operations (>50 chars) via bracketed paste mode - Displays inline confirmation with character count in gray text - Combines typed and pasted content seamlessly - Handles very long tokens (750+ chars) without truncation - Avoids terminal buffer limitations of character-by-character input Technical Implementation: - Uses prompt_toolkit for password input with bracketed paste support - Custom key bindings to detect and handle paste events - ANSI escape sequences for inline confirmation prompt - Proper error handling and retry logic Dependencies: - Added prompt-toolkit>=3.0.0 - Updated mypy configuration and pre-commit hooks Testing: - 13 comprehensive unit tests with 61% code coverage - Tests cover typing, pasting, confirmation, retries, and error cases - All tests pass with proper mocking of terminal interaction Related to PR #28 (reverted in #29 due to pwinput truncation issues) This solution resolves the truncation problem by using bracketed paste mode instead of character-by-character input processing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
oalami
added a commit
that referenced
this pull request
Nov 6, 2025
* feat: Add smart token input with bracketed paste detection Implements a new token input utility that provides visual feedback for API token entry with intelligent paste detection: - Shows asterisks (****) for manually typed characters - Detects long paste operations (>50 chars) via bracketed paste mode - Displays inline confirmation with character count in gray text - Combines typed and pasted content seamlessly - Handles very long tokens (750+ chars) without truncation - Avoids terminal buffer limitations of character-by-character input Technical Implementation: - Uses prompt_toolkit for password input with bracketed paste support - Custom key bindings to detect and handle paste events - ANSI escape sequences for inline confirmation prompt - Proper error handling and retry logic Dependencies: - Added prompt-toolkit>=3.0.0 - Updated mypy configuration and pre-commit hooks Testing: - 13 comprehensive unit tests with 61% code coverage - Tests cover typing, pasting, confirmation, retries, and error cases - All tests pass with proper mocking of terminal interaction Related to PR #28 (reverted in #29 due to pwinput truncation issues) This solution resolves the truncation problem by using bracketed paste mode instead of character-by-character input processing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * feat: Integrate smart token input into workato init command Replaced click.prompt with get_token_with_smart_paste utility in both token prompt locations (_create_profile_with_env_vars and _create_new_profile). This provides visual feedback (asterisk masking) and handles long token pastes without truncation. Changes: - Added asyncio import and get_token_with_smart_paste import to manager.py - Replaced token prompts with asyncio.to_thread(get_token_with_smart_paste) - Updated 4 tests to mock get_token_with_smart_paste instead of click.prompt All 944 tests passing. Type checking, linting, and formatting all pass. Fixes DEVP-498 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Update src/workato_platform_cli/cli/utils/config/manager.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/workato_platform_cli/cli/utils/token_input.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * refactor: replace sys.exit with ClickException for proper error handling - Remove try-except wrapper in _prompt_and_validate_credentials that was masking UnauthorizedException, preventing proper error handling - Replace all sys.exit(1) calls with click.ClickException for validation errors and user cancellations - Remove unused sys import - Update tests to expect click.ClickException instead of SystemExit This allows @handle_api_exceptions and @handle_cli_exceptions decorators to properly catch and format all errors consistently. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor: standardize token error messages for consistency - Change "No token provided" to "API token cannot be empty" for consistency - Change prompt_text from "Workato API token" to "API token" (context is already clear from CLI name) - Update token_input.py to dynamically use prompt_text in error messages instead of hardcoded "Token" - Update tests to expect new consistent messaging All token-related error messages now consistently use "API token" across the codebase. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Ossama Alami <ossama.alami@workato.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have run into issues pasting long length (750+char) API keys - it appears that it is getting truncated.
I believe this is caused by terminal emulator input buffer limitations, not the
pwinputlibrary itself. Thepwinputlibrary processes input character-by-character usinggetch(), which makes it vulnerable to terminal paste buffer limits.Lets push this improvement out to a later release.
Reverts #28