From 7a291894f6010b5a8f7094fef931ce72e3cb7cce Mon Sep 17 00:00:00 2001
From: Casper Biering <cbiering@toogoodtogo.com>
Date: Wed, 2 Sep 2020 12:31:17 +0200
Subject: [PATCH] Allow password to be saved to keychain with skip-prompt

---
 cmd/saml2aws/commands/configure.go | 41 ++++++++++++++++--------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/cmd/saml2aws/commands/configure.go b/cmd/saml2aws/commands/configure.go
index feddd6f64..83d44574b 100644
--- a/cmd/saml2aws/commands/configure.go
+++ b/cmd/saml2aws/commands/configure.go
@@ -21,6 +21,7 @@ const OneLoginOAuthPath = "/auth/oauth2/v2/token"
 func Configure(configFlags *flags.CommonFlags) error {
 
 	idpAccountName := configFlags.IdpAccount
+	idpAccountPassword := configFlags.Password
 
 	// pass in alternative location of saml2aws config file, if set.
 	cfgm, err := cfg.NewConfigManager(configFlags.ConfigFile)
@@ -43,13 +44,27 @@ func Configure(configFlags *flags.CommonFlags) error {
 			return errors.Wrap(err, "failed to input configuration")
 		}
 
-		if credentials.SupportsStorage() {
-			if err := storeCredentials(configFlags, account); err != nil {
-				return err
+		if credentials.SupportsStorage() && idpAccountPassword == "" {
+			password := prompter.Password("Password")
+			if password != "" {
+				if confirmPassword := prompter.Password("Confirm"); confirmPassword == password {
+					idpAccountPassword = password
+				} else {
+					log.Println("Passwords did not match")
+					os.Exit(1)
+				}
+			} else {
+				log.Println("No password supplied")
 			}
 		}
 	}
 
+	if credentials.SupportsStorage() {
+		if err := storeCredentials(configFlags, account, idpAccountPassword); err != nil {
+			return err
+		}
+	}
+
 	err = cfgm.SaveIDPAccount(idpAccountName, account)
 	if err != nil {
 		return errors.Wrap(err, "failed to save configuration")
@@ -63,28 +78,16 @@ func Configure(configFlags *flags.CommonFlags) error {
 	return nil
 }
 
-func storeCredentials(configFlags *flags.CommonFlags, account *cfg.IDPAccount) error {
+func storeCredentials(configFlags *flags.CommonFlags, account *cfg.IDPAccount, idpAccountPassword string) error {
 	if configFlags.DisableKeychain {
 		return nil
 	}
-	if configFlags.Password != "" {
-		if err := credentials.SaveCredentials(account.URL, account.Username, configFlags.Password); err != nil {
+	if idpAccountPassword != "" {
+		if err := credentials.SaveCredentials(account.URL, account.Username, idpAccountPassword); err != nil {
 			return errors.Wrap(err, "error storing password in keychain")
 		}
 	} else {
-		password := prompter.Password("Password")
-		if password != "" {
-			if confirmPassword := prompter.Password("Confirm"); confirmPassword == password {
-				if err := credentials.SaveCredentials(account.URL, account.Username, password); err != nil {
-					return errors.Wrap(err, "error storing password in keychain")
-				}
-			} else {
-				log.Println("Passwords did not match")
-				os.Exit(1)
-			}
-		} else {
-			log.Println("No password supplied")
-		}
+		log.Println("No password supplied")
 	}
 	if account.Provider == onelogin.ProviderName {
 		if configFlags.ClientID == "" || configFlags.ClientSecret == "" {