From 953b3f5f14344271a597e797dd5e5938c15e8749 Mon Sep 17 00:00:00 2001
From: Jacob Prezant <179630496+jacobprezant@users.noreply.github.com>
Date: Thu, 1 Jan 2026 15:17:45 -0500
Subject: [PATCH] Remove sensitive info from logs and clean up cookie jar

Eliminated logging of password and authCode during login to avoid exposing sensitive information. Added removal of the cookie jar file during token revocation to ensure session cleanup.
---
 cmd/auth.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cmd/auth.go b/cmd/auth.go
index ee6aeee4..f9576197 100644
--- a/cmd/auth.go
+++ b/cmd/auth.go
@@ -78,9 +78,7 @@ func loginCmd() *cobra.Command {
 				}
 
 				dependencies.Logger.Verbose().
-					Str("password", password).
 					Str("email", email).
-					Str("authCode", util.IfEmpty(authCode, "<nil>")).
 					Msg("logging in")
 
 				output, err := dependencies.AppStore.Login(appstore.LoginInput{
@@ -161,6 +159,12 @@ func revokeCmd() *cobra.Command {
 				return err
 			}
 
+			cookieJarPath := dependencies.Machine.HomeDirectory() + string(os.PathSeparator) +
+				ConfigDirectoryName + string(os.PathSeparator) + CookieJarFileName
+			if err := dependencies.OS.Remove(cookieJarPath); err != nil && !dependencies.OS.IsNotExist(err) {
+				return fmt.Errorf("failed to remove cookie jar: %w", err)
+			}
+
 			dependencies.Logger.Log().Bool("success", true).Send()
 
 			return nil