chore: fully revert old_password,new_password env

Author: sadsfae

src/badfish/main.py

@@ -2453,10 +2453,10 @@ async def execute_badfish(_host, _args, logger, format_handler=None):
     _username = _args.get("u") or os.environ.get("BADFISH_USERNAME")
     _password = _args.get("p") or os.environ.get("BADFISH_PASSWORD")
 
-    if _args.get("p") or _args.get("new_password") or _args.get("old_password"):
+    if _args.get("p"):
         logger.warning(
-            "Passing secrets via command line arguments is unsafe. "
-            "Please use environment variables (BADFISH_USERNAME, BADFISH_PASSWORD)."
+            "Passing secrets via command line arguments can be unsafe. "
+            "Consider using environment variables (BADFISH_USERNAME, BADFISH_PASSWORD)."
         )
 
     if not _username or not _password:

tests/test_base.py

@@ -75,6 +75,7 @@ def badfish_call(
                 env_vars["BADFISH_USERNAME"] = mock_user
             if mock_pass is not None:
                 env_vars["BADFISH_PASSWORD"] = mock_pass
+            argv.extend(self.args)
 
         with patch.dict(os.environ, env_vars):
             try:

tests/test_execution.py

@@ -98,7 +98,7 @@ def test_cli_secrets_warning(self, mock_get, mock_post, mock_delete):
     # Explicitly use CLI secrets to trigger the warning
         _, err = self.badfish_call(use_cli_secrets=True)
 
-        assert "Passing secrets via command line arguments is unsafe" in err
+        assert "Passing secrets via command line arguments can be unsafe" in err
 
     @patch("aiohttp.ClientSession.delete")
     @patch("aiohttp.ClientSession.post")