From af886e57c813c3f1117193a8f26eab9f30f916ce Mon Sep 17 00:00:00 2001 From: Ari Palo Date: Thu, 12 May 2022 21:19:50 +0300 Subject: [PATCH 1/2] fix: hide sensitive input Fixes #28 by using Go's x/term package's ReadPassword --- internal/msg/msg.go | 2 +- internal/prompt/prompt.go | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/internal/msg/msg.go b/internal/msg/msg.go index 7a17353b..ab99247a 100644 --- a/internal/msg/msg.go +++ b/internal/msg/msg.go @@ -67,7 +67,7 @@ func Error(prefix emoji.Emoji, message string) { } func Prompt(prefix emoji.Emoji, message string) { - d.Promptln(prefix, message) + d.Prompt(prefix, message) } func Fatal(message string) { diff --git a/internal/prompt/prompt.go b/internal/prompt/prompt.go index 03edc03e..e60bd67f 100644 --- a/internal/prompt/prompt.go +++ b/internal/prompt/prompt.go @@ -1,12 +1,12 @@ package prompt import ( - "bufio" "context" - "os" "strings" + "syscall" "github.com/ncruces/zenity" + "golang.org/x/term" ) func Password(ctx context.Context, title string, text string) (string, error) { @@ -37,12 +37,11 @@ func Dialog(ctx context.Context, title string, text string) (string, error) { } func Cli(ctx context.Context, text string) (string, error) { - reader := bufio.NewReader(os.Stdin) - value, err := reader.ReadString('\n') + value, err := term.ReadPassword(int(syscall.Stdin)) if err != nil { return "", err } - return strings.TrimSpace(value), nil + return strings.TrimSpace(string(value)), nil } From a23c242f01e4ca7a228bc2572848a27be90ffc89 Mon Sep 17 00:00:00 2001 From: Ari Palo Date: Thu, 12 May 2022 21:31:24 +0300 Subject: [PATCH 2/2] feat: hidden input for password, visible input for token --- go.mod | 2 +- go.sum | 4 ++-- internal/msg/msg.go | 2 +- internal/prompt/prompt.go | 16 +++++++++++++++- internal/totp/message.go | 3 ++- internal/yubikey/askpass/ask.go | 2 +- 6 files changed, 22 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 4a49a9bc..7c7d54f3 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/spf13/cobra v1.4.0 github.com/spf13/viper v1.11.0 github.com/stretchr/testify v1.7.1 + golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 gopkg.in/ini.v1 v1.66.4 gopkg.in/natefinch/lumberjack.v2 v2.0.0 ) @@ -80,7 +81,6 @@ require ( golang.org/x/image v0.0.0-20220321031419-a8550c1d254a // indirect golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect golang.org/x/sys v0.0.0-20220429121018-84afa8d3f7b3 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/protobuf v1.28.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index e3e35e5d..9b1fde66 100644 --- a/go.sum +++ b/go.sum @@ -469,8 +469,8 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220429121018-84afa8d3f7b3 h1:kBsBifDikLCf5sUMbcD8p73OinDtAQWQp8+n7FiyzlA= golang.org/x/sys v0.0.0-20220429121018-84afa8d3f7b3/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8= +golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/internal/msg/msg.go b/internal/msg/msg.go index ab99247a..7a17353b 100644 --- a/internal/msg/msg.go +++ b/internal/msg/msg.go @@ -67,7 +67,7 @@ func Error(prefix emoji.Emoji, message string) { } func Prompt(prefix emoji.Emoji, message string) { - d.Prompt(prefix, message) + d.Promptln(prefix, message) } func Fatal(message string) { diff --git a/internal/prompt/prompt.go b/internal/prompt/prompt.go index e60bd67f..8b7b6698 100644 --- a/internal/prompt/prompt.go +++ b/internal/prompt/prompt.go @@ -1,7 +1,9 @@ package prompt import ( + "bufio" "context" + "os" "strings" "syscall" @@ -36,7 +38,7 @@ func Dialog(ctx context.Context, title string, text string) (string, error) { return strings.TrimSpace(value), nil } -func Cli(ctx context.Context, text string) (string, error) { +func CliPassword(ctx context.Context, text string) (string, error) { value, err := term.ReadPassword(int(syscall.Stdin)) if err != nil { @@ -45,3 +47,15 @@ func Cli(ctx context.Context, text string) (string, error) { return strings.TrimSpace(string(value)), nil } + +func Cli(ctx context.Context, text string) (string, error) { + + reader := bufio.NewReader(os.Stdin) + + value, err := reader.ReadString('\n') + if err != nil { + return "", err + } + + return strings.TrimSpace(value), nil +} diff --git a/internal/totp/message.go b/internal/totp/message.go index 07958154..ad9a5f37 100644 --- a/internal/totp/message.go +++ b/internal/totp/message.go @@ -3,6 +3,7 @@ package totp import ( "bytes" _ "embed" + "strings" "github.com/aripalo/vegas-credentials/internal/msg" "github.com/aripalo/vegas-credentials/internal/tmpl" @@ -26,5 +27,5 @@ func formatInputMessage(enableGui bool, enableYubikey bool) string { if err != nil { msg.Fatal(err.Error()) } - return message.String() + return strings.TrimSpace(message.String()) } diff --git a/internal/yubikey/askpass/ask.go b/internal/yubikey/askpass/ask.go index 386c86c4..4fce8788 100644 --- a/internal/yubikey/askpass/ask.go +++ b/internal/yubikey/askpass/ask.go @@ -9,7 +9,7 @@ import ( ) // Assign CLI Prompt to variable (useful for testing). -var cliPrompt = prompt.Cli +var cliPrompt = prompt.CliPassword // Assign GUI Prompt to variable (useful for testing). var guiPrompt = prompt.Password