password will be invisible when entered via keyboard

- new dependency: crate rpassword - see also issue #68 - no more logging of passwords in debug output
8go · Oct 12, 2023 · 2e48e24 · 2e48e24
1 parent 4f76fa8
commit 2e48e24
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 26 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -2,7 +2,7 @@
 
 [package]
 name = "matrix-commander"
-version = "0.2.1"
+version = "0.2.2"
 edition = "2021"
 description = "simple but convenient CLI-based Matrix client app for sending and receiving"
 documentation = "https://docs.rs/matrix-commander"
@@ -37,8 +37,9 @@ mime_guess = "2.0"
 update-informer = "1.1"
 json = "0.12"
 reqwest = "0.11"
-regex = "1.9"
+regex = "1.10"
 colored = "2.0"
+rpassword = "7.2"
 
 [dev-dependencies]
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.2.1
+0.2.2
diff --git a/src/main.rs b/src/main.rs
@@ -53,6 +53,7 @@ use std::str::FromStr;
 use thiserror::Error;
 use tracing::{debug, enabled, error, info, warn, Level};
 // use tracing_subscriber;
+use rpassword::read_password;
 use update_informer::{registry, Check};
 use url::Url;
 
@@ -2479,20 +2480,16 @@ fn get_password(ap: &mut Args) {
         std::io::stdout()
             .flush()
             .expect("error: could not flush stdout");
-
-        let mut input = String::new();
-        io::stdin()
-            .read_line(&mut input)
-            .expect("error: unable to read user input");
-
-        match input.trim() {
+        let password = read_password().unwrap();
+        match password.trim() {
             "" => {
                 error!("Empty password is not allowed!");
             }
             // Todo: check format, e.g. starts with letter, has @, has :, etc.
             _ => {
-                ap.password = Some(input.trim().to_string());
-                debug!("password is {}", input);
+                ap.password = Some(password);
+                // hide password from debug log files // password
+                debug!("password is {}", "******"); // password
             }
         }
     }
@@ -2682,9 +2679,10 @@ pub(crate) async fn cli_login(ap: &mut Args) -> Result<(Client, Credentials), Er
     get_password(ap);
     get_device(ap); // human-readable device name
     get_room_default(ap);
+    // hide password from debug log file // ap.password
     info!(
         "Parameters for login are: {:?} {:?} {:?} {:?} {:?}",
-        ap.homeserver, ap.user_login, ap.password, ap.device, ap.room_default
+        ap.homeserver, ap.user_login, "******", ap.device, ap.room_default
     );
     let (client, credentials) = crate::login(
         ap,

diff --git a/src/mclient.rs b/src/mclient.rs
@@ -1848,9 +1848,10 @@ pub(crate) async fn delete_devices_pre(client: &Client, ap: &mut Args) -> Result
                     ap.delete_device.push(device.device_id.to_string());
                 }
             }
+            // hide password from debug log file
             debug!(
                 "Preparing to delete these devices for user {:?} with password {:?}: {:?}",
-                user, password, ap.delete_device
+                user, "******", ap.delete_device
             );
             delete_devices(client, &ap.delete_device, user, password, ap.output).await
         } else {
@@ -1879,9 +1880,10 @@ pub(crate) async fn delete_devices(
         let deviceid: OwnedDeviceId = device_id.as_str().into();
         deviceids.push(deviceid);
     }
+    // hide password from debug log file
     debug!(
         "About to delete these devices of user {:?} with password {:?}: {:?}",
-        user, password, deviceids
+        user, "******", deviceids
     );
     if let Err(e) = client.delete_devices(&deviceids, None).await {
         if let Some(info) = e.uiaa_response() {