Fix printing secrets in terminal

2 files changed, 32 insertions, 16 deletions

diff --git a/regional-currency/config.py b/regional-currency/config.py
index 94ecd9d..e382927 100755
--- a/regional-currency/config.py
+++ b/regional-currency/config.py
@@ -7,6 +7,7 @@ import re
 import subprocess
 import urllib.parse
 import uuid
+import getpass
 from base64 import b64decode, b64encode
 from typing import Callable, Dict, TypeVar
 
@@ -45,11 +46,8 @@ def load_conf() -> Dict[str, str]:
 conf = load_conf()
 result_conf = {**conf, "CONFIG_LOADED": "y"}
 
-
-def add_conf(name: str, value: str):
-    """Update a user configuration value and update the configuration file"""
-    conf[name] = value
-    result_conf[name] = value
+def store_conf():
+    """Update the configuration file"""
     content = ""
     for key, value in conf.items():
         escaped = value.replace("'", "'\\''")
@@ -57,6 +55,11 @@ def add_conf(name: str, value: str):
     with open(CONFIG_FILE, "w") as f:
         f.write(content)
 
+def add_conf(name: str, value: str):
+    """Update a user configuration value and update the configuration file"""
+    conf[name] = value
+    result_conf[name] = value
+    store_conf()
 
 def run_cmd(
     cmd: list[str], input: str | None = None, env: Dict[str, str] | None = None
@@ -132,14 +135,16 @@ def ask(
     default: T | None = None,
     check: Callable[[str], T | None] = lambda it: it,
     fmt: Callable[[T], str] = lambda it: str(it),
+    secret: bool = False
 ) -> T:
     """
-    Prompt the user to configurea value
+    Prompt the user to configure a value
     :param name: if present will try to fetch the current value and will store the new value
     :param msg: the message to prompt the user with
     :param default: default value to use if no value is obtained
     :param check: check and normalize the value
     :param fmt: format value for storage
+    :param secret: hide the input content
     :return: the configuration value
     """
 
@@ -147,7 +152,10 @@ def ask(
         # Log the prompt
         log.write(msg.encode() + "\n".encode())
         # Actual prompt
-        raw = input(msg).strip()
+        if secret:
+            raw = getpass.getpass(msg).strip()
+        else:
+            raw = input(msg).strip()
         if raw == "":
             if default is None:
                 print("You must enter a value")
@@ -157,9 +165,9 @@ def ask(
     return conf_value(name, do_ask, default, check, fmt)
 
 
-def ask_str(name: str | None, msg: str, default: str | None = None) -> str:
+def ask_str(name: str | None, msg: str, default: str | None = None, secret: bool = False) -> str:
     "Prompt the user to configure a string"
-    return ask(name, msg, default)
+    return ask(name, msg, default, secret=secret)
 
 
 def ask_bic(name: str | None, msg: str, default: str | None = None) -> str:
@@ -272,14 +280,14 @@ def ask_config_password() -> str:
     passwd = None
     if hash is not None:
         while True:
-            passwd = ask_str(None, "Enter the config password : ")
+            passwd = ask_str(None, "Enter the config password : ", secret=True)
             try:
                 ph.verify(hash, passwd)
                 break
             except argon2.exceptions.VerifyMismatchError:
                 print("invalid password")
     else:
-        passwd = ask_str(None, "1.1 Choose a config password : ")
+        passwd = ask_str(None, "1.1 Choose a config password : ", secret=True)
 
     if hash is None or ph.check_needs_rehash(hash):
         add_conf("CONFIG_PASSWORD", ph.hash(passwd))
@@ -317,7 +325,7 @@ def ask_secret(
                     f"$pbkdf2_sha512_chacha20_poly1305$1000000${base64.b64encode(salt).decode()}${base64.b64encode(cipher.nonce).decode()}${base64.b64encode(tag).decode()}${base64.b64encode(ciphertext).decode()}",
                 )
         else:
-            plaintext = ask_str(None, msg, default)
+            plaintext = ask_str(None, msg, default, True)
             salt = get_random_bytes(16)
             key = PBKDF2(passwd, salt, 32, count=1000000, hmac_hash_module=SHA512)
             cipher = ChaCha20_Poly1305.new(key=key)
@@ -439,12 +447,14 @@ if ask_yes_no(
         return auth_token
 
     conf_value("TELESIGN_AUTH_TOKEN", ask_telesign)
-ask_secret(
+generated_password= str(uuid.uuid4())
+admin_password = ask_secret(
     "BANK_ADMIN_PASSWORD",
     "8. Enter the admin password for the bank (or press enter to autogenerate password): ",
     config_passwd,
-    str(uuid.uuid4()),
+    generated_password,
 )
+add_conf("BANK_ADMIN_PASSWORD_GENERATED", "y" if generated_password==admin_password else "n")
 
 if ask_yes_no(
     "DO_EXCHANGE_TERMS",
@@ -468,6 +478,9 @@ if ask_yes_no(
         "-pp-",
     )
 
+# Update on disk format even if nothing have changed
+store_conf()
+
 # ----- Return conf ----- #
 
 content = ""
diff --git a/regional-currency/main.sh b/regional-currency/main.sh
index 1655c7d..a88ac3d 100755
--- a/regional-currency/main.sh
+++ b/regional-currency/main.sh
@@ -83,11 +83,14 @@ say "Setting up merchant (step 6 of 6)"
 ./setup-merchant.sh
 
 # Final message to the user
-source config/user.conf
 say ""
 say "Congratulations, you have successfully installed GNU Taler"
 say "Your bank is at ${PROTO}://bank.${DOMAIN_NAME}/"
-say "You can connect to the bank web UI as 'admin' using '${BANK_ADMIN_PASSWORD}'"
+if test ${BANK_ADMIN_PASSWORD_GENERATED} == y; then
+  say "You can connect to the bank web UI as 'admin' using '${BANK_ADMIN_PASSWORD}'"
+else
+  say "You can connect to the bank web UI as 'admin' using the password you entered earlier"
+fi
 say "A merchant is at ${PROTO}://backend.${DOMAIN_NAME}/"
 say "You should set credentials for the merchant soon."
 say "The exchange withdraw URI is taler://withdraw-exchange/exchange.${DOMAIN_NAME}/"