From e7a3de50388b086dc0f760864478873a817086fb Mon Sep 17 00:00:00 2001
From: nicolargo <nicolashennion@gmail.com>
Date: Thu, 9 May 2024 19:43:11 +0200
Subject: Hide password in the Glances browser form #503

---
 NEWS.rst                          |  1 +
 glances/client_browser.py         |  3 ++-
 glances/outputs/glances_curses.py | 35 ++++++++++++++++++++++++-----------
 glances/password.py               |  1 -
 glances/server.py                 |  3 ++-
 5 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/NEWS.rst b/NEWS.rst
index 19ee2dcd..f1af1ffd 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -48,6 +48,7 @@ Enhancements:
 * [WebUI] Added smart plugin support #2435
 * No more threshold display in the WebUI cpu/mem and memswap plugins #2420
 * Refactor Glances curses code #2580
+* Hide password in the Glances browser form #503
 * Replace Bottle by FastAPI #2181
 * Replace py3nvml with nvidia-ml-py #2688
 
diff --git a/glances/client_browser.py b/glances/client_browser.py
index b033ffe3..9cd2a0a0 100644
--- a/glances/client_browser.py
+++ b/glances/client_browser.py
@@ -146,7 +146,8 @@ class GlancesClientBrowser(object):
                 # Else, the password should be enter by the user
                 # Display a popup to enter password
                 clear_password = self.screen.display_popup(
-                    'Password needed for {}: '.format(server['name']), is_input=True
+                    'Password needed for {}: '.format(server['name']),
+                    popup_type='input', is_password=True
                 )
             # Store the password for the selected server
             if clear_password is not None:
diff --git a/glances/outputs/glances_curses.py b/glances/outputs/glances_curses.py
index 03c943d5..dacf0579 100644
--- a/glances/outputs/glances_curses.py
+++ b/glances/outputs/glances_curses.py
@@ -11,6 +11,7 @@
 from __future__ import unicode_literals
 
 import sys
+import getpass
 
 from glances.globals import MACOS, WINDOWS, nativestr, u, itervalues, enable, disable
 from glances.logger import logger
@@ -920,12 +921,17 @@ class _GlancesCurses(object):
                     self.display_plugin(stat_display[p])
 
     def display_popup(
-        self, message, size_x=None, size_y=None, duration=3, popup_type='info', input_size=30, input_value=None
+        self, message,
+        size_x=None, size_y=None,
+        duration=3,
+        popup_type='info',
+        input_size=30, input_value=None,
+        is_password=False
     ):
         """
         Display a centered popup.
 
-         popup_type: ='info'
+        popup_type: ='info'
          Just an information popup, no user interaction
          Display a centered popup with the given message during duration seconds
          If size_x and size_y: set the popup size
@@ -978,6 +984,8 @@ class _GlancesCurses(object):
             self.wait(duration * 1000)
             return True
         elif popup_type == 'input':
+            logger.info(popup_type)
+            logger.info(is_password)
             # Create a sub-window for the text field
             sub_pop = popup.derwin(1, input_size, 2, 2 + len(m))
             sub_pop.attron(self.colors_list['FILTER'])
@@ -990,16 +998,21 @@ class _GlancesCurses(object):
             # Create the textbox inside the sub-windows
             self.set_cursor(2)
             self.term_window.keypad(1)
-            textbox = GlancesTextbox(sub_pop, insert_mode=True)
-            textbox.edit()
-            self.set_cursor(0)
-            # self.term_window.keypad(0)
-            if textbox.gather() != '':
-                logger.debug("User enters the following string: %s" % textbox.gather())
-                return textbox.gather()[:-1]
+            if is_password:
+                textbox = getpass.getpass('')
+                self.set_cursor(0)
+                if textbox != '':
+                    return textbox
+                else:
+                    return None
             else:
-                logger.debug("User enters an empty string")
-                return None
+                textbox = GlancesTextbox(sub_pop, insert_mode=True)
+                textbox.edit()
+                self.set_cursor(0)
+                if textbox.gather() != '':
+                    return textbox.gather()[:-1]
+                else:
+                    return None
         elif popup_type == 'yesno':
             # # Create a sub-window for the text field
             sub_pop = popup.derwin(1, 2, len(sentence_list) + 1, len(m) + 2)
diff --git a/glances/password.py b/glances/password.py
index 3754f9dc..d0057630 100644
--- a/glances/password.py
+++ b/glances/password.py
@@ -59,7 +59,6 @@ class GlancesPassword(object):
 
         Return the comparison with the encrypted_password.
         """
-        logger.info("Check password")
         salt, encrypted_password = hashed_password.split('$')
         re_encrypted_password = self.get_hash(plain_password, salt=salt)
         return encrypted_password == re_encrypted_password
diff --git a/glances/server.py b/glances/server.py
index 9043dc58..ad343e20 100644
--- a/glances/server.py
+++ b/glances/server.py
@@ -66,7 +66,8 @@ class GlancesXMLRPCHandler(SimpleXMLRPCRequestHandler, object):
         if username in self.server.user_dict:
             from glances.password import GlancesPassword
 
-            pwd = GlancesPassword(username=username, config=self.config)
+            # TODO: config is not taken into account: it may be a problem ?
+            pwd = GlancesPassword(username=username, config=None)
             return pwd.check_password(self.server.user_dict[username], password)
         else:
             return False
-- 
cgit v1.2.3