2022-02-23 19:44:48 +11:00
|
|
|
package helpers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/jesseduffield/lazygit/pkg/commands/oscommands"
|
|
|
|
"github.com/jesseduffield/lazygit/pkg/gui/types"
|
|
|
|
)
|
|
|
|
|
|
|
|
type CredentialsHelper struct {
|
2023-03-23 12:35:07 +11:00
|
|
|
c *HelperCommon
|
2022-02-23 19:44:48 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewCredentialsHelper(
|
2023-03-23 12:35:07 +11:00
|
|
|
c *HelperCommon,
|
2022-02-23 19:44:48 +11:00
|
|
|
) *CredentialsHelper {
|
|
|
|
return &CredentialsHelper{
|
|
|
|
c: c,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// promptUserForCredential wait for a username, password or passphrase input from the credentials popup
|
2023-07-08 14:17:54 +10:00
|
|
|
// We return a channel rather than returning the string directly so that the calling function knows
|
|
|
|
// when the prompt has been created (before the user has entered anything) so that it can
|
|
|
|
// note that we're now waiting on user input and lazygit isn't processing anything.
|
|
|
|
func (self *CredentialsHelper) PromptUserForCredential(passOrUname oscommands.CredentialType) <-chan string {
|
|
|
|
ch := make(chan string)
|
2022-02-23 19:44:48 +11:00
|
|
|
|
|
|
|
self.c.OnUIThread(func() error {
|
|
|
|
title, mask := self.getTitleAndMask(passOrUname)
|
|
|
|
|
|
|
|
return self.c.Prompt(types.PromptOpts{
|
|
|
|
Title: title,
|
|
|
|
Mask: mask,
|
|
|
|
HandleConfirm: func(input string) error {
|
2023-07-08 14:17:54 +10:00
|
|
|
ch <- input + "\n"
|
2022-02-23 19:44:48 +11:00
|
|
|
|
|
|
|
return self.c.Refresh(types.RefreshOptions{Mode: types.ASYNC})
|
|
|
|
},
|
|
|
|
HandleClose: func() error {
|
2023-07-08 14:17:54 +10:00
|
|
|
ch <- "\n"
|
2022-02-23 19:44:48 +11:00
|
|
|
|
|
|
|
return nil
|
|
|
|
},
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2023-07-08 14:17:54 +10:00
|
|
|
return ch
|
2022-02-23 19:44:48 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
func (self *CredentialsHelper) getTitleAndMask(passOrUname oscommands.CredentialType) (string, bool) {
|
|
|
|
switch passOrUname {
|
|
|
|
case oscommands.Username:
|
|
|
|
return self.c.Tr.CredentialsUsername, false
|
|
|
|
case oscommands.Password:
|
|
|
|
return self.c.Tr.CredentialsPassword, true
|
|
|
|
case oscommands.Passphrase:
|
|
|
|
return self.c.Tr.CredentialsPassphrase, true
|
Add credential prompts for U2F-backed SSH keys
The 8.2 release of OpenSSH added support for FIDO/U2F hardware
authenticators, which manifests in being able to create new types of SSH
key, named `ecdsa-sk` nad `ed25519-sk`. This is relevant to lazygit,
as those SSH keys can be used to authorise git operations over SSH, as
well as signing git commits. Actual code changes are required for
correct support, as the authentication process for these types of keys
is different than the process for types supported previously.
When an operation requiring credentials is initialised with a U2F
authenticator-backed key, the first prompt is:
Enter PIN for ${key_type} key ${path_to_key}:
at which point the user is supposed to enter a numeric (and secret) PIN,
specific to the particular FIDO/U2F authenticator using which the SSH
keypair was generated. Upon entering the correct key, the user is
supposed to physically interact with the authenticator to confirm
presence. Sometimes this is accompanied by the following text prompt:
Confirm user presence for key ${key_type} ${key_fingerprint}
This second prompt does not always occur and it is presumed that the
user will know to perform this step even if not prompted specifically.
At this stage some authenticator devices may also begin to blink a LED
to indicate that they're waiting for input.
To facilitate lazygit's interoperability with these types of keys, add
support for the first PIN prompt, which allows "fetch", "pull", and
"push" git operations to complete.
2022-10-31 22:12:47 +01:00
|
|
|
case oscommands.PIN:
|
|
|
|
return self.c.Tr.CredentialsPIN, true
|
2022-02-23 19:44:48 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
// should never land here
|
|
|
|
panic("unexpected credential request")
|
|
|
|
}
|