gh-77065: Add optional keyword-only argument echo_char for getpass.getpass (#130496)

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
2025-11-24 20:30:18 +00:00 · 2025-05-06 15:56:20 +04:00 · 2025-05-06 15:56:20 +04:00 · bf8bbe9a81
commit bf8bbe9a81
parent 53e6d76aa3
5 changed files with 119 additions and 6 deletions
--- a/Lib/getpass.py
+++ b/Lib/getpass.py
@ -1,6 +1,7 @@
 """Utilities to get a password and/or the current user name.

-getpass(prompt[, stream]) - Prompt for a password, with echo turned off.
+getpass(prompt[, stream[, echo_char]]) - Prompt for a password, with echo
+turned off and optional keyboard feedback.
 getuser() - Get the user name from the environment or password database.

 GetPassWarning - This UserWarning is issued when getpass() cannot prevent
@ -25,13 +26,15 @@ __all__ = ["getpass","getuser","GetPassWarning"]
 class GetPassWarning(UserWarning): pass


-def unix_getpass(prompt='Password: ', stream=None):
+def unix_getpass(prompt='Password: ', stream=None, *, echo_char=None):
    """Prompt for a password, with echo turned off.

    Args:
      prompt: Written on stream to ask for the input.  Default: 'Password: '
      stream: A writable file object to display the prompt.  Defaults to
              the tty.  If no tty is available defaults to sys.stderr.
+      echo_char: A string used to mask input (e.g., '*').  If None, input is
+                hidden.
    Returns:
      The seKr3t input.
    Raises:
@ -40,6 +43,8 @@ def unix_getpass(prompt='Password: ', stream=None):

    Always restores terminal settings before returning.
    """
+    _check_echo_char(echo_char)
+
    passwd = None
    with contextlib.ExitStack() as stack:
        try:
@ -68,12 +73,16 @@ def unix_getpass(prompt='Password: ', stream=None):
                old = termios.tcgetattr(fd)     # a copy to save
                new = old[:]
                new[3] &= ~termios.ECHO  # 3 == 'lflags'
+                if echo_char:
+                    new[3] &= ~termios.ICANON
                tcsetattr_flags = termios.TCSAFLUSH
                if hasattr(termios, 'TCSASOFT'):
                    tcsetattr_flags |= termios.TCSASOFT
                try:
                    termios.tcsetattr(fd, tcsetattr_flags, new)
-                    passwd = _raw_input(prompt, stream, input=input)
+                    passwd = _raw_input(prompt, stream, input=input,
+                                        echo_char=echo_char)
+
                finally:
                    termios.tcsetattr(fd, tcsetattr_flags, old)
                    stream.flush()  # issue7208
@ -93,10 +102,11 @@ def unix_getpass(prompt='Password: ', stream=None):
        return passwd


-def win_getpass(prompt='Password: ', stream=None):
+def win_getpass(prompt='Password: ', stream=None, *, echo_char=None):
    """Prompt for password with echo off, using Windows getwch()."""
    if sys.stdin is not sys.__stdin__:
        return fallback_getpass(prompt, stream)
+    _check_echo_char(echo_char)

    for c in prompt:
        msvcrt.putwch(c)
@ -108,9 +118,15 @@ def win_getpass(prompt='Password: ', stream=None):
        if c == '\003':
            raise KeyboardInterrupt
        if c == '\b':
+            if echo_char and pw:
+                msvcrt.putch('\b')
+                msvcrt.putch(' ')
+                msvcrt.putch('\b')
            pw = pw[:-1]
        else:
            pw = pw + c
+            if echo_char:
+                msvcrt.putwch(echo_char)
    msvcrt.putwch('\r')
    msvcrt.putwch('\n')
    return pw
@ -126,7 +142,14 @@ def fallback_getpass(prompt='Password: ', stream=None):
    return _raw_input(prompt, stream)


-def _raw_input(prompt="", stream=None, input=None):
+def _check_echo_char(echo_char):
+    # ASCII excluding control characters
+    if echo_char and not (echo_char.isprintable() and echo_char.isascii()):
+        raise ValueError("'echo_char' must be a printable ASCII string, "
+                         f"got: {echo_char!r}")
+
+
+def _raw_input(prompt="", stream=None, input=None, echo_char=None):
    # This doesn't save the string in the GNU readline history.
    if not stream:
        stream = sys.stderr
@ -143,6 +166,8 @@ def _raw_input(prompt="", stream=None, input=None):
            stream.write(prompt)
        stream.flush()
    # NOTE: The Python C API calls flockfile() (and unlock) during readline.
+    if echo_char:
+        return _readline_with_echo_char(stream, input, echo_char)
    line = input.readline()
    if not line:
        raise EOFError
@ -151,6 +176,35 @@ def _raw_input(prompt="", stream=None, input=None):
    return line


+def _readline_with_echo_char(stream, input, echo_char):
+    passwd = ""
+    eof_pressed = False
+    while True:
+        char = input.read(1)
+        if char == '\n' or char == '\r':
+            break
+        elif char == '\x03':
+            raise KeyboardInterrupt
+        elif char == '\x7f' or char == '\b':
+            if passwd:
+                stream.write("\b \b")
+                stream.flush()
+            passwd = passwd[:-1]
+        elif char == '\x04':
+            if eof_pressed:
+                break
+            else:
+                eof_pressed = True
+        elif char == '\x00':
+            continue
+        else:
+            passwd += char
+            stream.write(echo_char)
+            stream.flush()
+            eof_pressed = False
+    return passwd
+
+
 def getuser():
    """Get the username from the environment or password database.