Merge pull request #2307 from gary-kim/fix-2306-password-retries

Allow multiple retries for interactive password input
2019-11-20 18:30:20 +01:00 · 2019-11-20 18:30:20 +01:00 · 26d1f9f4ba
commit 26d1f9f4ba
parent 6a89c0f0ef fea2464d4d
3 changed files with 32 additions and 7 deletions
--- a/changelog/unreleased/issue-2306
+++ b/changelog/unreleased/issue-2306
@ -0,0 +1,7 @@
+Enhancement: Allow multiple retries for interactive password input
+
+Restic used to quit if the repository password was typed incorrectly once.
+Restic will now ask the user again for the repository password if typed incorrectly.
+The user will now get three tries to input the correct password before restic quits. 
+
+https://github.com/restic/restic/issues/2306
--- a/cmd/restic/global.go
+++ b/cmd/restic/global.go
@ -320,7 +320,7 @@ func ReadPassword(opts GlobalOptions, prompt string) (string, error) {
 	}

 	if len(password) == 0 {
-		return "", errors.Fatal("an empty password is not a password")
+		return "", errors.New("an empty password is not a password")
 	}

 	return password, nil
@ -366,14 +366,32 @@ func OpenRepository(opts GlobalOptions) (*repository.Repository, error) {

 	s := repository.New(be)

-	opts.password, err = ReadPassword(opts, "enter password for repository: ")
-	if err != nil {
-		return nil, err
+	passwordTriesLeft := 1
+	if stdinIsTerminal() && opts.password == "" {
+		passwordTriesLeft = 3
 	}

-	err = s.SearchKey(opts.ctx, opts.password, maxKeys, opts.KeyHint)
+	for ; passwordTriesLeft > 0; passwordTriesLeft-- {
+		opts.password, err = ReadPassword(opts, "enter password for repository: ")
+		if err != nil && passwordTriesLeft > 1 {
+			opts.password = ""
+			fmt.Printf("%s. Try again\n", err)
+		}
+		if err != nil {
+			continue
+		}
+
+		err = s.SearchKey(opts.ctx, opts.password, maxKeys, opts.KeyHint)
+		if err != nil && passwordTriesLeft > 1 {
+			opts.password = ""
+			fmt.Printf("%s. Try again\n", err)
+		}
+	}
 	if err != nil {
-		return nil, err
+		if errors.IsFatal(err) {
+			return nil, err
+		}
+		return nil, errors.Fatalf("%s", err)
 	}

 	if stdoutIsTerminal() && !opts.JSON {
--- a/internal/repository/key.go
+++ b/internal/repository/key.go
@ -18,7 +18,7 @@ import (

 var (
 	// ErrNoKeyFound is returned when no key for the repository could be decrypted.
-	ErrNoKeyFound = errors.Fatal("wrong password or no key found")
+	ErrNoKeyFound = errors.New("wrong password or no key found")

 	// ErrMaxKeysReached is returned when the maximum number of keys was checked and no key could be found.
 	ErrMaxKeysReached = errors.Fatal("maximum number of keys reached")