fix(python): allowing PIN/passphrase input for Git Bash

[grdddj]

Trying to solve #1737

Allowing the input for PIN/passphrase on Windows in Git Bash, which has issues with hidden input.

Recognizing the situation (through sys.stdin.isatty()) and in negative case disallowing the hidden feature and reporting this to the user.

Screenshot from Git Bash on Windows:

[prusnak]

It seems to me that click.prompt uses getpass.getpass to obtain the input when hide_input is set.

According to the documentation getpass.getpass should be printing a warning (via GetPassWarning) if echo free input is not possible. Is that not the case for us?

[grdddj]

getpass.getpass should be printing a warning if echo free input is not possible. Is that not the case for us?

It was not the case for me, neither for the reporter of the issue - I have replicated the same behavior. There was no warning, and the script literally froze and had to be killed.

[prusnak]

Sorry, I now see the upstream Python bug mentioned earlier: https://bugs.python.org/issue44762

[matejcik]

additional comments:

Consider looking at CAN_HANDLE_HIDDEN_INPUT in get_passphrase and in that case, only ask once. No point in retyping to confirm if the user can see typos on screen.

This solves the issue for Git bash, but I'm not sure that it solves it for usage in scripts. I was considering a separate ScriptUI implementation:

• uses stdin instead of stderr (so click.echo and click.prompt without the err override)
• never uses hidden inputs
• prints prompts on single line, so instead of:

  prompt("Enter PIN")
  

  it would show

  click.echo("Enter PIN")
  pin = click.prompt()
  

• you can select ScriptUI by something like trezorctl --script
• it does not show PIN help text
• it prints out button request code (and in the future also name/index), PIN request type
• instead of auto-returning PASSPHRASE_ON_DEVICE, it asks you
  • (and of course only asks for passphrase once)
• does not use the envvar - the script is responsible for providing it.
• shows you something like "enter pin: code=None, max_length=50"
  • and then returns whatever you entered directly, the script is responsible for validating

In essence, this mode would turn trezorctl into an interactive tool that allows you to integrate Trezor into, say, Java, without writing a Java library.

[grdddj]

Thanks for the suggestions. After c2e5955 it looks like:

The creation of ScriptUI sounds interesting - should we create a separate issue for it?

[matejcik]

The creation of ScriptUI sounds interesting - should we create a separate issue for it?

I consider #1737 to be it -- if you read the issue description, it concerns script use, the git bash thing is a sub-issue.
We can accept this PR as a partial fix.

[matejcik]

lgtm, please squash&rebase

[matejcik]

also please add a changelog entry: "Fix PIN and passphrase entry in certain terminals on Windows"

[grdddj]

Sorry for a lot of force-pushes, I had issues with Windows line-endings and formatting