From cc389962fdd1c7eca9d328b794c95f8d5536944c Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Wed, 27 Oct 2021 22:56:09 -0400
Subject: don't grab the keyboard when entering the api key

unlike the vault password, it's pretty unlikely that someone will be
entering the api key by hand, so make copy/paste more reasonable
---
 src/bin/rbw-agent/actions.rs |  5 +++++
 src/pinentry.rs              | 10 +++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/bin/rbw-agent/actions.rs b/src/bin/rbw-agent/actions.rs
index 8039618..1cc71c3 100644
--- a/src/bin/rbw-agent/actions.rs
+++ b/src/bin/rbw-agent/actions.rs
@@ -36,6 +36,7 @@ pub async fn register(
                 &format!("Log in to {}", host),
                 err.as_deref(),
                 tty,
+                false,
             )
             .await
             .context("failed to read client_id from pinentry")?;
@@ -45,6 +46,7 @@ pub async fn register(
                 &format!("Log in to {}", host),
                 err.as_deref(),
                 tty,
+                false,
             )
             .await
             .context("failed to read client_secret from pinentry")?;
@@ -114,6 +116,7 @@ pub async fn login(
                 &format!("Log in to {}", host),
                 err.as_deref(),
                 tty,
+                true,
             )
             .await
             .context("failed to read password from pinentry")?;
@@ -218,6 +221,7 @@ async fn two_factor(
             "Enter the 6 digit verification code from your authenticator app.",
             err.as_deref(),
             tty,
+            true,
         )
         .await
         .context("failed to read code from pinentry")?;
@@ -372,6 +376,7 @@ pub async fn unlock(
                 "Unlock the local database",
                 err.as_deref(),
                 tty,
+                true,
             )
             .await
             .context("failed to read password from pinentry")?;
diff --git a/src/pinentry.rs b/src/pinentry.rs
index d62d4b2..b4d2bb0 100644
--- a/src/pinentry.rs
+++ b/src/pinentry.rs
@@ -8,15 +8,19 @@ pub async fn getpin(
     desc: &str,
     err: Option<&str>,
     tty: Option<&str>,
+    grab: bool,
 ) -> Result<crate::locked::Password> {
     let mut opts = tokio::process::Command::new(pinentry);
     opts.stdin(std::process::Stdio::piped())
         .stdout(std::process::Stdio::piped());
+    let mut args = vec!["-o", "0"];
     if let Some(tty) = tty {
-        opts.args(&["-T", tty, "-o", "0"]);
-    } else {
-        opts.args(&["-o", "0"]);
+        args.extend(&["-T", tty]);
     }
+    if !grab {
+        args.push("-g");
+    }
+    opts.args(args);
     let mut child = opts.spawn().map_err(|source| Error::Spawn { source })?;
     // unwrap is safe because we specified stdin as piped in the command opts
     // above
-- 
cgit v1.2.3-54-g00ecf