From 38a5e38f88536df3fd6d9756b71455f141dc2a46 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Mon, 13 Sep 2021 12:00:38 +0530
Subject: [PATCH] Transmit hashed password

---
 kittens/transfer/main.py   |  4 ++--
 kitty/file_transmission.py | 19 ++++++++++++++-----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/kittens/transfer/main.py b/kittens/transfer/main.py
index 4fcb38930..852a1e68f 100644
--- a/kittens/transfer/main.py
+++ b/kittens/transfer/main.py
@@ -18,7 +18,7 @@ from kitty.cli_stub import TransferCLIOptions
 from kitty.fast_data_types import FILE_TRANSFER_CODE
 from kitty.file_transmission import (
     Action, Compression, FileTransmissionCommand, FileType, NameReprEnum,
-    TransmissionType
+    TransmissionType, encode_password
 )
 from kitty.types import run_once
 from kitty.typing import KeyEventType
@@ -295,7 +295,7 @@ class SendManager:
 
     def __init__(self, request_id: str, files: Tuple[File, ...], pw: Optional[str] = None):
         self.files = files
-        self.password = pw or ''
+        self.password = encode_password(request_id, pw) if pw else ''
         self.fid_map = {f.file_id: f for f in self.files}
         self.request_id = request_id
         self.state = SendState.waiting_for_permission
diff --git a/kitty/file_transmission.py b/kitty/file_transmission.py
index d8a0f5e1f..f14bea890 100644
--- a/kitty/file_transmission.py
+++ b/kitty/file_transmission.py
@@ -26,6 +26,12 @@ EXPIRE_TIME = 10  # minutes
 MAX_ACTIVE_RECEIVES = 10
 
 
+def encode_password(request_id: str, pw: str) -> str:
+    import hashlib
+    q = request_id + ';' + pw
+    return 'sha256:' + hashlib.sha256(q.encode('utf-8', 'replace')).hexdigest()
+
+
 class NameReprEnum(Enum):
 
     def __repr__(self) -> str:
@@ -335,9 +341,12 @@ class ActiveReceive:
     files: Dict[str, DestFile]
     accepted: bool = False
 
-    def __init__(self, id: str, quiet: int, password: str) -> None:
-        self.id = id
-        self.password = password
+    def __init__(self, request_id: str, quiet: int, password: str) -> None:
+        self.id = request_id
+        self.password_ok: Optional[bool] = None
+        pw = get_options().file_transfer_password
+        if pw and password:
+            self.password_ok = encode_password(request_id, pw) == password
         self.files = {}
         self.last_activity_at = monotonic()
         self.send_acknowledgements = quiet < 1
@@ -559,8 +568,8 @@ class FileTransmission:
 
     def start_receive(self, ar_id: str) -> None:
         ar = self.active_receives[ar_id]
-        if ar.password:
-            self.handle_send_confirmation(ar_id, {'response': 'y' if ar.password == get_options().file_transfer_password else 'n'})
+        if ar.password_ok is not None:
+            self.handle_send_confirmation(ar_id, {'response': 'y' if ar.password_ok else 'n'})
             return
         boss = get_boss()
         window = boss.window_id_map.get(self.window_id)