rstudioapi::askForPassword() does not mask password for some prompts

[tonytonov]

Hi! For a prompt containing a word "username" there is an undocumented behavior -- the absence of password masking (see image below).

R> rstudioapi::askForPassword('username')

My use case is calling through package getPass:

getPass::getPass(glue::glue("Enter password for username {user}: "))

I may remove the word "username" from the prompt, but it will still backfire if username is e.g. "my-username", making it inconsistent. It would be helpful to document such behavior and add an option to override it with an optional argument.

R> sessioninfo::session_info()
- Session info ----------------------------------------------
 setting  value                       
 version  R version 4.0.2 (2020-06-22)
 os       Windows 10 x64              
 system   x86_64, mingw32             
 ui       RStudio                     
 language (EN)                        
 collate  English_United States.1252  
 ctype    English_United States.1252  
 tz       Europe/Berlin               
 date     2020-09-10                  

- Packages --------------------------------------------------
 package     * version    date       lib source        
 assertthat    0.2.1      2019-03-21 [1] CRAN (R 4.0.0)
 cli           2.0.2      2020-02-28 [1] CRAN (R 4.0.0)
 colorspace    1.4-1      2019-03-18 [1] CRAN (R 4.0.0)
 crayon        1.3.4      2017-09-16 [1] CRAN (R 4.0.2)
 curl          4.3        2019-12-02 [1] CRAN (R 4.0.0)
 dplyr       * 1.0.1      2020-07-31 [1] CRAN (R 4.0.2)
 dxfeed      * 0.3.0.9000 2020-09-10 [1] local         
 ellipsis      0.3.1      2020-05-15 [1] CRAN (R 4.0.0)
 fansi         0.4.1      2020-01-08 [1] CRAN (R 4.0.0)
 generics      0.0.2      2018-11-29 [1] CRAN (R 4.0.0)
 getPass     * 0.2-2      2017-07-21 [1] CRAN (R 4.0.2)
 ggplot2     * 3.3.2      2020-06-19 [1] CRAN (R 4.0.2)
 glue        * 1.4.1      2020-05-13 [1] CRAN (R 4.0.0)
 gtable        0.3.0      2019-03-25 [1] CRAN (R 4.0.0)
 hms           0.5.3      2020-01-08 [1] CRAN (R 4.0.0)
 httr          1.4.2      2020-07-20 [1] CRAN (R 4.0.2)
 keyring       1.1.0      2018-07-16 [1] CRAN (R 4.0.0)
 lifecycle     0.2.0      2020-03-06 [1] CRAN (R 4.0.0)
 lubridate     1.7.9      2020-06-08 [1] CRAN (R 4.0.2)
 magrittr      1.5        2014-11-22 [1] CRAN (R 4.0.0)
 munsell       0.5.0      2018-06-12 [1] CRAN (R 4.0.0)
 pillar        1.4.6      2020-07-10 [1] CRAN (R 4.0.2)
 pkgconfig     2.0.3      2019-09-22 [1] CRAN (R 4.0.0)
 purrr         0.3.4      2020-04-17 [1] CRAN (R 4.0.0)
 R6            2.4.1      2019-11-12 [1] CRAN (R 4.0.0)
 Rcpp          1.0.5      2020-07-06 [1] CRAN (R 4.0.2)
 readr       * 1.3.1      2018-12-21 [1] CRAN (R 4.0.0)
 rlang         0.4.7      2020-07-09 [1] CRAN (R 4.0.2)
 rstudioapi  * 0.11       2020-02-07 [1] CRAN (R 4.0.0)
 scales        1.1.1      2020-05-11 [1] CRAN (R 4.0.0)
 sessioninfo   1.1.1      2018-11-05 [1] CRAN (R 4.0.0)
 stringi       1.4.6      2020-02-17 [1] CRAN (R 4.0.0)
 stringr       1.4.0      2019-02-10 [1] CRAN (R 4.0.0)
 tibble      * 3.0.3      2020-07-10 [1] CRAN (R 4.0.2)
 tidyr       * 1.1.1      2020-07-31 [1] CRAN (R 4.0.2)
 tidyselect    1.1.0      2020-05-11 [1] CRAN (R 4.0.0)
 utf8          1.1.4      2018-05-24 [1] CRAN (R 4.0.0)
 vctrs         0.3.2      2020-07-15 [1] CRAN (R 4.0.2)
 withr         2.2.0      2020-04-20 [1] CRAN (R 4.0.0)
 yaml          2.2.1      2020-02-01 [1] CRAN (R 4.0.0)

[tonytonov]

Hi @kevinushey, thanks for the quick fix. May I suggest documenting this exact behavior as intended? I may easily imagine a situation, where we ask for password by not using the word "password", but using "username": "Enter secret key for username tonytonov" "Enter passphrase for user randomUsername2020" What makes it even harder to pinpoint, is the underlying Java code that handles the logic, not the R code that one can somewhat easily locate and read.

[tonytonov]

Other common synonyms include "pass", "pwd". Mixing with other languages may occur, e.g. "Введите пароль для вашего username" -- a quite likely scenario in Ru-En "IT-speak".

[kevinushey]

Thanks; you're absolutely right. What I committed is a bandaid for this particular case but I agree we should have a way of explicitly requesting input masking or not in the dialog (regardless of the prompt used).

Re-opening this issue to keep that tracked.