Prompting for a password in Haskell command line application

Question

The following Haskell program prompts the user for a password in the terminal and continues if he has entered the correct one:

main = do
    putStrLn "Password:"
    password <- getLine

    case hash password `member` database of
        False -> putStrLn "Unauthorized use!"
        True  -> do
                 ...

Unfortunately, the password will appear on the screen as the user types it, which I want to avoid.

How can I read a sequence of characters that the users types without having the show up on the screen? What is the equivalent of getLine for this purpose?

I'm on MacOS X, but I would like this to work on Windows and Linux, too.

score 40 · Accepted Answer · edited Jan 27 '19 at 03:09

Do this:

module Main
where

import System.IO
import Control.Exception

main :: IO ()
main = getPassword >>= putStrLn . ("Entered: " ++)

getPassword :: IO String
getPassword = do
  putStr "Password: "
  hFlush stdout
  pass <- withEcho False getLine
  putChar '\n'
  return pass

withEcho :: Bool -> IO a -> IO a
withEcho echo action = do
  old <- hGetEcho stdin
  bracket_ (hSetEcho stdin echo) (hSetEcho stdin old) action

score 15 · Answer 2 · answered Nov 01 '10 at 06:47

15

There is a getPassword in System.Console.Haskeline. Probably it's an overkill for your case but someone may find it useful.

An example:

> runInputT defaultSettings $ do {p <- getPassword (Just '*') "pass:"; outputStrLn $ fromJust p}
pass:***
asd

answered Nov 01 '10 at 06:47

Daniel

26,899
12
60
88

2

Any idea why all the Haskeline functions return a `Maybe String` rather than a `String`? There's no documentation on it, and it seems to me that it should always return `String`, like standard `getLine`. – jameshfisher Dec 23 '13 at 23:25
1

That's because the standard `getLine` is a partial function, that will raise exception when receiving an `EOT`. haskeline will instead return `Nothing`, allowing you to do something different when you got an empty line, compared to `^D` – berdario Oct 14 '16 at 09:41
On MSYS2(Windows), `hSetEcho` doesn't work but this does. Thank you. – Ohashi Mar 31 '20 at 14:32

kennytm · Answer 3 · 2010-10-31T18:29:58.700

It is possible to disable echoing in the terminal with the System.Posix.Terminal module. However, this requires POSIX support, so may not work on Windows (I didn't check).

import System.Posix.Terminal 
import System.Posix.IO (stdInput)

getPassword :: IO String
getPassword = do
    tc <- getTerminalAttributes stdInput
    setTerminalAttributes stdInput (withoutMode tc EnableEcho) Immediately
    password <- getLine
    setTerminalAttributes stdInput tc Immediately
    return password

main = do
    putStrLn "Password:"
    password <- getPassword
    putStrLn "Name:"
    name <- getLine
    putStrLn $ "Your password is " ++ password ++ " and your name is " ++ name

Note that the stdin is line-buffered, so if you use putStr "Password:" instead of putStrLn, you need to flush the buffer first, otherwise the prompt will be inhibited also.

Nice, have an upvote! Looks like the humble `hSetEcho` from `System.IO` will do the trick, though. :-) — Heinrich Apfelmus, Oct 31 '10 at 20:02

score 7 · Answer 4 · edited Aug 11 '19 at 01:48

7

withEcho can be written with a little less noise:

withEcho :: Bool -> IO a -> IO a
withEcho echo action =
    bracket (hGetEcho stdin)
            (hSetEcho stdin)
            (const $ hSetEcho stdin echo >> action)

edited Aug 11 '19 at 01:48

4castle

32,613
11
69
106

answered Nov 15 '12 at 23:31

1chb

71
1
1

1

I think this is a bit too clever for me, I have to look quite hard to figure out how this works. A better fix may be to factor out the 'run action with temporarily changed setting' behaviour into something like `withTemp :: a -> IO a -> (a -> IO b) -> IO c -> IO c`, `withTemp tempValue getter setter action = ...` so that you can define `withEcho echo = withTemp echo (hGetEcho stdin) (hSetEcho stdin)`. – Frerich Raabe Feb 22 '14 at 23:40

score 4 · Answer 5 · answered Nov 01 '10 at 17:06

4

As I commented above, I suggest you use haskeline, which is a full prompt library. I've used it happily for LambdaCalculator with no complaints.

answered Nov 01 '10 at 17:06

Thomas M. DuBuisson

64,245
7
109
166

Any idea why all the Haskeline functions return a `Maybe String` rather than a `String`? There's no documentation on it, and it seems to me that it should always return `String`, like standard `getLine`. – jameshfisher Dec 23 '13 at 23:25
@jameshfisher It isn't immediately obvious to me, no. It would take some digging in the source. – Thomas M. DuBuisson Dec 23 '13 at 23:55

score 1 · Answer 6 · answered Jun 11 '20 at 04:27

1

I have found this useful when reading passwords:

import Control.Exception
import System.IO

withoutEcho :: IO a -> IO a
withoutEcho action =
  finally (hSetEcho stdin False >> action) (hSetEcho stdin True)

answered Jun 11 '20 at 04:27

Jens Petersen

166
9

For example Emacs shell will re-echo input with `withEcho True`. – Jens Petersen Jun 11 '20 at 04:35

Prompting for a password in Haskell command line application

6 Answers6

Linked