[polari] chatView: Mask identify passwords in private chats

[Florian Müllner <fmuellner src gnome org>]

commit 3c7cb6244ad13c0160fe121af18f4699e25e6963
Author: Florian Müllner <fmuellner gnome org>
Date:   Fri Sep 23 23:08:59 2016 +0200

    chatView: Mask identify passwords in private chats
    
    We now send automatic identify messages when connecting, so the
    sensitive password regularly appears in the NickServ conversation
    where it is potentially subject to shoulder surfing. Litigate this
    risk by masking the password part of identify messages.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=771888

 src/chatView.js |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)
---
diff --git a/src/chatView.js b/src/chatView.js
index d8bde62..8330946 100644
--- a/src/chatView.js
+++ b/src/chatView.js
@@ -1257,6 +1257,16 @@ const ChatView = new Lang.Class({
         let server = params.server.deep_unpack();
 
         let text = message.text;
+
+        // mask identify passwords in private chats
+        if (this._room.type == Tp.HandleType.CONTACT) {
+            let [isIdentify, username, password] =
+                Polari.util_match_identify_message(text);
+
+            if (isIdentify)
+                text = text.replace(password, (p) => p.replace(/./g, '●'));
+        }
+
         let channels = Utils.findChannels(text, server);
         let urls = Utils.findUrls(text).concat(channels).sort((u1,u2) => u1.pos - u2.pos);
         let pos = 0;