fix insecure_connection text to not talk about password, and add new warning to inform user when he is about to send plain password on plain connection. Fixes #5607

src/common/config.py

@@ -315,6 +315,7 @@ class Config:
                     'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
                     'warn_when_plaintext_connection': [ opt_bool, True, _('Show a warning dialog before sending password on an plaintext connection.') ],
                     'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
+                    'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain conenction.') ],
                     'ssl_fingerprint_sha1': [ opt_str, '', '', True ],
                     'ignore_ssl_errors': [ opt_str, '', _('Space separated list of ssl errors to ignore.') ],
                     'use_srv': [ opt_bool, True, '', True ],

src/common/connection.py

@@ -2182,17 +2182,29 @@ class Connection(CommonConnection, ConnectionHandlers):
         q.setTagData('password', password)
         self.connection.send(iq)
 
-    def get_password(self, callback):
+    def get_password(self, callback, type_):
+        self.pasword_callback = (callback, type_)
         if self.password:
-            callback(self.password)
+            self.set_password(self.password)
             return
-        self.pasword_callback = callback
         self.dispatch('PASSWORD_REQUIRED', None)
 
     def set_password(self, password):
         self.password = password
         if self.pasword_callback:
-            self.pasword_callback(password)
+            callback, type_ = self.pasword_callback
+            if self._current_type == 'plain' and type_ == 'PLAIN' and \
+            gajim.config.get_per('accounts', self.name,
+            'warn_when_insecure_password'):
+                self.dispatch('INSECURE_PASSWORD', None)
+                return
+            callback(password)
+            self.pasword_callback = None
+
+    def accept_insecure_password(self):
+        if self.pasword_callback:
+            callback, type_ = self.pasword_callback
+            callback(self.password)
             self.pasword_callback = None
 
     def unregister_account(self, on_remove_success):

src/common/xmpp/auth_nb.py

@@ -241,7 +241,7 @@ class SASL(PlugIn):
         if 'PLAIN' in self.mecs:
             self.mecs.remove('PLAIN')
             self.mechanism = 'PLAIN'
-            self._owner._caller.get_password(self.set_password)
+            self._owner._caller.get_password(self.set_password, 'PLAIN')
             self.startsasl = SASL_IN_PROCESS
             raise NodeProcessed
         self.startsasl = SASL_FAILURE
@@ -335,7 +335,7 @@ class SASL(PlugIn):
             self.resp['digest-uri'] = 'xmpp/' + self._owner.Server
             self.resp['charset'] = 'utf-8'
             # Password is now required
-            self._owner._caller.get_password(self.set_password)
+            self._owner._caller.get_password(self.set_password, self.mechanism)
         elif 'rspauth' in chal:
             self._owner.send(str(Node('response', attrs={'xmlns':NS_SASL})))
         else:

src/gui_interface.py

@@ -1898,7 +1898,6 @@ class Interface:
 
     def handle_event_plain_connection(self, account, data):
         # ('PLAIN_CONNECTION', account, (connection))
-        server = gajim.config.get_per('accounts', account, 'hostname')
         def on_ok(is_checked):
             if not is_checked[0]:
                 on_cancel()
@@ -1915,8 +1914,9 @@ class Interface:
             gajim.connections[account].disconnect(on_purpose=True)
             self.handle_event_status(account, 'offline')
         pritext = _('Insecure connection')
-        sectext = _('You are about to send your password on an unencrypted '
+        sectext = _('You are about to connect to the server with an insecure '
-                'connection. Are you sure you want to do that?')
+                'connection. This means all your conversations will be '
+                'exchanged unencrypted. Are you sure you want to do that?')
         checktext1 = _('Yes, I really want to connect insecurely')
         checktext2 = _('Do _not ask me again')
         if 'plain_connection' in self.instances[account]['online_dialog']:
@@ -1929,7 +1929,6 @@ class Interface:
 
     def handle_event_insecure_ssl_connection(self, account, data):
         # ('INSECURE_SSL_CONNECTION', account, (connection, connection_type))
-        server = gajim.config.get_per('accounts', account, 'hostname')
         def on_ok(is_checked):
             if not is_checked[0]:
                 on_cancel()
@@ -1964,6 +1963,42 @@ class Interface:
             checktext2, on_response_ok=on_ok, on_response_cancel=on_cancel,
             is_modal=False)
 
+    def handle_event_insecure_password(self, account, data):
+        # ('INSECURE_PASSWORD', account, ())
+        def on_ok(is_checked):
+            if not is_checked[0]:
+                on_cancel()
+                return
+            del self.instances[account]['online_dialog']['insecure_password']
+            if is_checked[1]:
+                gajim.config.set_per('accounts', account,
+                    'warn_when_insecure_password', False)
+            if gajim.connections[account].connected == 0:
+                # We have been disconnecting (too long time since window is
+                # opened)
+                # re-connect with auto-accept
+                gajim.connections[account].connection_auto_accepted = True
+                show, msg = gajim.connections[account].continue_connect_info[:2]
+                self.roster.send_status(account, show, msg)
+                return
+            gajim.connections[account].accept_insecure_password()
+        def on_cancel():
+            del self.instances[account]['online_dialog']['insecure_password']
+            gajim.connections[account].disconnect(on_purpose=True)
+            self.handle_event_status(account, 'offline')
+        pritext = _('Insecure connection')
+        sectext = _('You are about to send your password unencrypted on an '
+            'insecure connection. Are you sure you want to do that?')
+        checktext1 = _('Yes, I really want to connect insecurely')
+        checktext2 = _('Do _not ask me again')
+        if 'insecure_password' in self.instances[account]['online_dialog']:
+            self.instances[account]['online_dialog']['insecure_password'].\
+                destroy()
+        self.instances[account]['online_dialog']['insecure_password'] = \
+            dialogs.ConfirmationDialogDoubleCheck(pritext, sectext, checktext1,
+            checktext2, on_response_ok=on_ok, on_response_cancel=on_cancel,
+            is_modal=False)
+
     def handle_event_pubsub_node_removed(self, account, data):
         # ('PUBSUB_NODE_REMOVED', account, (jid, node))
         if 'pep_services' in self.instances[account]:
@@ -2085,6 +2120,7 @@ class Interface:
             'PLAIN_CONNECTION': [self.handle_event_plain_connection],
             'INSECURE_SSL_CONNECTION': \
                 [self.handle_event_insecure_ssl_connection],
+            'INSECURE_PASSWORD': [self.handle_event_insecure_password],
             'PUBSUB_NODE_REMOVED': [self.handle_event_pubsub_node_removed],
             'PUBSUB_NODE_NOT_REMOVED': \
                 [self.handle_event_pubsub_node_not_removed],