configurable printing of failed login attempts

copyparty/__main__.py

@@ -1046,6 +1046,7 @@ def add_logging(ap):
     ap2.add_argument("--ansi", action="store_true", help="force colors; overrides environment-variable NO_COLOR")
     ap2.add_argument("--no-voldump", action="store_true", help="do not list volumes and permissions on startup")
     ap2.add_argument("--log-tdec", metavar="N", type=int, default=3, help="timestamp resolution / number of timestamp decimals")
+    ap2.add_argument("--log-badpwd", metavar="N", type=int, default=1, help="log passphrase of failed login attempts: 0=terse, 1=plaintext, 2=hashed")
     ap2.add_argument("--log-conn", action="store_true", help="debug: print tcp-server msgs")
     ap2.add_argument("--log-htp", action="store_true", help="debug: print http-server threadpool scaling")
     ap2.add_argument("--ihead", metavar="HEADER", type=u, action='append', help="dump incoming header")

copyparty/httpcli.py

@@ -7,6 +7,7 @@ import calendar
 import copy
 import errno
 import gzip
+import hashlib
 import itertools
 import json
 import os
@@ -2129,7 +2130,15 @@ class HttpCli(object):
             msg = "login ok"
             dur = int(60 * 60 * self.args.logout)
         else:
-            self.log("invalid password: {}".format(pwd), 3)
+            logpwd = pwd
+            if self.args.log_badpwd == 0:
+                logpwd = ""
+            elif self.args.log_badpwd == 2:
+                zb = hashlib.sha512(pwd.encode("utf-8", "replace")).digest()
+                logpwd = "%" + base64.b64encode(zb[:12]).decode("utf-8")
+
+            self.log("invalid password: {}".format(logpwd), 3)
+
             g = self.conn.hsrv.gpwd
             if g.lim:
                 bonk, ip = g.bonk(self.ip, pwd)