From 4846fa769f1f0848138894c144b2e824f079cdb6 Mon Sep 17 00:00:00 2001
From: Manuel Stoeckl <code@mstoeckl.com>
Date: Tue, 17 Sep 2024 12:57:17 -0400
Subject: [PATCH] Only submit password if previous validation completed

This averts the risk that one can queue up many password submissions
by pressing enter repeatedly (or with key repeat, holding enter),
much more quickly than PAM will process them. It may also improve
usability by reducing unrevealed system state: now that at most one
password can be queued, the "Verifying" message is always shown when
a password is being validated.

However, this commit does introduce a minor UI issue: if one types
an invalid second password just slightly faster than PAM validation
completes, it may fail to submit, and the signs of this may be hard
to notice (state transition timing, presence of keypress indicator,
and (if enabled) attempt count).
---
 password.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/password.c b/password.c
index 5349e136..59f28c74 100644
--- a/password.c
+++ b/password.c
@@ -111,6 +111,9 @@ static void submit_password(struct swaylock_state *state) {
 	if (state->args.ignore_empty && state->password.len == 0) {
 		return;
 	}
+	if (state->auth_state == AUTH_STATE_VALIDATING) {
+		return;
+	}
 
 	state->input_state = INPUT_STATE_IDLE;
 	state->auth_state = AUTH_STATE_VALIDATING;