From 4114634dd598713482a66948b40c6192da552785 Mon Sep 17 00:00:00 2001
From: EddMCambs <42863301+EddMCambs@users.noreply.github.com>
Date: Mon, 10 Feb 2025 20:29:35 +0000
Subject: [PATCH] Improve password handling (#1)

* updates to allow passwords to work

* Update documentation now passwords are fixed.

* Fix typo

* Revert testing Dockerfile changes

* Fixed Typo

---------

Authored-by: Edd Miles <git@eddmil.es>
---
 README.md               |  2 +-
 docs/getting-started.md |  2 +-
 scripts/backup.sh       | 14 ++++++++++----
 scripts/includes.sh     |  4 ++--
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index d3e5a2e..ef7cb5d 100644
--- a/README.md
+++ b/README.md
@@ -93,7 +93,7 @@ URL for the actual budget server, without a trailing `/`
 
 ### ACTUAL_BUDGET_PASSWORD
 
-Password for the actual budget server. Single quotes must be escaped with a backslash. Double quotes, spaces, backslashes and the dollar symbol will break the script at present, so change your password if it has those symbols in it.
+Password for the actual budget server. If you're setting this through the docker-compose file, Single quotes must be escaped with by doubling them up. e.g. if your password is `SuperGo'oodPassw\ord"1` you would enter `ACTUAL_BUDGET_PASSWORD: 'SuperGo''oodPassw\ord"1'`. If you're using the env file method, you will need to work out your own way to encode your password without breaking the env file.
 
 ### ACTUAL_BUDGET_SYNC_ID
 
diff --git a/docs/getting-started.md b/docs/getting-started.md
index 90daf84..6d7fc05 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -32,7 +32,7 @@ Next you need to tell the container how it's going to talk to your Actual server
 
 `ACTUAL_BUDGET_URL` - First, set the url of the Actual Server, including the protocol, (and the port if applicable) (NB: Do NOT add a trailing / to this. e.g. `ACTUAL_BUDGET_URL: 'https://acutal.example.com'` will work, but `ACTUAL_BUDGET_URL: 'https://acutal.example.com/'` will not)
 
-`ACTUAL_BUDGET_PASSWORD` - Second, you need to put the password for your budget. (NB: If your password contains any singly quotes (`'`), you need to escape them e.g. if your password was `123Super'Password` you would need to enter `ACTUAL_BUDGET_PASSWORD: '123Super\'Password'`. If your password contains any of `"`, `$`, or `\`; change it so it doesn't. It's possible to make that work, but it's painful.)
+`ACTUAL_BUDGET_PASSWORD` - Second, you need to put the password for your budget. (NB: If your password contains any single quotes (`'`), you need to escape the by doubling them up e.g. if your password was `123Super'Password` you would need to enter `ACTUAL_BUDGET_PASSWORD: '123Super''Password'`.
 
 `ACTUAL_BUDGET_SYNC_ID` - Finally, this identifies the budget on the server. To get this ID, open Actual in your web browser, and go to `Settings`. At the bottom, click `Show advanced settings`, and the `Sync ID` should be in the top section there.
 
diff --git a/scripts/backup.sh b/scripts/backup.sh
index 819cbcd..eb11a73 100644
--- a/scripts/backup.sh
+++ b/scripts/backup.sh
@@ -12,12 +12,18 @@ function backup_file_name () {
     BACKUP_FILE_ZIP="backup/backup.$1.${NOW}.zip"
 }
 
+function prepare_login_json() {
+    (printf '%s\0%s\0' "loginMethod" "password" && printf '%s\0%s\0' "password" "${ACTUAL_BUDGET_PASSWORD}") | jq -Rs 'split("\u0000") | . as $a 
+                  | reduce range(0; 2) as $i 
+                  ({}; . + {($a[2*$i]): ($a[2*$i + 1])})' > /tmp/login.json
+}
+
 function download_actual_budget() {
-    color blue "Downloading Actual Budger backup"
+    color blue "Downloading Actual Budget backup"
     color green "Login into Actual Budget" 
-
-    local TOKEN="$(curl -s --location "${ACTUAL_BUDGET_URL}/account/login" --header 'Content-Type: application/json' --data-raw "{\"loginMethod\": \"password\",\"password\": \"${ACTUAL_BUDGET_PASSWORD}\"}"  | jq --raw-output '.data.token')"
-
+    prepare_login_json
+    local TOKEN="$(curl -s --location "${ACTUAL_BUDGET_URL}/account/login" --header 'Content-Type: application/json' --data @/tmp/login.json  | jq --raw-output '.data.token')"
+    rm /tmp/login.json
     for ACTUAL_BUDGET_SYNC_ID_X in "${ACTUAL_BUDGET_SYNC_ID_LIST[@]}"
     do
         color green "Get file id for ${ACTUAL_BUDGET_SYNC_ID_X}"
diff --git a/scripts/includes.sh b/scripts/includes.sh
index 9e961ad..cecbabd 100644
--- a/scripts/includes.sh
+++ b/scripts/includes.sh
@@ -199,8 +199,8 @@ function init_actual_env(){
 
     get_env ACTUAL_BUDGET_SYNC_ID
 
-    if [[ -z "${!ACTUAL_BUDGET_SYNC_ID}" ]]; then        
-        colot red "Invalid sync id"
+    if [[ -z "${ACTUAL_BUDGET_SYNC_ID}" ]]; then        
+        color red "Invalid sync id"
         exit 1
     fi