aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoragrahn <agrahn@users.noreply.github.com>2024-07-20 17:46:26 +0200
committerGitHub <noreply@github.com>2024-07-20 15:46:26 +0000
commit763fa9e459d27539a8f5d3ab19e0ec19e39319ee (patch)
tree29a47d96ba237dcdd8a9c32d0788655fba44512c
parent3062c9233e3185d5df299d5431d746620d2ce32b (diff)
enabling pgp passphrase cache with authentication (#3124)
* enabling pgp passphrase cache with authentication * clear passphrase cache on first autofill decrypt after screen off --------- Co-authored-by: Alexander Grahn <me@null.org>
-rw-r--r--app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt8
-rw-r--r--app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt5
-rw-r--r--app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt45
-rw-r--r--app/src/main/res/values-gl/strings.xml2
-rw-r--r--app/src/main/res/values-pl-rPL/strings.xml2
-rw-r--r--app/src/main/res/values/strings.xml2
6 files changed, 37 insertions, 27 deletions
diff --git a/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt b/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt
index c4114685..b6e82b7a 100644
--- a/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt
+++ b/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt
@@ -13,6 +13,7 @@ import android.os.Bundle
import android.view.autofill.AutofillManager
import androidx.fragment.app.setFragmentResultListener
import androidx.lifecycle.lifecycleScope
+import app.passwordstore.Application.Companion.screenWasOff
import app.passwordstore.R
import app.passwordstore.crypto.PGPIdentifier
import app.passwordstore.data.crypto.PGPPassphraseCache
@@ -28,6 +29,7 @@ import app.passwordstore.util.autofill.DirectoryStructure
import app.passwordstore.util.extensions.asLog
import app.passwordstore.util.features.Feature.EnablePGPPassphraseCache
import app.passwordstore.util.features.Features
+import app.passwordstore.util.settings.PreferenceKeys
import com.github.androidpasswordstore.autofillparser.AutofillAction
import com.github.androidpasswordstore.autofillparser.Credentials
import com.github.michaelbull.result.getOrElse
@@ -110,6 +112,12 @@ class AutofillDecryptActivity : BasePGPActivity() {
askPassphrase(filePath, gpgIdentifiers, clientState, action)
//
is Result.Success -> {
+ /* clear passphrase cache on first use after application startup or if screen was off;
+ also make sure to purge a stale cache after caching has been disabled via PGP settings */
+ if (screenWasOff && settings.getBoolean(PreferenceKeys.CLEAR_PASSPHRASE_CACHE, true)) {
+ passphraseCache.clearAllCachedPassphrases(this@AutofillDecryptActivity)
+ screenWasOff = false
+ }
val cachedPassphrase =
passphraseCache.retrieveCachedPassphrase(
this@AutofillDecryptActivity,
diff --git a/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt b/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
index 854ebabd..405d6f4e 100644
--- a/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
+++ b/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
@@ -168,8 +168,9 @@ class DecryptActivity : BasePGPActivity() {
askPassphrase(isError, gpgIdentifiers, authResult)
//
is BiometricResult.Success -> {
- // clear passphrase cache on first use after application startup or if screen was off
- if (screenWasOff && settings.getBoolean(PreferenceKeys.CLEAR_PASSPHRASE_CACHE, false)) {
+ /* clear passphrase cache on first use after application startup or if screen was off;
+ also make sure to purge a stale cache after caching has been disabled via PGP settings */
+ if (screenWasOff && settings.getBoolean(PreferenceKeys.CLEAR_PASSPHRASE_CACHE, true)) {
passphraseCache.clearAllCachedPassphrases(this@DecryptActivity)
screenWasOff = false
}
diff --git a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
index 3a77255b..2978b37a 100644
--- a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
+++ b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
@@ -5,6 +5,7 @@
package app.passwordstore.ui.settings
+import androidx.core.content.edit
import androidx.fragment.app.FragmentActivity
import androidx.lifecycle.lifecycleScope
import app.passwordstore.R
@@ -12,6 +13,7 @@ import app.passwordstore.data.crypto.PGPPassphraseCache
import app.passwordstore.ui.pgp.PGPKeyListActivity
import app.passwordstore.util.auth.BiometricAuthenticator
import app.passwordstore.util.extensions.launchActivity
+import app.passwordstore.util.extensions.sharedPrefs
import app.passwordstore.util.features.Feature
import app.passwordstore.util.settings.PreferenceKeys
import de.Maxr1998.modernpreferences.PreferenceScreen
@@ -46,16 +48,24 @@ class PGPSettings(
summaryRes = R.string.pref_passphrase_cache_summary
defaultValue = false
onCheckedChange { checked ->
- if (!checked && BiometricAuthenticator.canAuthenticate(activity)) {
- BiometricAuthenticator.authenticate(
- activity,
- R.string.pref_passphrase_cache_authenticate_clear,
- ) {
- if (it is BiometricAuthenticator.Result.Success)
- activity.lifecycleScope.launch {
- passphraseCache.clearAllCachedPassphrases(activity)
- }
- }
+ if (checked) {
+ if (BiometricAuthenticator.canAuthenticate(activity)) {
+ BiometricAuthenticator.authenticate(
+ activity,
+ R.string.pref_passphrase_cache_authenticate_enable,
+ ) {
+ if (!(it is BiometricAuthenticator.Result.Success))
+ activity.sharedPrefs.edit {
+ putBoolean(Feature.EnablePGPPassphraseCache.configKey, false)
+ }
+ }
+ } else
+ activity.sharedPrefs.edit {
+ putBoolean(Feature.EnablePGPPassphraseCache.configKey, false)
+ }
+ } else {
+ activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) }
+ activity.lifecycleScope.launch { passphraseCache.clearAllCachedPassphrases(activity) }
}
true
}
@@ -64,21 +74,12 @@ class PGPSettings(
dependency = Feature.EnablePGPPassphraseCache.configKey
titleRes = R.string.pref_passphrase_cache_auto_clear_title
summaryRes = R.string.pref_passphrase_cache_auto_clear_summary
- defaultValue = false
+ defaultValue = true
/* clear cache once when unchecking; this is to prevent a malicious user
* from bypassing cache clearing via the settings */
onCheckedChange { checked ->
- if (!checked && BiometricAuthenticator.canAuthenticate(activity)) {
- BiometricAuthenticator.authenticate(
- activity,
- R.string.pref_passphrase_cache_authenticate_clear,
- ) {
- if (it is BiometricAuthenticator.Result.Success)
- activity.lifecycleScope.launch {
- passphraseCache.clearAllCachedPassphrases(activity)
- }
- }
- }
+ if (!checked)
+ activity.lifecycleScope.launch { passphraseCache.clearAllCachedPassphrases(activity) }
true
}
}
diff --git a/app/src/main/res/values-gl/strings.xml b/app/src/main/res/values-gl/strings.xml
index 2be0b96b..d966d262 100644
--- a/app/src/main/res/values-gl/strings.xml
+++ b/app/src/main/res/values-gl/strings.xml
@@ -120,7 +120,7 @@
<string name="pref_pgp_ascii_armor_title">Cifrar co modo ASCII armor</string>
<string name="pref_passphrase_cache_title">Permitir usar a caché para frase de paso</string>
<string name="pref_passphrase_cache_summary">AVISO: esta característica funciona ben pero é experimental. Require que a pantalla estea bloqueada.</string>
- <string name="pref_passphrase_cache_authenticate_clear">Autenticarse para poder baleirar a cache</string>
+ <string name="pref_passphrase_cache_authenticate_enable">Autenticarse para activar a caché</string>
<string name="pref_passphrase_cache_auto_clear_title">Limpar automáticamente a frase de paso da caché</string>
<string name="pref_passphrase_cache_auto_clear_summary">Retira automáticamente a frase de paso da caché ao apagarse a pantalla</string>
<!-- PasswordGenerator fragment -->
diff --git a/app/src/main/res/values-pl-rPL/strings.xml b/app/src/main/res/values-pl-rPL/strings.xml
index 49068ffa..0948c71f 100644
--- a/app/src/main/res/values-pl-rPL/strings.xml
+++ b/app/src/main/res/values-pl-rPL/strings.xml
@@ -116,7 +116,7 @@
<string name="pref_pgp_key_manager_title">Menedżer kluczy</string>
<string name="pref_pgp_ascii_armor_title">Szyfruj w trybie ASCII-armor</string>
<string name="pref_passphrase_cache_summary">UWAGA: ta funkcjonalność powinna działać poprawnie, ale jest bardzo eksperymentalna. Wymaga aktywnej blokady ekranu.</string>
- <string name="pref_passphrase_cache_authenticate_clear">Uwierzytelnij aby wyczyścić pamięć podręczną</string>
+ <string name="pref_passphrase_cache_authenticate_enable">Uwierzytelnij aby włączyć pamięć podręczną</string>
<string name="pref_passphrase_cache_auto_clear_title">Automatycznie wyczyść pamięć podręczną haseł</string>
<string name="pref_passphrase_cache_auto_clear_summary">Czyści pamięć podręczną haseł po wyłączeniu ekranu</string>
<!-- PasswordGenerator fragment -->
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index bafda226..07a9661b 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -137,7 +137,7 @@
<string name="pref_pgp_ascii_armor_title">Encrypt in ASCII armor mode</string>
<string name="pref_passphrase_cache_title">Enable passphrase caching</string>
<string name="pref_passphrase_cache_summary">WARNING: this feature is functional but very experimental. Requires an active screen lock.</string>
- <string name="pref_passphrase_cache_authenticate_clear">Authenticate to clear cache</string>
+ <string name="pref_passphrase_cache_authenticate_enable">Authenticate to enable cache</string>
<string name="pref_passphrase_cache_auto_clear_title">Automatically clear passphrase cache</string>
<string name="pref_passphrase_cache_auto_clear_summary">Clears the passphrase cache when the screen is turned off</string>