diff options
| author | Harsh Shandilya <msfjarvis@gmail.com> | 2020-11-22 11:47:39 +0530 |
|---|---|---|
| committer | Harsh Shandilya <me@msfjarvis.dev> | 2020-12-21 20:26:44 +0530 |
| commit | 295af9eff8adffb2a49d47bcbe6a09fdd068c154 (patch) | |
| tree | 3013db68b662c52278dec2963732e9a5824d0f79 | |
| parent | cf9a00990f62fe72d619ec2f1d269f43211f6607 (diff) | |
Automatically dismiss decryption screen after 60 seconds (#1216)
* Automatically dismiss decryption screen after 60 seconds
Fixes #1215
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* Update changelog
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
(cherry picked from commit a9c73f1e517d6e308ff78784daf1a88f74d55cce)
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index d8d75bd0..1127ab45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file. - Cancelling the Autofill "Generate password" action now correctly returns you to the original app. - If multiple username fields exist in the password, we now ensure the later ones are not dropped from extra content. - Icons in Autofill suggestions are no longer black on almost black in dark mode. +- Decrypt screen would stay in memory infinitely, allowing passwords to be seen without re-auth ## [1.13.1] - 2020-10-23 diff --git a/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt b/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt index cb43534d..cfcecc22 100644 --- a/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt +++ b/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt @@ -114,6 +114,18 @@ class DecryptActivity : BasePgpActivity(), OpenPgpServiceConnection.OnBound { } /** + * Automatically finishes the activity 60 seconds after decryption succeeded to prevent + * information leaks from stale activities. + */ + @OptIn(ExperimentalTime::class) + private fun startAutoDismissTimer() { + lifecycleScope.launch { + delay(60.seconds) + finish() + } + } + + /** * Edit the current password and hide all the fields populated by encrypted data so that when * the result triggers they can be repopulated with new data. */ @@ -155,6 +167,7 @@ class DecryptActivity : BasePgpActivity(), OpenPgpServiceConnection.OnBound { api?.executeApiAsync(data, inputStream, outputStream) { result -> when (result?.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR)) { OpenPgpApi.RESULT_CODE_SUCCESS -> { + startAutoDismissTimer() runCatching { val showPassword = settings.getBoolean(PreferenceKeys.SHOW_PASSWORD, true) val showExtraContent = settings.getBoolean(PreferenceKeys.SHOW_EXTRA_CONTENT, true) |