summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarsh Shandilya <msfjarvis@gmail.com>2020-11-22 11:47:39 +0530
committerHarsh Shandilya <me@msfjarvis.dev>2020-12-21 20:26:44 +0530
commit295af9eff8adffb2a49d47bcbe6a09fdd068c154 (patch)
tree3013db68b662c52278dec2963732e9a5824d0f79
parentcf9a00990f62fe72d619ec2f1d269f43211f6607 (diff)
Automatically dismiss decryption screen after 60 seconds (#1216)
* Automatically dismiss decryption screen after 60 seconds Fixes #1215 Signed-off-by: Harsh Shandilya <me@msfjarvis.dev> * Update changelog Signed-off-by: Harsh Shandilya <me@msfjarvis.dev> (cherry picked from commit a9c73f1e517d6e308ff78784daf1a88f74d55cce) Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
-rw-r--r--CHANGELOG.md1
-rw-r--r--app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt13
2 files changed, 14 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d8d75bd0..1127ab45 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
- Cancelling the Autofill "Generate password" action now correctly returns you to the original app.
- If multiple username fields exist in the password, we now ensure the later ones are not dropped from extra content.
- Icons in Autofill suggestions are no longer black on almost black in dark mode.
+- Decrypt screen would stay in memory infinitely, allowing passwords to be seen without re-auth
## [1.13.1] - 2020-10-23
diff --git a/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt b/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt
index cb43534d..cfcecc22 100644
--- a/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt
+++ b/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt
@@ -114,6 +114,18 @@ class DecryptActivity : BasePgpActivity(), OpenPgpServiceConnection.OnBound {
}
/**
+ * Automatically finishes the activity 60 seconds after decryption succeeded to prevent
+ * information leaks from stale activities.
+ */
+ @OptIn(ExperimentalTime::class)
+ private fun startAutoDismissTimer() {
+ lifecycleScope.launch {
+ delay(60.seconds)
+ finish()
+ }
+ }
+
+ /**
* Edit the current password and hide all the fields populated by encrypted data so that when
* the result triggers they can be repopulated with new data.
*/
@@ -155,6 +167,7 @@ class DecryptActivity : BasePgpActivity(), OpenPgpServiceConnection.OnBound {
api?.executeApiAsync(data, inputStream, outputStream) { result ->
when (result?.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR)) {
OpenPgpApi.RESULT_CODE_SUCCESS -> {
+ startAutoDismissTimer()
runCatching {
val showPassword = settings.getBoolean(PreferenceKeys.SHOW_PASSWORD, true)
val showExtraContent = settings.getBoolean(PreferenceKeys.SHOW_EXTRA_CONTENT, true)