aboutsummaryrefslogtreecommitdiff
path: root/app/src/main/java
diff options
context:
space:
mode:
authoragrahn <agrahn@users.noreply.github.com>2024-07-20 17:46:26 +0200
committerGitHub <noreply@github.com>2024-07-20 15:46:26 +0000
commit763fa9e459d27539a8f5d3ab19e0ec19e39319ee (patch)
tree29a47d96ba237dcdd8a9c32d0788655fba44512c /app/src/main/java
parent3062c9233e3185d5df299d5431d746620d2ce32b (diff)
enabling pgp passphrase cache with authentication (#3124)
* enabling pgp passphrase cache with authentication * clear passphrase cache on first autofill decrypt after screen off --------- Co-authored-by: Alexander Grahn <me@null.org>
Diffstat (limited to 'app/src/main/java')
-rw-r--r--app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt8
-rw-r--r--app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt5
-rw-r--r--app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt45
3 files changed, 34 insertions, 24 deletions
diff --git a/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt b/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt
index c4114685..b6e82b7a 100644
--- a/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt
+++ b/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt
@@ -13,6 +13,7 @@ import android.os.Bundle
import android.view.autofill.AutofillManager
import androidx.fragment.app.setFragmentResultListener
import androidx.lifecycle.lifecycleScope
+import app.passwordstore.Application.Companion.screenWasOff
import app.passwordstore.R
import app.passwordstore.crypto.PGPIdentifier
import app.passwordstore.data.crypto.PGPPassphraseCache
@@ -28,6 +29,7 @@ import app.passwordstore.util.autofill.DirectoryStructure
import app.passwordstore.util.extensions.asLog
import app.passwordstore.util.features.Feature.EnablePGPPassphraseCache
import app.passwordstore.util.features.Features
+import app.passwordstore.util.settings.PreferenceKeys
import com.github.androidpasswordstore.autofillparser.AutofillAction
import com.github.androidpasswordstore.autofillparser.Credentials
import com.github.michaelbull.result.getOrElse
@@ -110,6 +112,12 @@ class AutofillDecryptActivity : BasePGPActivity() {
askPassphrase(filePath, gpgIdentifiers, clientState, action)
//
is Result.Success -> {
+ /* clear passphrase cache on first use after application startup or if screen was off;
+ also make sure to purge a stale cache after caching has been disabled via PGP settings */
+ if (screenWasOff && settings.getBoolean(PreferenceKeys.CLEAR_PASSPHRASE_CACHE, true)) {
+ passphraseCache.clearAllCachedPassphrases(this@AutofillDecryptActivity)
+ screenWasOff = false
+ }
val cachedPassphrase =
passphraseCache.retrieveCachedPassphrase(
this@AutofillDecryptActivity,
diff --git a/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt b/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
index 854ebabd..405d6f4e 100644
--- a/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
+++ b/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
@@ -168,8 +168,9 @@ class DecryptActivity : BasePGPActivity() {
askPassphrase(isError, gpgIdentifiers, authResult)
//
is BiometricResult.Success -> {
- // clear passphrase cache on first use after application startup or if screen was off
- if (screenWasOff && settings.getBoolean(PreferenceKeys.CLEAR_PASSPHRASE_CACHE, false)) {
+ /* clear passphrase cache on first use after application startup or if screen was off;
+ also make sure to purge a stale cache after caching has been disabled via PGP settings */
+ if (screenWasOff && settings.getBoolean(PreferenceKeys.CLEAR_PASSPHRASE_CACHE, true)) {
passphraseCache.clearAllCachedPassphrases(this@DecryptActivity)
screenWasOff = false
}
diff --git a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
index 3a77255b..2978b37a 100644
--- a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
+++ b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
@@ -5,6 +5,7 @@
package app.passwordstore.ui.settings
+import androidx.core.content.edit
import androidx.fragment.app.FragmentActivity
import androidx.lifecycle.lifecycleScope
import app.passwordstore.R
@@ -12,6 +13,7 @@ import app.passwordstore.data.crypto.PGPPassphraseCache
import app.passwordstore.ui.pgp.PGPKeyListActivity
import app.passwordstore.util.auth.BiometricAuthenticator
import app.passwordstore.util.extensions.launchActivity
+import app.passwordstore.util.extensions.sharedPrefs
import app.passwordstore.util.features.Feature
import app.passwordstore.util.settings.PreferenceKeys
import de.Maxr1998.modernpreferences.PreferenceScreen
@@ -46,16 +48,24 @@ class PGPSettings(
summaryRes = R.string.pref_passphrase_cache_summary
defaultValue = false
onCheckedChange { checked ->
- if (!checked && BiometricAuthenticator.canAuthenticate(activity)) {
- BiometricAuthenticator.authenticate(
- activity,
- R.string.pref_passphrase_cache_authenticate_clear,
- ) {
- if (it is BiometricAuthenticator.Result.Success)
- activity.lifecycleScope.launch {
- passphraseCache.clearAllCachedPassphrases(activity)
- }
- }
+ if (checked) {
+ if (BiometricAuthenticator.canAuthenticate(activity)) {
+ BiometricAuthenticator.authenticate(
+ activity,
+ R.string.pref_passphrase_cache_authenticate_enable,
+ ) {
+ if (!(it is BiometricAuthenticator.Result.Success))
+ activity.sharedPrefs.edit {
+ putBoolean(Feature.EnablePGPPassphraseCache.configKey, false)
+ }
+ }
+ } else
+ activity.sharedPrefs.edit {
+ putBoolean(Feature.EnablePGPPassphraseCache.configKey, false)
+ }
+ } else {
+ activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) }
+ activity.lifecycleScope.launch { passphraseCache.clearAllCachedPassphrases(activity) }
}
true
}
@@ -64,21 +74,12 @@ class PGPSettings(
dependency = Feature.EnablePGPPassphraseCache.configKey
titleRes = R.string.pref_passphrase_cache_auto_clear_title
summaryRes = R.string.pref_passphrase_cache_auto_clear_summary
- defaultValue = false
+ defaultValue = true
/* clear cache once when unchecking; this is to prevent a malicious user
* from bypassing cache clearing via the settings */
onCheckedChange { checked ->
- if (!checked && BiometricAuthenticator.canAuthenticate(activity)) {
- BiometricAuthenticator.authenticate(
- activity,
- R.string.pref_passphrase_cache_authenticate_clear,
- ) {
- if (it is BiometricAuthenticator.Result.Success)
- activity.lifecycleScope.launch {
- passphraseCache.clearAllCachedPassphrases(activity)
- }
- }
- }
+ if (!checked)
+ activity.lifecycleScope.launch { passphraseCache.clearAllCachedPassphrases(activity) }
true
}
}