Fix application crash when disabling cache auto-clear option and potential attack vector (#3136)

prevent app crash upon passphrase cache clearing

2 files changed, 25 insertions, 4 deletions

diff --git a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
index 2978b37a..c21036ed 100644
--- a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
+++ b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
@@ -75,11 +75,31 @@ class PGPSettings(
         titleRes = R.string.pref_passphrase_cache_auto_clear_title
         summaryRes = R.string.pref_passphrase_cache_auto_clear_summary
         defaultValue = true
-        /* clear cache once when unchecking; this is to prevent a malicious user
-         * from bypassing cache clearing via the settings */
+        /* Clear the cache once when unchecking; this is to prevent a malicious user (someone
+         * knowing the screen-lock pin, but not knowing the PGP passphrase) from bypassing cache
+         * clearing via the settings. However, clearing EncryptedSharedPreferences requires
+         * authentication, otherwise the app crashes. Thus, the bad user could still bypass cache
+         * clearing by dismissing the auhentication dialog. To prevent this, we enforce cache
+         * clearing to stay enabled in case of any authentication failure. */
         onCheckedChange { checked ->
-          if (!checked)
-            activity.lifecycleScope.launch { passphraseCache.clearAllCachedPassphrases(activity) }
+          if (!checked) {
+            if (BiometricAuthenticator.canAuthenticate(activity)) {
+              BiometricAuthenticator.authenticate(
+                activity,
+                R.string.pref_passphrase_cache_auto_clear_authenticate_disable,
+              ) {
+                if (it is BiometricAuthenticator.Result.Success) {
+                  activity.lifecycleScope.launch {
+                    passphraseCache.clearAllCachedPassphrases(activity)
+                  }
+                } else {
+                  activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) }
+                }
+              }
+            } else {
+              activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) }
+            }
+          }
           true
         }
       }
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 404339ce..bddc831d 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -138,6 +138,7 @@
   <string name="pref_passphrase_cache_title">Enable passphrase caching</string>
   <string name="pref_passphrase_cache_summary">WARNING: this feature is functional but very experimental. Requires an active screen lock.</string>
   <string name="pref_passphrase_cache_authenticate_enable">Authenticate to enable cache</string>
+  <string name="pref_passphrase_cache_auto_clear_authenticate_disable">Authenticate to disable cache clearing</string>
   <string name="pref_passphrase_cache_auto_clear_title">Automatically clear passphrase cache</string>
   <string name="pref_passphrase_cache_auto_clear_summary">Clears the passphrase cache when the screen is turned off</string>