aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.md1
-rw-r--r--app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt13
2 files changed, 14 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0c0c0b94..18dd0ad5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file.
- Cancelling the Autofill "Generate password" action now correctly returns you to the original app.
- If multiple username fields exist in the password, we now ensure the later ones are not dropped from extra content.
- Icons in Autofill suggestions are no longer black on almost black in dark mode.
+- Decrypt screen would stay in memory infinitely, allowing passwords to be seen without re-auth
### Changed
diff --git a/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt b/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt
index cb43534d..cfcecc22 100644
--- a/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt
+++ b/app/src/main/java/com/zeapo/pwdstore/crypto/DecryptActivity.kt
@@ -114,6 +114,18 @@ class DecryptActivity : BasePgpActivity(), OpenPgpServiceConnection.OnBound {
}
/**
+ * Automatically finishes the activity 60 seconds after decryption succeeded to prevent
+ * information leaks from stale activities.
+ */
+ @OptIn(ExperimentalTime::class)
+ private fun startAutoDismissTimer() {
+ lifecycleScope.launch {
+ delay(60.seconds)
+ finish()
+ }
+ }
+
+ /**
* Edit the current password and hide all the fields populated by encrypted data so that when
* the result triggers they can be repopulated with new data.
*/
@@ -155,6 +167,7 @@ class DecryptActivity : BasePgpActivity(), OpenPgpServiceConnection.OnBound {
api?.executeApiAsync(data, inputStream, outputStream) { result ->
when (result?.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR)) {
OpenPgpApi.RESULT_CODE_SUCCESS -> {
+ startAutoDismissTimer()
runCatching {
val showPassword = settings.getBoolean(PreferenceKeys.SHOW_PASSWORD, true)
val showExtraContent = settings.getBoolean(PreferenceKeys.SHOW_EXTRA_CONTENT, true)