use libsecret for password storage

This commit is contained in:
Erica Z 2024-10-15 23:33:33 +02:00
parent e3a25e2429
commit ff9bd114ab
2 changed files with 30 additions and 37 deletions

View file

@ -17,6 +17,7 @@ audrey_deps = [
dependency('gtk4', version: '>= 4.16'), dependency('gtk4', version: '>= 4.16'),
dependency('json-glib-1.0', version: '>= 1.10'), dependency('json-glib-1.0', version: '>= 1.10'),
dependency('libadwaita-1', version: '>= 1.6'), dependency('libadwaita-1', version: '>= 1.6'),
dependency('libsecret-1', version: '>= 0.21'),
dependency('libsoup-3.0', version: '>= 3.6'), dependency('libsoup-3.0', version: '>= 3.6'),
dependency('sqlite3'), dependency('sqlite3'),
] ]

View file

@ -20,6 +20,13 @@ public class Ui.Setup : Adw.PreferencesDialog {
private Sqlite.Statement db_get; private Sqlite.Statement db_get;
private Sqlite.Statement db_set; private Sqlite.Statement db_set;
private static Secret.Schema secret_schema = new Secret.Schema (
"eu.callcc.audrey",
Secret.SchemaFlags.NONE,
"server-url", Secret.SchemaAttributeType.STRING,
"username", Secret.SchemaAttributeType.STRING
);
construct { construct {
var app_config_dir = Path.build_filename (Environment.get_user_config_dir (), "audrey"); var app_config_dir = Path.build_filename (Environment.get_user_config_dir (), "audrey");
@ -54,12 +61,7 @@ public class Ui.Setup : Adw.PreferencesDialog {
this.status = _("Connecting..."); this.status = _("Connecting...");
string new_token, new_salt; string new_token, new_salt;
if (this.password != "") {
this.salt_password (this.password, out new_token, out new_salt); this.salt_password (this.password, out new_token, out new_salt);
} else {
new_token = this.token;
new_salt = this.salt;
}
var api = new Subsonic.with_token ( var api = new Subsonic.with_token (
this.server_url, this.server_url,
this.username, this.username,
@ -101,27 +103,19 @@ public class Ui.Setup : Adw.PreferencesDialog {
} }
assert (this.db_get.reset () == Sqlite.OK); assert (this.db_get.reset () == Sqlite.OK);
this.db_get.bind_text (1, "token"); this.authn_can_edit = false;
if (this.db_get.step () == Sqlite.ROW) { Secret.password_lookup.begin (secret_schema, null, (obj, res) => {
this.token = this.db_get.column_text (0); try {
} else { string? password = Secret.password_lookup.end (res);
this.token = ""; this.password = password ?? "";
} catch (Error e) {
error ("could not look up password in keyring: %s", e.message);
} }
assert (this.db_get.reset () == Sqlite.OK);
this.db_get.bind_text (1, "salt");
if (this.db_get.step () == Sqlite.ROW) {
this.salt = this.db_get.column_text (0);
} else {
this.salt = "";
}
assert (this.db_get.reset () == Sqlite.OK);
this.password = "";
// first connection // first connection
this.authn_can_validate = true; this.authn_can_validate = true;
this.on_authn_validate_activated (); this.on_authn_validate_activated ();
}, "server-url", this.server_url, "username", this.username);
} }
private void salt_password (string password, out string token, out string salt) { private void salt_password (string password, out string token, out string salt) {
@ -152,16 +146,14 @@ public class Ui.Setup : Adw.PreferencesDialog {
assert (this.db_set.step () == Sqlite.DONE); assert (this.db_set.step () == Sqlite.DONE);
assert (this.db_set.reset () == Sqlite.OK); assert (this.db_set.reset () == Sqlite.OK);
this.db_set.bind_text (1, "token"); this.authn_can_edit = false;
this.db_set.bind_text (2, this.token); Secret.password_store.begin (secret_schema, null, "Subsonic password", this.password, null, (obj, res) => {
assert (this.db_set.step () == Sqlite.DONE); try {
assert (this.db_set.reset () == Sqlite.OK); Secret.password_store.end (res);
} catch (Error e) {
this.db_set.bind_text (1, "salt"); error ("could not store password in keyring: %s", e.message);
this.db_set.bind_text (2, this.salt); }
assert (this.db_set.step () == Sqlite.DONE); this.authn_can_edit = true;
assert (this.db_set.reset () == Sqlite.OK); }, "server-url", this.server_url, "username", this.username);
this.password = "";
} }
} }