use libsecret for password storage

src/meson.build

@@ -17,6 +17,7 @@ audrey_deps = [
   dependency('gtk4', version: '>= 4.16'),
   dependency('json-glib-1.0', version: '>= 1.10'),
   dependency('libadwaita-1', version: '>= 1.6'),
+  dependency('libsecret-1', version: '>= 0.21'),
   dependency('libsoup-3.0', version: '>= 3.6'),
   dependency('sqlite3'),
 ]

src/ui/setup.vala

@@ -20,6 +20,13 @@ public class Ui.Setup : Adw.PreferencesDialog {
     private Sqlite.Statement db_get;
     private Sqlite.Statement db_set;
 
+    private static Secret.Schema secret_schema = new Secret.Schema (
+        "eu.callcc.audrey",
+        Secret.SchemaFlags.NONE,
+        "server-url", Secret.SchemaAttributeType.STRING,
+        "username", Secret.SchemaAttributeType.STRING
+    );
+
     construct {
         var app_config_dir = Path.build_filename (Environment.get_user_config_dir (), "audrey");
 
@@ -54,12 +61,7 @@ public class Ui.Setup : Adw.PreferencesDialog {
         this.status = _("Connecting...");
 
         string new_token, new_salt;
-        if (this.password != "") {
+        this.salt_password (this.password, out new_token, out new_salt);
-            this.salt_password (this.password, out new_token, out new_salt);
-        } else {
-            new_token = this.token;
-            new_salt = this.salt;
-        }
         var api = new Subsonic.with_token (
             this.server_url,
             this.username,
@@ -101,27 +103,19 @@ public class Ui.Setup : Adw.PreferencesDialog {
         }
         assert (this.db_get.reset () == Sqlite.OK);
 
-        this.db_get.bind_text (1, "token");
+        this.authn_can_edit = false;
-        if (this.db_get.step () == Sqlite.ROW) {
+        Secret.password_lookup.begin (secret_schema, null, (obj, res) => {
-            this.token = this.db_get.column_text (0);
+            try {
-        } else {
+                string? password = Secret.password_lookup.end (res);
-            this.token = "";
+                this.password = password ?? "";
-        }
+            } catch (Error e) {
-        assert (this.db_get.reset () == Sqlite.OK);
+                error ("could not look up password in keyring: %s", e.message);
+            }
 
-        this.db_get.bind_text (1, "salt");
+            // first connection
-        if (this.db_get.step () == Sqlite.ROW) {
+            this.authn_can_validate = true;
-            this.salt = this.db_get.column_text (0);
+            this.on_authn_validate_activated ();
-        } else {
+        }, "server-url", this.server_url, "username", this.username);
-            this.salt = "";
-        }
-        assert (this.db_get.reset () == Sqlite.OK);
-
-        this.password = "";
-
-        // first connection
-        this.authn_can_validate = true;
-        this.on_authn_validate_activated ();
     }
 
     private void salt_password (string password, out string token, out string salt) {
@@ -152,16 +146,14 @@ public class Ui.Setup : Adw.PreferencesDialog {
         assert (this.db_set.step () == Sqlite.DONE);
         assert (this.db_set.reset () == Sqlite.OK);
 
-        this.db_set.bind_text (1, "token");
+        this.authn_can_edit = false;
-        this.db_set.bind_text (2, this.token);
+        Secret.password_store.begin (secret_schema, null, "Subsonic password", this.password, null, (obj, res) => {
-        assert (this.db_set.step () == Sqlite.DONE);
+            try {
-        assert (this.db_set.reset () == Sqlite.OK);
+                Secret.password_store.end (res);
-
+            } catch (Error e) {
-        this.db_set.bind_text (1, "salt");
+                error ("could not store password in keyring: %s", e.message);
-        this.db_set.bind_text (2, this.salt);
+            }
-        assert (this.db_set.step () == Sqlite.DONE);
+            this.authn_can_edit = true;
-        assert (this.db_set.reset () == Sqlite.OK);
+        }, "server-url", this.server_url, "username", this.username);
-
-        this.password = "";
     }
 }