automatically delete empty passwords from the key store

The frontend uses this to invalidate the GitHub token, even though it can also deal with `null`. Let's keep the keystore clean and only keep entries that contain an actual password. Note that the consumers, i.e. the frontend, handle an empty password for the short time it's in memory.
2024-12-15 20:22:33 +03:00 · 2024-06-26 16:57:41 +02:00 · 2024-06-26 16:57:41 +02:00 · 7e7555567b
commit 7e7555567b
parent 9da051b089
2 changed files with 24 additions and 1 deletions
--- a/crates/gitbutler-core/src/secret.rs
+++ b/crates/gitbutler-core/src/secret.rs
@ -8,7 +8,13 @@ use std::sync::Mutex;

 /// Persist `secret` so that it can be retrieved by the given `handle`.
 pub fn persist(handle: &str, secret: &Sensitive<String>) -> Result<()> {
-    Ok(entry_for(handle)?.set_password(&secret.0)?)
+    let entry = entry_for(handle)?;
+    if secret.0.is_empty() {
+        entry.delete_password()?;
+    } else {
+        entry.set_password(&secret.0)?;
+    }
+    Ok(())
 }

 /// Obtain the previously [stored](persist()) secret known as `handle`.
--- a/crates/gitbutler-core/tests/secret/mod.rs
+++ b/crates/gitbutler-core/tests/secret/mod.rs
@ -28,5 +28,22 @@ fn store_and_retrieve() -> anyhow::Result<()> {
    Ok(())
 }

+#[test]
+#[serial]
+fn store_empty_equals_deletion() -> anyhow::Result<()> {
+    credentials::setup();
+    secret::persist("new", &Sensitive("secret".into()))?;
+    assert_eq!(credentials::count(), 1);
+
+    secret::persist("new", &Sensitive("".into()))?;
+    assert_eq!(
+        secret::retrieve("new")?.map(|s| s.0),
+        None,
+        "empty passwords are automatically deleted"
+    );
+    assert_eq!(credentials::count(), 0);
+    Ok(())
+}
+
 pub(crate) mod credentials;
 mod users;