automatically delete empty passwords from the key store

The frontend uses this to invalidate the GitHub token, even though
it can also deal with `null`. Let's keep the keystore clean and
only keep entries that contain an actual password.

Note that the consumers, i.e. the frontend, handle an empty password
for the short time it's in memory.
This commit is contained in:
Sebastian Thiel 2024-06-26 16:57:41 +02:00
parent 9da051b089
commit 7e7555567b
No known key found for this signature in database
GPG Key ID: 9CB5EE7895E8268B
2 changed files with 24 additions and 1 deletions

View File

@ -8,7 +8,13 @@ use std::sync::Mutex;
/// Persist `secret` so that it can be retrieved by the given `handle`. /// Persist `secret` so that it can be retrieved by the given `handle`.
pub fn persist(handle: &str, secret: &Sensitive<String>) -> Result<()> { pub fn persist(handle: &str, secret: &Sensitive<String>) -> Result<()> {
Ok(entry_for(handle)?.set_password(&secret.0)?) let entry = entry_for(handle)?;
if secret.0.is_empty() {
entry.delete_password()?;
} else {
entry.set_password(&secret.0)?;
}
Ok(())
} }
/// Obtain the previously [stored](persist()) secret known as `handle`. /// Obtain the previously [stored](persist()) secret known as `handle`.

View File

@ -28,5 +28,22 @@ fn store_and_retrieve() -> anyhow::Result<()> {
Ok(()) Ok(())
} }
#[test]
#[serial]
fn store_empty_equals_deletion() -> anyhow::Result<()> {
credentials::setup();
secret::persist("new", &Sensitive("secret".into()))?;
assert_eq!(credentials::count(), 1);
secret::persist("new", &Sensitive("".into()))?;
assert_eq!(
secret::retrieve("new")?.map(|s| s.0),
None,
"empty passwords are automatically deleted"
);
assert_eq!(credentials::count(), 0);
Ok(())
}
pub(crate) mod credentials; pub(crate) mod credentials;
mod users; mod users;