Skip to content

Commit

Permalink
Prompt to unlock individual item when getting secret from keyring
Browse files Browse the repository at this point in the history
Signed-off-by: AlanD20 <aland20@pm.me>
  • Loading branch information
AlanD20 committed May 30, 2024
1 parent 28657a5 commit 14b7cd2
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 7 deletions.
58 changes: 51 additions & 7 deletions keyring_mock.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
package keyring

type mockProviderItem struct {
Value string
Locked bool
}

type mockProvider struct {
mockStore map[string]map[string]string
mockStore map[string]map[string]*mockProviderItem
mockError error
}

Expand All @@ -12,12 +17,12 @@ func (m *mockProvider) Set(service, user, pass string) error {
return m.mockError
}
if m.mockStore == nil {
m.mockStore = make(map[string]map[string]string)
m.mockStore = make(map[string]map[string]*mockProviderItem)
}
if m.mockStore[service] == nil {
m.mockStore[service] = make(map[string]string)
m.mockStore[service] = make(map[string]*mockProviderItem)
}
m.mockStore[service][user] = pass
m.mockStore[service][user] = &mockProviderItem{Value: pass, Locked: true}
return nil
}

Expand All @@ -27,8 +32,12 @@ func (m *mockProvider) Get(service, user string) (string, error) {
return "", m.mockError
}
if b, ok := m.mockStore[service]; ok {
if v, ok := b[user]; ok {
return v, nil
if item, ok := b[user]; ok {
if item.Locked {
return "", ErrNotFound
}
_ = m.Lock(service, user)
return item.Value, nil
}
}
return "", ErrNotFound
Expand All @@ -41,7 +50,10 @@ func (m *mockProvider) Delete(service, user string) error {
}
if m.mockStore != nil {
if _, ok := m.mockStore[service]; ok {
if _, ok := m.mockStore[service][user]; ok {
if item, ok := m.mockStore[service][user]; ok {
if item.Locked {
return ErrNotFound
}
delete(m.mockStore[service], user)
return nil
}
Expand All @@ -50,6 +62,38 @@ func (m *mockProvider) Delete(service, user string) error {
return ErrNotFound
}

// Unlock unlocks item from the keyring given a service name and a user
func (m *mockProvider) Unlock(service, user string) error {
if m.mockError != nil {
return m.mockError
}
if m.mockStore != nil {
if _, ok := m.mockStore[service]; ok {
if item, ok := m.mockStore[service][user]; ok {
item.Locked = false
return nil
}
}
}
return ErrNotFound
}

// Lock locks item from the keyring given a service name and a user
func (m *mockProvider) Lock(service, user string) error {
if m.mockError != nil {
return m.mockError
}
if m.mockStore != nil {
if _, ok := m.mockStore[service]; ok {
if item, ok := m.mockStore[service][user]; ok {
item.Locked = true
return nil
}
}
}
return ErrNotFound
}

// MockInit sets the provider to a mocked memory store
func MockInit() {
provider = &mockProvider{}
Expand Down
18 changes: 18 additions & 0 deletions keyring_mock_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ func TestMockGet(t *testing.T) {
t.Errorf("Should not fail, got: %s", err)
}

_ = mp.Unlock(service, user)
pw, err := mp.Get(service, user)
if err != nil {
t.Errorf("Should not fail, got: %s", err)
Expand All @@ -32,6 +33,22 @@ func TestMockGet(t *testing.T) {
}
}

// TestGetLocked tests getting a locked password from the keyring.
func TestMockGetLocked(t *testing.T) {
mp := mockProvider{}
err := mp.Set(service, user, password)
if err != nil {
t.Errorf("Should not fail, got: %s", err)
}

pwd, err := mp.Get(service, user)
assertError(t, err, ErrNotFound)

if pwd != "" {
t.Errorf("Should not return item value, got: %s", pwd)
}
}

// TestGetNonExisting tests getting a secret not in the keyring.
func TestMockGetNonExisting(t *testing.T) {
mp := mockProvider{}
Expand All @@ -49,6 +66,7 @@ func TestMockDelete(t *testing.T) {
t.Errorf("Should not fail, got: %s", err)
}

_ = mp.Unlock(service, user)
err = mp.Delete(service, user)
if err != nil {
t.Errorf("Should not fail, got: %s", err)
Expand Down
6 changes: 6 additions & 0 deletions keyring_unix.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,12 @@ func (s secretServiceProvider) Get(service, user string) (string, error) {
}
defer svc.Close(session)

// unlock if invdividual item is locked
err = svc.Unlock(item)
if err != nil {
return "", err
}

secret, err := svc.GetSecret(item, session.Path())
if err != nil {
return "", err
Expand Down

0 comments on commit 14b7cd2

Please sign in to comment.