Store secrets as securely as possible

Use the keyring if allowed, available, otherwise use preference CURA-7180 keyring storage
2025-08-05 13:03:59 -06:00 · 2021-03-15 11:48:42 +01:00 · 2021-03-15 11:48:42 +01:00 · b604bbd255
commit b604bbd255
parent 47df060bee
2 changed files with 40 additions and 9 deletions
--- a/cura/OAuth2/SecretStorage.py
+++ b/cura/OAuth2/SecretStorage.py
@ -1,20 +1,47 @@
-import keyring
+from typing import Optional
+
+import keyring  # TODO: Add to about as dependency
+
+from UM.Logger import Logger


 class SecretStorage:
-    def __init__(self):
-        self._stored_secrets = []
+    def __init__(self, preferences: Optional["Preferences"] = None):
+        self._stored_secrets = {}
+        if preferences:
+            self._preferences = preferences
+            keys = self._preferences.getValue("general/keyring")
+            if keys is not None and keys != '':
+                self._stored_secrets = set(keys.split(";"))

    def __delitem__(self, key):
        if key in self._stored_secrets:
-            del self._stored_secrets[key]
+            self._stored_secrets.remove(key)
+            self._preferences.setValue("general/keyring", ";".join(self._stored_secrets))
            keyring.delete_password("cura", key)
+        else:
+            # TODO: handle removal of secret from preferences
+            pass

    def __setitem__(self, key, value):
-        self._stored_secrets.append(key)
-        keyring.set_password("cura", key, value)
+        try:
+            keyring.set_password("cura", key, value)
+            self._stored_secrets.add(key)
+            self._preferences.setValue(f"general/{key}", None)
+            self._preferences.setValue("general/keyring", ";".join(self._stored_secrets))
+        except:
+            Logger.logException("w", f"Could not store {key} in keyring.")
+            self._preferences.setValue(f"general/{key}", value)

    def __getitem__(self, key):
+        secret = self._preferences.getValue(f"general/{key}")
        if key in self._stored_secrets:
-            return keyring.get_password("cura", key)
-        return None
+            try:
+                secret = keyring.get_password("cura", key)
+            except:
+                if secret:
+                    Logger.logException("w",
+                                        f"{key} obtained from preferences, consider giving Cura access to the keyring")
+        if secret is None or secret == 'null':
+            Logger.logException("w", f"Could not load {key}")
+        return secret