Authenticate with secure storage service (#402)

* Split secure key into use case Allows us to push authentication for key access as late as possible. * Do not reload if biometric locked * Linter fixes * Fix key upgrade scenario * Fix boolean value message parsing * Handle systems which don't support biometrics * Do not fail key retrieval on secret upgrade * Ensure old key is removed regardless of upgrade success * Log errors
2025-12-16 00:03:38 +00:00 · 2021-06-09 15:53:54 -05:00
parent d7682cde3b
commit 5ba1416679
15 changed files with 188 additions and 73 deletions
--- a/electron/src/services/electronRendererSecureStorage.service.ts
+++ b/electron/src/services/electronRendererSecureStorage.service.ts
@@ -1,29 +1,41 @@
 import { ipcRenderer } from 'electron';

-import { StorageService } from 'jslib-common/abstractions/storage.service';
+import { StorageService, StorageServiceOptions } from 'jslib-common/abstractions/storage.service';

 export class ElectronRendererSecureStorageService implements StorageService {
-    async get<T>(key: string): Promise<T> {
+    async get<T>(key: string, options?: StorageServiceOptions): Promise<T> {
        const val = ipcRenderer.sendSync('keytar', {
            action: 'getPassword',
            key: key,
+            keySuffix: options?.keySuffix ?? '',
        });
        return Promise.resolve(val != null ? JSON.parse(val) as T : null);
    }

-    async save(key: string, obj: any): Promise<any> {
+    async has(key: string, options?: StorageServiceOptions): Promise<boolean> {
+        const val = ipcRenderer.sendSync('keytar', {
+            action: 'hasPassword',
+            key: key,
+            keySuffix: options?.keySuffix ?? '',
+        });
+        return Promise.resolve(!!val);
+    }
+
+    async save(key: string, obj: any, options?: StorageServiceOptions): Promise<any> {
        ipcRenderer.sendSync('keytar', {
            action: 'setPassword',
            key: key,
+            keySuffix: options?.keySuffix ?? '',
            value: JSON.stringify(obj),
        });
        return Promise.resolve();
    }

-    async remove(key: string): Promise<any> {
+    async remove(key: string, options?: StorageServiceOptions): Promise<any> {
        ipcRenderer.sendSync('keytar', {
            action: 'deletePassword',
            key: key,
+            keySuffix: options?.keySuffix ?? '',
        });
        return Promise.resolve();
    }