From 8a260537e4ccf99c8a065353358455d5567be035 Mon Sep 17 00:00:00 2001 From: Todd Martin <106564991+trmartin4@users.noreply.github.com> Date: Thu, 2 Apr 2026 19:41:28 -0400 Subject: [PATCH] fix(secure-storage): [PM-33582] Remove obsolete secure storage code * Remove obsolete JSON value parsing. * Remove obsolete method. --- .../desktop_native/core/src/password/unix.rs | 31 ------------------- .../desktop-credential-storage-listener.ts | 27 ++-------------- 2 files changed, 3 insertions(+), 55 deletions(-) diff --git a/apps/desktop/desktop_native/core/src/password/unix.rs b/apps/desktop/desktop_native/core/src/password/unix.rs index 94ca98d20b8..c92a1fd2656 100644 --- a/apps/desktop/desktop_native/core/src/password/unix.rs +++ b/apps/desktop/desktop_native/core/src/password/unix.rs @@ -1,20 +1,12 @@ use std::collections::HashMap; use anyhow::{anyhow, Result}; -use oo7::dbus::{self}; use tracing::info; use crate::password::PASSWORD_NOT_FOUND; /// Retrieves a password from the Linux Secret Service keyring. pub async fn get_password(service: &str, account: &str) -> Result { - match get_password_new(service, account).await { - Ok(res) => Ok(res), - Err(_) => get_password_legacy(service, account).await, - } -} - -async fn get_password_new(service: &str, account: &str) -> Result { let keyring = oo7::Keyring::new().await?; let _ = try_prompt(&keyring).await; let attributes = HashMap::from([("service", service), ("account", account)]); @@ -29,29 +21,6 @@ async fn get_password_new(service: &str, account: &str) -> Result { } } -// forces to read via secret service; remvove after 2025.03 -async fn get_password_legacy(service: &str, account: &str) -> Result { - info!("falling back to get legacy {} {}", service, account); - let svc = dbus::Service::new().await?; - let collection = svc.default_collection().await?; - let keyring = oo7::Keyring::DBus(collection); - let _ = try_prompt(&keyring).await; - let attributes = HashMap::from([("service", service), ("account", account)]); - let results = keyring.search_items(&attributes).await?; - let res = results.first(); - match res { - Some(res) => { - let secret = res.secret().await?; - info!(service, account, "deleting legacy secret service entry",); - keyring.delete(&attributes).await?; - let secret_string = String::from_utf8(secret.to_vec())?; - set_password(service, account, &secret_string).await?; - Ok(secret_string) - } - None => Err(anyhow!(PASSWORD_NOT_FOUND)), - } -} - /// Stores a password in the Linux Secret Service keyring. pub async fn set_password(service: &str, account: &str, password: &str) -> Result<()> { let keyring = oo7::Keyring::new().await?; diff --git a/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts b/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts index ac049f0731b..89bd2ec6fd6 100644 --- a/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts +++ b/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts @@ -28,14 +28,14 @@ export class DesktopCredentialStorageListener { let val: string | boolean = null; if (message.action && message.key) { if (message.action === "getPassword") { - val = await this.getPassword(serviceName, message.key, message.keySuffix); + val = await passwords.getPassword(serviceName, message.key); } else if (message.action === "hasPassword") { const result = await passwords.getPassword(serviceName, message.key); val = result != null; } else if (message.action === "setPassword" && message.value) { - await this.setPassword(serviceName, message.key, message.value, message.keySuffix); + await passwords.setPassword(serviceName, message.key, message.value); } else if (message.action === "deletePassword") { - await this.deletePassword(serviceName, message.key, message.keySuffix); + await passwords.deletePassword(serviceName, message.key); } } return val; @@ -50,25 +50,4 @@ export class DesktopCredentialStorageListener { } }); } - - // Gracefully handle old keytar values, and if detected updated the entry to the proper format - private async getPassword(serviceName: string, key: string, keySuffix: string) { - const val = await passwords.getPassword(serviceName, key); - - try { - JSON.parse(val); - } catch (e) { - throw new Error("Password in bad format" + e + val); - } - - return val; - } - - private async setPassword(serviceName: string, key: string, value: string, keySuffix: string) { - await passwords.setPassword(serviceName, key, value); - } - - private async deletePassword(serviceName: string, key: string, keySuffix: string) { - await passwords.deletePassword(serviceName, key); - } }