sos-platform-authenticator 0.17.0

Platform authenticator and keyring suppport for the Save Our Secrets SDK.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

//! Interface to the platform keyring.

/// Service name used to store keyring passwords.
#[cfg(not(debug_assertions))]
pub const SERVICE_NAME: &str = "com.saveoursecrets.accounts.local";

/// Service name used to store keyring passwords.
#[cfg(debug_assertions)]
pub const SERVICE_NAME: &str = "com.saveoursecrets.accounts.local.debug";

/// Legacy service name used to store keyring passwords.
///
/// This was used for the account passwords stored
/// by the GUI app before sharing the platform keyring
/// between applications.
pub const LEGACY_SERVICE_NAME: &str = "com.saveoursecrets";

// MacOS implementation uses the security framework
// directly instead of the `keyring` crate.
#[cfg(target_os = "macos")]
mod macos {
    use super::SERVICE_NAME;
    use crate::{Error, Result};
    use secrecy::{ExposeSecret, SecretString};
    use security_framework::{
        passwords::{
            get_generic_password, set_generic_password,
            set_generic_password_options,
        },
        passwords_options::PasswordOptions,
    };

    const ERR_SEC_ITEM_NOT_FOUND: i32 = -25300;

    /// Find the password for an account.
    pub fn find_account_password(account_id: &str) -> Result<String> {
        match get_generic_password(SERVICE_NAME, account_id) {
            Ok(bytes) => Ok(std::str::from_utf8(&bytes)?.to_owned()),
            Err(e) => {
                let code = e.code();
                if code == ERR_SEC_ITEM_NOT_FOUND {
                    Err(Error::NoKeyringEntry)
                } else {
                    Err(e.into())
                }
            }
        }
    }

    /// Save the password for an account in the platform keyring.
    pub fn save_account_password(
        account_id: &str,
        password: SecretString,
    ) -> Result<()> {
        if let Some(access_group) = option_env!("SOS_ACCESS_GROUP") {
            let mut options = PasswordOptions::new_generic_password(
                SERVICE_NAME,
                account_id,
            );

            options.set_access_group(access_group);

            set_generic_password_options(
                password.expose_secret().as_bytes(),
                options,
            )?;
        } else {
            set_generic_password(
                SERVICE_NAME,
                account_id,
                password.expose_secret().as_bytes(),
            )?;
        }

        Ok(())
    }

    /// Whether platform keyring storage is supported.
    pub fn supported() -> bool {
        true
    }
}

// Other platforms use the `keyring` crate.
#[cfg(all(not(target_os = "macos"), not(target_os = "android")))]
mod platform_keyring {
    use super::SERVICE_NAME;
    use crate::{Error, Result};
    use keyring::{Entry, Error as KeyringError};
    use secrecy::{ExposeSecret, SecretString};

    /// Find the password for an account.
    pub fn find_account_password(account_id: &str) -> Result<String> {
        let entry = Entry::new(SERVICE_NAME, account_id)?;
        match entry.get_password() {
            Ok(password) => Ok(password),
            Err(e) => match e {
                KeyringError::NoEntry => Err(Error::NoKeyringEntry),
                _ => Err(e.into()),
            },
        }
    }

    /// Save the password for an account in the platform keyring.
    pub fn save_account_password(
        account_id: &str,
        password: SecretString,
    ) -> Result<()> {
        let entry = Entry::new(SERVICE_NAME, account_id)?;
        entry.set_password(password.expose_secret())?;
        Ok(())
    }

    /// Whether platform keyring storage is supported.
    pub fn supported() -> bool {
        true
    }
}

#[cfg(target_os = "macos")]
pub use macos::*;

#[cfg(all(not(target_os = "macos"), not(target_os = "android")))]
pub use platform_keyring::*;

// Android is not currently supported.
// SEE: https://github.com/hwchen/keyring-rs/issues/127
#[cfg(target_os = "android")]
mod unsupported {
    use crate::Result;

    /// Find the password for an account.
    pub fn find_account_password(account_id: &str) -> Result<String> {
        unimplemented!();
    }

    /// Whether platform keyring storage is supported.
    pub fn supported() -> bool {
        false
    }
}

#[cfg(target_os = "android")]
pub use unsupported::*;