implements authentication/token retrieval/keyring

2025-05-03 01:06:50 -07:00
parent 461c37bd20
commit 26d54f91d5
11 changed files with 234 additions and 99 deletions
--- a/kordophoned/src/daemon/auth_store.rs
+++ b/kordophoned/src/daemon/auth_store.rs
@@ -2,6 +2,7 @@ use crate::daemon::SettingsKey;

 use std::sync::Arc;
 use tokio::sync::Mutex;
+use keyring::{Entry, Result};

 use kordophone::api::{AuthenticationStore, http_client::Credentials};
 use kordophone::model::JwtToken;
@@ -22,6 +23,8 @@ impl DatabaseAuthenticationStore {
 #[async_trait]
 impl AuthenticationStore for DatabaseAuthenticationStore {
    async fn get_credentials(&mut self) -> Option<Credentials> {
+        use keyring::secret_service::SsCredential;
+
        self.database.lock().await.with_settings(|settings| {
            let username: Option<String> = settings.get::<String>(SettingsKey::USERNAME)
                .unwrap_or_else(|e| {
@@ -29,31 +32,39 @@ impl AuthenticationStore for DatabaseAuthenticationStore {
                    None
                });

-            // TODO: This would be the point where we map from credential item to password.
-            let password: String = settings.get::<String>(SettingsKey::CREDENTIAL_ITEM)
-                .unwrap_or_else(|e| {
-                    log::warn!("error getting password from database: {}", e);
-                    None
-                })
-                .unwrap_or_else(|| {
-                    log::warn!("warning: no password in database, [DEBUG] using default password");
-                    "test".to_string()
-                });
+            match username {
+                Some(username) => {
+                    let credential = SsCredential::new_with_target(None, "net.buzzert.kordophonecd", &username).unwrap();

-            if username.is_none() {
-                log::warn!("Username not present in database");
-            }
+                    let password: Result<String> = Entry::new_with_credential(Box::new(credential))
+                        .get_password();

-            match (username, password) {
-                (Some(username), password) => Some(Credentials { username, password }),
-                _ => None,
+                    log::debug!("password: {:?}", password);
+
+                    match password {
+                        Ok(password) => Some(Credentials { username, password }),
+                        Err(e) => {
+                            log::error!("error getting password from keyring: {}", e);
+                            None
+                        }
+                    }
+                }
+                None => None,
            }
        }).await
    }

    async fn get_token(&mut self) -> Option<JwtToken> {
        self.database.lock().await
-            .with_settings(|settings| settings.get::<JwtToken>(SettingsKey::TOKEN).unwrap_or_default()).await
+            .with_settings(|settings| {
+                match settings.get::<JwtToken>(SettingsKey::TOKEN) {
+                    Ok(token) => token,
+                    Err(e) => {
+                        log::warn!("Failed to get token from settings: {}", e);
+                        None
+                    }
+                }
+            }).await
    }

    async fn set_token(&mut self, token: JwtToken) {