Skip to content
This repository was archived by the owner on Feb 24, 2025. It is now read-only.

Use unencrypted password for deduplicated Credentials objects #480

Merged
ayoy merged 1 commit into from
Aug 28, 2023
Merged

Use unencrypted password for deduplicated Credentials objects #480

ayoy merged 1 commit into from
Aug 28, 2023
+7 −1

Conversation

@ayoy
Copy link
Contributor

@ayoy ayoy commented Aug 28, 2023
edited
Loading

Please review the release process for BrowserServicesKit here.

Required:

Task/Issue URL: https://app.asana.com/0/1199230911884351/1205352938100234/f
iOS PR: duckduckgo/iOS#1959
macOS PR: duckduckgo/macos-browser#1554
What kind of version bump will this require?: Patch

Description:
Credentials deduplication code looks for an existing credentials entity in the Secure Vault,
then returns it to Sync code where its title is updated, and then the credentials entity is passed
back to Secure Vault to be stored. The storing function expects unencrypted password
(such as when passed from the UI) and does encryption before storing.

The issue here was that we were passing an already encrypted password (just retrieved
from Secure Vault) in which case the encryption function failed to encrypt the value, returning nil.

This patch fixes the problem on the Sync Data Provider end (to feed an unencrypted password
to Secure Vault for saving) and also adds an assertion failure to AutofillSecureVault when an encrypted
password is passed to encryptPassword method.

Steps to test this PR:
Refer to macOS PR for testing steps.

Internal references:

Software Engineering Expectations
Technical Design Template

@ayoy ayoy self-assigned this Aug 28, 2023
@ayoy ayoy marked this pull request as ready for review August 28, 2023 11:56
@ayoy ayoy force-pushed the dominik/credentials-deduplication-fix branch from 0d40b81 to 2f3e29c Compare August 28, 2023 11:58
graeme
graeme approved these changes Aug 28, 2023
View reviewed changes
Copy link
Contributor

@graeme graeme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and code looks good 👍

@ayoy ayoy merged commit 61947c2 into main Aug 28, 2023
@ayoy ayoy deleted the dominik/credentials-deduplication-fix branch August 28, 2023 13:24
samsymons added a commit that referenced this pull request Aug 30, 2023
@samsymons
Merge branch 'main' into sam/netp-waitlist
a5f7cd1 
* main:
  Fix auth token issues (#484)
  Enable nightly CodeQL scans (#481)
  add assertions to AdClickAttributionLogic, improve debug checks (#476)
  Set unencrypted password for deduplicated Credentials object (#480)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@graeme graeme graeme approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ayoy ayoy

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ayoy @graeme