Skip to content
This repository was archived by the owner on Feb 24, 2025. It is now read-only.

Use unencrypted password for deduplicated Credentials objects #1554

Merged
ayoy merged 3 commits into from
Aug 28, 2023
Merged

Use unencrypted password for deduplicated Credentials objects #1554

ayoy merged 3 commits into from
Aug 28, 2023

Conversation

@ayoy
Copy link
Collaborator

@ayoy ayoy commented Aug 28, 2023
edited
Loading

Task/Issue URL: https://app.asana.com/0/1199230911884351/1205352938100234/f

Description:
Credentials deduplication code looks for an existing credentials entity in the Secure Vault,
then returns it to Sync code where its title is updated, and then the credentials entity is passed
back to Secure Vault to be stored. The storing function expects unencrypted password
(such as when passed from the UI) and does encryption before storing.

The issue here was that we were passing an already encrypted password (just retrieved
from Secure Vault) in which case the encryption function failed to encrypt the value, returning nil.

This patch fixes the problem on the Sync Data Provider end (to feed an unencrypted password
to Secure Vault for saving) and also adds an assertion failure to AutofillSecureVault when an encrypted
password is passed to encryptPassword method.

Steps to test this PR:

  1. Check out 1.51.1 tag (Bookmarks-only Sync) from macOS browser repository.
  2. Clean debug and debug-appstore apps data: ./clean-app.sh debug && ./clean-app.sh debug-appstore.
  3. Run the DMG app from Xcode (DuckDuckGo Privacy Browser scheme) and add a login (you can also import some logins). Set a non-empty value as password.
  4. Run the App Store App from Xcode (DuckDuckGo Privacy Browser App Store scheme) and add the same exact login(s).
  5. Enable Sync on the DMG app
  6. Enable Sync on the App Store app by connecting to DMG app's account
  7. Check out this branch (still in the macOS repository)
  8. Run the DMG app – credentials will be synced
  9. Run the App Store app – credentials will be synced and all credentials in the App Store app should have passwords.
Internal references:

Pull Request Review Checklist
Software Engineering Expectations
Technical Design Template
Pull Request Documentation

@ayoy ayoy self-assigned this Aug 28, 2023
@ayoy ayoy mentioned this pull request Aug 28, 2023
Merged
@ayoy ayoy marked this pull request as ready for review August 28, 2023 11:54
@ayoy ayoy force-pushed the dominik/credentials-deduplication-fix branch from 9188da8 to 5754ed3 Compare August 28, 2023 11:59
@graeme graeme self-requested a review August 28, 2023 12:40
@ayoy ayoy merged commit 58be0f9 into develop Aug 28, 2023
@ayoy ayoy deleted the dominik/credentials-deduplication-fix branch August 28, 2023 13:42
samsymons added a commit that referenced this pull request Aug 30, 2023
@samsymons
Merge branch 'develop' into sam/netp-waitlist
4a67321 
# By Diego Rey Mendez (4) and others
# Via Diego Rey Mendez
* develop:
  Fixes the BSK version manually #3
  Fixes the BSK version manually #2
  Fixes the BSK version manually
  Fix auth token issues (#1563)
  Bye Catalina (#1501)
  exempt apps.facebook.com & standard.co.uk for CTL (#1505)
  Update Gemfile to use fastlane fork (#1537)
  PopUp window positioning (#1551)
  Fix AdClickAttribution Mock causing test failures (#1538)
  Bump version to 1.54.0 (55)
  Update embedded files
  Show privacy dashboard for duckduckgo serp (#1521)
  Use unencrypted password for deduplicated Credentials objects (#1554)
  DBP: Add missing selector properties to CCF (#1555)

# Conflicts:
#	DuckDuckGo.xcodeproj/project.pbxproj
#	DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@graeme graeme graeme approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ayoy ayoy

Labels

includes BSK changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ayoy @graeme