Avoid storing the password in the configuration

The password (or any other secret), is now cached in the client process (in-memory only), and delivered to the resource via command. The resource avoids doing any operations against the source until the secret is available.
author: Christian Mollekopf <chrigi_1@fastmail.fm> 2017-09-18 11:40:41 +0200
committer: Christian Mollekopf <chrigi_1@fastmail.fm> 2017-09-18 11:40:45 +0200
commit: a7e7f7fdd2a9d38921476d57f305c9cd4459a556 (patch)
tree: d9ad3bdc3e275004a54f508025f0d52227ab18cb /common/resourceaccess.cpp
parent: ea2e02ad656640c17d520b5a22c168c3c1faef56 (diff)
download: sink-a7e7f7fdd2a9d38921476d57f305c9cd4459a556.tar.gz
sink-a7e7f7fdd2a9d38921476d57f305c9cd4459a556.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/common/resourceaccess.cpp b/common/resourceaccess.cpp
index 35fa46c..5ed3609 100644
--- a/common/resourceaccess.cpp
+++ b/common/resourceaccess.cpp
@@ -32,9 +32,11 @@
 #include "common/revisionreplayed_generated.h"
 #include "common/inspection_generated.h"
 #include "common/flush_generated.h"
+#include "common/secret_generated.h"
 #include "common/entitybuffer.h"
 #include "common/bufferutils.h"
 #include "common/test.h"
+#include "common/secretstore.h"
 #include "log.h"
 #include <QCoreApplication>
@@ -234,6 +236,12 @@ ResourceAccess::ResourceAccess(const QByteArray &resourceInstanceIdentifier, con
 {
    mResourceStatus = Sink::ApplicationDomain::NoStatus;
    SinkTrace() << "Starting access";
+    QObject::connect(&SecretStore::instance(), &SecretStore::secretAvailable, this, [this] (const QByteArray &resourceId) {
+        if (resourceId == d->resourceInstanceIdentifier) {
+            sendSecret(SecretStore::instance().resourceSecret(d->resourceInstanceIdentifier)).exec();
+        }
+    });
 }
 ResourceAccess::~ResourceAccess()
@@ -387,6 +395,15 @@ KAsync::Job<void> ResourceAccess::sendFlushCommand(int flushType, const QByteArr
    return sendCommand(Sink::Commands::FlushCommand, fbb);
 }
+KAsync::Job<void> ResourceAccess::sendSecret(const QString &secret)
+{
+    flatbuffers::FlatBufferBuilder fbb;
+    auto s = fbb.CreateString(secret.toStdString());
+    auto location = Sink::Commands::CreateSecret(fbb, s);
+    Sink::Commands::FinishSecretBuffer(fbb, location);
+    return sendCommand(Sink::Commands::SecretCommand, fbb);
+}
 void ResourceAccess::open()
 {
    if (d->socket && d->socket->isValid()) {
@@ -483,6 +500,11 @@ void ResourceAccess::connected()
        Commands::write(d->socket.data(), ++d->messageId, Commands::HandshakeCommand, fbb);
    }
+    auto secret = SecretStore::instance().resourceSecret(d->resourceInstanceIdentifier);
+    if (!secret.isEmpty()) {
+        sendSecret(secret).exec();
+    }
    // Reenqueue pending commands, we failed to send them
    processPendingCommandQueue();
    // Send queued commands
author	Christian Mollekopf <chrigi_1@fastmail.fm>	2017-09-18 11:40:41 +0200
committer	Christian Mollekopf <chrigi_1@fastmail.fm>	2017-09-18 11:40:45 +0200
commit	a7e7f7fdd2a9d38921476d57f305c9cd4459a556 (patch)
tree	d9ad3bdc3e275004a54f508025f0d52227ab18cb /common/resourceaccess.cpp
parent	ea2e02ad656640c17d520b5a22c168c3c1faef56 (diff)
download	sink-a7e7f7fdd2a9d38921476d57f305c9cd4459a556.tar.gz sink-a7e7f7fdd2a9d38921476d57f305c9cd4459a556.zip