Move all password handling to EncryptedJournal

This commit should greatly simplify all password handling logic. No passwords are stored in the config dict anymore. Only the Encrypted Journals have any password related logic. I also had to remove some password fields from the test files, which shows how dangerous the previous approach was. A slight code change could've leaked passwords to the config file. However, I had to change the install progress a little bit to make this work. It will now not ask you for a password right away but rather if you want to encrypt or not. Only if you reply 'y' will it ask you for the password later on.
This commit is contained in:
Peter Schmidbauer 2019-11-02 02:06:05 +01:00
parent c8d59727eb
commit 9664924096
15 changed files with 79 additions and 97 deletions

View file

@ -6,7 +6,8 @@
license: MIT, see LICENSE for more details.
"""
from . import Journal
from .Journal import PlainJournal, open_journal
from .EncryptedJournal import EncryptedJournal
from . import util
from . import install
from . import plugins
@ -77,28 +78,19 @@ def guess_mode(args, config):
def encrypt(journal, filename=None):
""" Encrypt into new file. If filename is not set, we encrypt the journal file itself. """
from . import EncryptedJournal
journal.config['password'] = util.create_password()
journal.config['encrypt'] = True
new_journal = EncryptedJournal.EncryptedJournal(None, **journal.config)
new_journal.entries = journal.entries
new_journal = EncryptedJournal.from_journal(journal)
new_journal.write(filename)
if util.yesno("Do you want to store the password in your keychain?", default=True):
util.set_keychain(journal.name, journal.config['password'])
print("Journal encrypted to {}.".format(filename or new_journal.config['journal']), file=sys.stderr)
def decrypt(journal, filename=None):
""" Decrypts into new file. If filename is not set, we encrypt the journal file itself. """
journal.config['encrypt'] = False
journal.config['password'] = ""
new_journal = Journal.PlainJournal(filename, **journal.config)
new_journal.entries = journal.entries
new_journal = PlainJournal.from_journal(journal)
new_journal.write(filename)
print("Journal decrypted to {}.".format(filename or new_journal.config['journal']), file=sys.stderr)
@ -156,11 +148,12 @@ def run(manual_args=None):
# If the first textual argument points to a journal file,
# use this!
journal_name = args.text[0] if (args.text and args.text[0] in config['journals']) else 'default'
if journal_name != 'default':
journal_name = install.DEFAULT_JOURNAL_KEY
if args.text and args.text[0] in config['journals']:
journal_name = args.text[0]
args.text = args.text[1:]
elif "default" not in config['journals']:
elif install.DEFAULT_JOURNAL_KEY not in config['journals']:
print("No default journal configured.", file=sys.stderr)
print(list_journals(config), file=sys.stderr)
sys.exit(1)
@ -211,7 +204,7 @@ def run(manual_args=None):
# This is where we finally open the journal!
try:
journal = Journal.open_journal(journal_name, config)
journal = open_journal(journal_name, config)
except KeyboardInterrupt:
print(f"[Interrupted while opening journal]", file=sys.stderr)
sys.exit(1)