From d7796bb69617e7aa5bd06ef616afe9090d8c919b Mon Sep 17 00:00:00 2001
From: Ezequiel Raynaudo <raynaudo.ee@gmail.com>
Date: Sat, 30 Jul 2022 12:41:59 -0300
Subject: [PATCH 1/4] Update gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 8000dd9..1174595 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .vagrant
+.idea

From 470b70e21cc405967a112b6d7fc751d3e16cfca0 Mon Sep 17 00:00:00 2001
From: Ezequiel Raynaudo <raynaudo.ee@gmail.com>
Date: Sat, 30 Jul 2022 12:49:10 -0300
Subject: [PATCH 2/4] Add ErrAccessDenied error

---
 keyring.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/keyring.go b/keyring.go
index 12161b7..d98ae1d 100644
--- a/keyring.go
+++ b/keyring.go
@@ -122,6 +122,9 @@ var ErrMetadataNeedsCredentials = errors.New("The keyring backend requires crede
 // ErrMetadataNotSupported is returned when Metadata is not available for the backend.
 var ErrMetadataNotSupported = errors.New("The keyring backend does not support metadata access")
 
+// ErrAccessDenied is returned by Keyring Get when access to Keychain is denied by the user
+var ErrAccessDenied = errors.New("Keyring backend access denied by user")
+
 var (
 	// Debug specifies whether to print debugging output.
 	Debug bool

From 5afd9e684993b4efa32ae22faa7dbacd47c261c3 Mon Sep 17 00:00:00 2001
From: Ezequiel Raynaudo <raynaudo.ee@gmail.com>
Date: Sat, 30 Jul 2022 12:50:28 -0300
Subject: [PATCH 3/4] Add error description on errSecUserCanceled

---
 keychain.go | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/keychain.go b/keychain.go
index 8850922..d31f8f4 100644
--- a/keychain.go
+++ b/keychain.go
@@ -3,6 +3,13 @@
 
 package keyring
 
+/*
+#cgo LDFLAGS: -framework CoreFoundation -framework Security
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/Security.h>
+*/
+import "C"
 import (
 	"errors"
 	"fmt"
@@ -10,6 +17,12 @@ import (
 	gokeychain "github.com/99designs/go-keychain"
 )
 
+// Extended error list that gokeychain doesn't catch
+var (
+	// ErrorUserCanceled corresponds to errSecUserCanceled result code
+	ErrorUserCanceled = gokeychain.Error(C.errSecUserCanceled)
+)
+
 type keychain struct {
 	path    string
 	service string
@@ -58,14 +71,23 @@ func (k *keychain) Get(key string) (Item, error) {
 
 	debugf("Querying keychain for service=%q, account=%q, keychain=%q", k.service, key, k.path)
 	results, err := gokeychain.QueryItem(query)
-	if err == gokeychain.ErrorItemNotFound || len(results) == 0 {
-		debugf("No results found")
-		return Item{}, ErrKeyNotFound
+	if err != nil {
+		switch err {
+		case ErrorUserCanceled:
+			debugf("Keychain access denied")
+			return Item{}, ErrAccessDenied
+		case gokeychain.ErrorItemNotFound:
+			debugf("Item not found in the keyring")
+			return Item{}, ErrKeyNotFound
+		default:
+			debugf("Error: %#v", err)
+			return Item{}, err
+		}
 	}
 
-	if err != nil {
-		debugf("Error: %#v", err)
-		return Item{}, err
+	if len(results) == 0 {
+		debugf("No results found")
+		return Item{}, ErrKeyNotFound
 	}
 
 	item := Item{

From 7b4cb28ceb347e212b30f79156f7ec0e0de3d76e Mon Sep 17 00:00:00 2001
From: Ezequiel Raynaudo <raynaudo.ee@gmail.com>
Date: Sat, 30 Jul 2022 12:53:50 -0300
Subject: [PATCH 4/4] Run CI on pull requests

---
 .github/workflows/lint.yml | 2 +-
 .github/workflows/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index f8ee58a..4953cf5 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,5 +1,5 @@
 name: golangci-lint
-on: push
+on: pull_request
 jobs:
   golangci:
     strategy:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 1e81147..3339bf0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,5 +1,5 @@
 name: Continuous Integration
-on: push
+on: pull_request
 jobs:
   linux:
     runs-on: ubuntu-latest