-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Credentials should be stored in EncryptedSharedPreferences
#95
Comments
Note the warning on the docs:
This means that we should provide an option to authorize back again after a device factory reset, or backup restore. Should be taken into account with #4. Also implementation "androidx.security:security-crypto:1.0.0" |
When we have the database, I'd just store everything (including credentials) in the private DB. EncryptedSharedPreferences says that it doesn't work across system backup/restore on different devices, but this is a use case that is planned (#4). Unfortunately we have to store the credentials in clear text for Basic authentication. |
Then we should store the accounts in Room instead of shared preferences for #76. This means creating a new table, and getting rid of |
Sounds reasonable :) |
The migration and tests for this have been added to #92 😄 |
* Note Signed-off-by: Arnau Mora <arnyminerz@proton.me> * Migrate to Kotlin DSL (#19) Signed-off-by: Arnau Mora <arnyminerz@proton.me> * Upgrade all dependencies (#22) * Upgrade to Android 14 (#21) Signed-off-by: Arnau Mora <arnyminerz@proton.me> * Rewrite CredentialsFragment to compose (#26) * Update import (#27) * Update README.md * Fix NPE on adding subscription (#33) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Arnau Mora <arnyminerz@proton.me> * Make CredentialsFragment into a composable (#35) * Using regular ubuntu image Signed-off-by: Arnau Mora <arnyminerz@proton.me> * Migrate SubscriptionSettingsFragment to compose (#29) * Migrate `AddCalendarValidationFragment` to Jetpack Compose (#31) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Migrate `AddCalendarEnterUrlFragment` to Jetpack Compose (#38) Signed-off-by: Arnau Mora <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Migrate AddCalendarDetailsFragment to compose (#40) * Upgrade AGP to 8.2.1 (#42) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Upgrade Kotlin, KSP, Compose and others (#43) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Migrate `AddCalendarActivity` to Jetpack Compose (#45) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Added missing line break (#52) * Remove unused view and layout (#54) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Added Dependabot (#51) * Bump github/codeql-action from 2 to 3 (#62) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3 to 4 (#61) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-java from 3 to 4 (#58) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump joda-time:joda-time from 2.12.5 to 2.12.6 (#56) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump androidx.work:work-testing from 2.8.1 to 2.9.0 (#60) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Using BOM for OkHttp and downgrade to stable (#64) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Migrate EditCalendarActivity to jetpack compose (#46) * Bump actions/cache from 3 to 4 (#65) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump com.android.tools.build:gradle from 8.2.1 to 8.2.2 (#66) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump androidx.compose.runtime:runtime-livedata from 1.5.4 to 1.6.0 (#78) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump androidx.compose:compose-bom from 2023.10.01 to 2024.01.00 (#79) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump com.google.accompanist:accompanist-themeadapter-material from 0.32.0 to 0.34.0 (#80) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnau Mora <arnyminerz@proton.me> * Bump gradle/gradle-build-action from 2 to 3 (#82) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnau Mora <arnyminerz@proton.me> * Fix: Can't add subscription after going back once (#83) * Update ical4android and cert4android (#73) Signed-off-by: Arnau Mora <arnyminerz@proton.me> * Cleanup of Dialogs (#67) Signed-off-by: Arnau Mora <arnyminerz@proton.me> Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Bump actions/upload-artifact from 2 to 4 (#63) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnau Mora <arnyminerz@proton.me> * Migrate `DonateDialogFragment` to Jetpack Compose (#75) Signed-off-by: Arnau Mora <arnyminerz@proton.me> Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Final layout cleanup (#68) Signed-off-by: Arnau Mora <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Ensured toast error is never null (#91) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Crash when going back into `CalendarListActivity` (standard flavour) (#90) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Migrate ColorPickerActivity to Jetpack Compose (closes #53, #87) (#94) * Bump androidx.compose:compose-bom from 2024.01.00 to 2024.02.00 (#96) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump androidx.compose.runtime:runtime-livedata from 1.6.0 to 1.6.1 (#95) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump joda-time:joda-time from 2.12.6 to 2.12.7 (#93) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Edit Subscription: requires-auth toggle and credential fields trigger save-dismiss mechanism (#92) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Arnau Mora Gras <arnyminerz@proton.me> * Removed package definition from manifest (#101) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Bump com.maxkeppeler.sheets-compose-dialogs:core from 1.2.1 to 1.3.0 (#103) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use compose theming engine, (drop compatibility MdcTheming etc) (#48) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Signed-off-by: Arnau Mora <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Migrated to Gradle Version Catalog (#99) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> * Check if we can reuse more composables and improve project structure (#106) * Bump aboutLibs from 10.7.0 to 10.10.0 (#108) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump org.jetbrains.kotlinx:kotlinx-coroutines-android from 1.7.3 to 1.8.0 (#110) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Migrate to Material 3 (#109) * Bump compose-ui from 1.6.1 to 1.6.2 (#111) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump androidx.compose.material:material-icons-extended from 1.6.1 to 1.6.2 (#112) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump androidx.compose.runtime:runtime-livedata from 1.6.1 to 1.6.2 (#113) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnau Mora <arnyminerz@proton.me> * Quickfix for pull to refresh (#114) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> * Fix warnings (#115) Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> --------- Signed-off-by: Arnau Mora <arnyminerz@proton.me> Signed-off-by: Arnau Mora Gras <arnyminerz@proton.me> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Sunik Kupfer <kupfer@bitfire.at> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Right now, credentials are being stored inside regular
SharedPreferences
inCalendarCredentials
:icsx5/app/src/main/java/at/bitfire/icsdroid/db/CalendarCredentials.kt
Lines 17 to 19 in 0b1443d
EncryptedSharedPreferences
shall be used.The change is quite simple, they provide a good example:
The text was updated successfully, but these errors were encountered: