distinguish between cached and uncached creds
p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
This commit is contained in:
Joey Hess
parent
736ecbe4b8
commit
e89bb4361b
4 changed files with 28 additions and 28 deletions
10
P2P/Auth.hs
10
P2P/Auth.hs
|
|
@ -25,7 +25,7 @@ loadP2PAuthTokens' = mapMaybe toAuthToken
|
|||
. map T.pack
|
||||
. lines
|
||||
. fromMaybe []
|
||||
<$> readCacheCreds p2pAuthCredsFile
|
||||
<$> readCreds p2pAuthCredsFile
|
||||
|
||||
-- | Stores an AuthToken, making it be accepted by this repository.
|
||||
storeP2PAuthToken :: AuthToken -> Annex ()
|
||||
|
|
@ -33,7 +33,7 @@ storeP2PAuthToken t = do
|
|||
ts <- loadP2PAuthTokens'
|
||||
unless (t `elem` ts) $ do
|
||||
let d = unlines $ map (T.unpack . fromAuthToken) (t:ts)
|
||||
writeCacheCreds d p2pAuthCredsFile
|
||||
writeCreds d p2pAuthCredsFile
|
||||
|
||||
p2pAuthCredsFile :: FilePath
|
||||
p2pAuthCredsFile = "p2pauth"
|
||||
|
|
@ -45,7 +45,7 @@ p2pAuthCredsFile = "p2pauth"
|
|||
loadP2PRemoteAuthToken :: P2PAddress -> Annex (Maybe AuthToken)
|
||||
loadP2PRemoteAuthToken addr = maybe Nothing mk <$> getM id
|
||||
[ liftIO $ getEnv "GIT_ANNEX_P2P_AUTHTOKEN"
|
||||
, readCacheCreds (addressCredsFile addr)
|
||||
, readCreds (addressCredsFile addr)
|
||||
]
|
||||
where
|
||||
mk = toAuthToken . T.pack . takeWhile (/= '\n')
|
||||
|
|
@ -53,9 +53,9 @@ loadP2PRemoteAuthToken addr = maybe Nothing mk <$> getM id
|
|||
p2pAuthTokenEnv :: String
|
||||
p2pAuthTokenEnv = "GIT_ANNEX_P2P_AUTHTOKEN"
|
||||
|
||||
-- | Stores the AuthToken o use when connecting with a given P2P address.
|
||||
-- | Stores the AuthToken to use when connecting with a given P2P address.
|
||||
storeP2PRemoteAuthToken :: P2PAddress -> AuthToken -> Annex ()
|
||||
storeP2PRemoteAuthToken addr t = writeCacheCreds
|
||||
storeP2PRemoteAuthToken addr t = writeCreds
|
||||
(T.unpack $ fromAuthToken t)
|
||||
(addressCredsFile addr)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue