-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CLI] Add a db-edit command #8400
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #8400 +/- ##
===========================================
+ Coverage 64.39% 64.43% +0.05%
===========================================
Files 339 340 +1
Lines 44007 44138 +131
===========================================
+ Hits 28334 28439 +105
- Misses 15673 15699 +26 ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
Should we add failsafes to prevent databases without any key?
For our use cases, no, but in theory, yes. It's also important to keep the correct order of different key types, since they are hashed sequentially. I would prefer this to remain a list.
Emit a deprecation warning, then we can break things in 2.9. |
Good call.
Ouch. How would you change the password if there might be many? 🤔
This can be enforced from within the
👍 |
I still don't think the overhead of a map compared to a small list is justified, especially not when you would have to return a list from keys() anyway. I think it makes things more complicated, not less. I'd rather implement a removeByType() convenience function. |
This is done.
This is done as well.
I'm still not sure I understand how this is currently implemented. Right now I'm pretty sure the This is still a work in progress, but feedback would be much appreciated. |
2ac89c1
to
3911b5d
Compare
I think this PR is close to being mergeable, so I'm taking it out of the draft state. I only added an There's still a chance that the order of the different key types changes during an update. For example, if there is only a key file and a password is added, the password will be added after the key file. Not sure if that's a problem though. I'm thinking about renaming the Database related commands to |
664d715
to
d54d0b4
Compare
Turns out that this was indeed a problem! Adding more tests confirmed that the key order is important, as @phoerious mentioned in a previous comment. The The last thing I would test before merging is that the challenge-response key will be preserved when editing the database with This PR is ready for review! |
3f29b55
to
8cb8f69
Compare
7290518
to
355a0ae
Compare
@droidmonkey I found a bug with the handling of challenge-response keys, which I fixed in the last commit. I tested locally and everything is working, the only concern I have left is that I get prompted 3 times to touch my yubikey. Once for unlocking, and twice for saving. Not sure why 2 times is necessary when editing the database 🤔 |
@droidmonkey please have a look at the last commit. It fixes the double yubikey interaction when saving, although I'm not 100% that it's ok to disable the key transformation in that case. I see that we call
So I guess the key transformation is going to happen anyway. |
5227f61
to
6cf9c7c
Compare
Did my own yubikey test and found that you could not |
@droidmonkey good catch! |
This PR adds the
db-edit
command.Changes in this PR include:
Create
command toDatabaseCreate
Info
command toDatabaseInfo
DatabaseEdit
(db-edit
) command with the following options:-p
--unset-password
--set-key-file
--unset-key-file
-k
option for setting the key file. Otherwise it would clash with the-k
option to specify the current key file when calling db-editThe challenge response key options will be addressed in another PR. Those include:
--set-yubikey
.--unset-yubikey
.Other editing options will also be covered in another PR. For example, we could set the name and description of the db, but we don't even do that in
db-create
, so it could be added to both at the same time.I also did not add the
--decryption-time
option that is available todb-create
. It would take a bit of refactoring to be able to reuse the code, and I feel like this PR is already big enough, so I'll defer that to another PR.Testing strategy
So far, unit tests and manual testing.
Type of change