Clear KeePassGO master password after use

This commit is contained in:
Joe Julian
2026-03-29 15:38:30 -07:00
parent 761fae9b9b
commit 37b83e654a
2 changed files with 46 additions and 0 deletions
+10
View File
@@ -428,6 +428,7 @@ func (u *ui) setMasterKeyMode(vault.MasterKeyMode) {}
func (u *ui) createVaultAction() error {
key, err := u.currentMasterKey()
defer u.clearMasterPassword()
if err != nil {
return err
}
@@ -449,6 +450,7 @@ func (u *ui) createVaultAction() error {
func (u *ui) openVaultAction() error {
key, err := u.currentMasterKey()
defer u.clearMasterPassword()
if err != nil {
return err
}
@@ -488,6 +490,7 @@ func (u *ui) saveAsAction() error {
func (u *ui) openRemoteAction() error {
key, err := u.currentMasterKey()
defer u.clearMasterPassword()
if err != nil {
return err
}
@@ -506,6 +509,7 @@ func (u *ui) openRemoteAction() error {
}
func (u *ui) lockAction() error {
u.clearMasterPassword()
if err := u.state.Lock(); err != nil {
return err
}
@@ -518,6 +522,7 @@ func (u *ui) lockAction() error {
func (u *ui) unlockAction() error {
key, err := u.currentMasterKey()
defer u.clearMasterPassword()
if err != nil {
return err
}
@@ -532,12 +537,17 @@ func (u *ui) unlockAction() error {
func (u *ui) changeMasterKeyAction() error {
key, err := u.currentMasterKey()
defer u.clearMasterPassword()
if err != nil {
return err
}
return u.state.ChangeMasterKey(key)
}
func (u *ui) clearMasterPassword() {
u.masterPassword.SetText("")
}
func (u *ui) synchronizeAction() error {
if err := u.state.Synchronize(); err != nil {
return err
+36
View File
@@ -196,6 +196,9 @@ func TestUILifecycleActionsCreateSaveOpenLockAndUnlockLocalVault(t *testing.T) {
if err := u.createVaultAction(); err != nil {
t.Fatalf("createVaultAction() error = %v", err)
}
if got := u.masterPassword.Text(); got != "" {
t.Fatalf("masterPassword after create = %q, want empty", got)
}
if err := u.state.UpsertEntry(vault.Entry{
ID: "vault-console",
Title: "Vault Console",
@@ -222,6 +225,7 @@ func TestUILifecycleActionsCreateSaveOpenLockAndUnlockLocalVault(t *testing.T) {
t.Fatalf("filteredTitles() = %v, want empty while locked", got)
}
u.masterPassword.SetText("correct horse battery staple")
if err := u.unlockAction(); err != nil {
t.Fatalf("unlockAction() error = %v", err)
}
@@ -236,6 +240,9 @@ func TestUILifecycleActionsCreateSaveOpenLockAndUnlockLocalVault(t *testing.T) {
if err := reopened.openVaultAction(); err != nil {
t.Fatalf("openVaultAction() error = %v", err)
}
if got := reopened.masterPassword.Text(); got != "" {
t.Fatalf("masterPassword after open = %q, want empty", got)
}
reopened.state.NavigateToPath([]string{"Root", "Internet"})
reopened.filter()
if got := reopened.filteredTitles(); !slices.Equal(got, []string{"Vault Console"}) {
@@ -243,6 +250,32 @@ func TestUILifecycleActionsCreateSaveOpenLockAndUnlockLocalVault(t *testing.T) {
}
}
func TestUILockAndUnlockClearMasterPasswordField(t *testing.T) {
t.Parallel()
u := newUIWithSession("desktop", &session.Manager{})
u.masterPassword.SetText("correct horse battery staple")
if err := u.createVaultAction(); err != nil {
t.Fatalf("createVaultAction() error = %v", err)
}
u.masterPassword.SetText("should-be-cleared")
if err := u.lockAction(); err != nil {
t.Fatalf("lockAction() error = %v", err)
}
if got := u.masterPassword.Text(); got != "" {
t.Fatalf("masterPassword after lock = %q, want empty", got)
}
u.masterPassword.SetText("correct horse battery staple")
if err := u.unlockAction(); err != nil {
t.Fatalf("unlockAction() error = %v", err)
}
if got := u.masterPassword.Text(); got != "" {
t.Fatalf("masterPassword after unlock = %q, want empty", got)
}
}
func TestUIMasterKeyModesCreateOpenAndUnlockLocalVault(t *testing.T) {
t.Parallel()
@@ -311,6 +344,8 @@ func TestUIMasterKeyModesCreateOpenAndUnlockLocalVault(t *testing.T) {
if err := u.lockAction(); err != nil {
t.Fatalf("lockAction() error = %v", err)
}
u.masterPassword.SetText(tt.password)
u.keyFilePath.SetText(keyFile)
if err := u.unlockAction(); err != nil {
t.Fatalf("unlockAction() error = %v", err)
}
@@ -2060,6 +2095,7 @@ func TestUILocalLifecycleActionsUpdateVisibleStatusMessages(t *testing.T) {
t.Fatalf("error after lock = %q, want empty", got)
}
u.masterPassword.SetText("correct horse battery staple")
u.runAction("unlock vault", u.unlockAction)
if got := u.state.StatusMessage; got != "unlock vault complete" {
t.Fatalf("status after unlock = %q, want %q", got, "unlock vault complete")