Add configurable vault security settings
This commit is contained in:
@@ -32,6 +32,19 @@ type Manager struct {
|
||||
remoteVersion webdav.Version
|
||||
}
|
||||
|
||||
func (m *Manager) SecuritySettings() vault.SecuritySettings {
|
||||
return vault.DetectSecuritySettings(m.config)
|
||||
}
|
||||
|
||||
func (m *Manager) ConfigureSecurity(settings vault.SecuritySettings) error {
|
||||
config, err := vault.ApplySecuritySettings(configOrCurrent(m.config, nil), settings)
|
||||
if err != nil {
|
||||
return fmt.Errorf("configure security settings: %w", err)
|
||||
}
|
||||
m.config = config
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *Manager) Create(model vault.Model, key vault.MasterKey) error {
|
||||
root := detectSingleVaultRoot(model)
|
||||
model = normalizeUnderRoot(model, root)
|
||||
|
||||
@@ -741,6 +741,35 @@ func TestRemoteSaveAndReopenPreservesCrossFeatureState(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestConfigureSecurityAppliesToCreatedVaultAndPersists(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sess Manager
|
||||
if err := sess.ConfigureSecurity(vault.SecuritySettings{
|
||||
Cipher: vault.CipherAES256,
|
||||
KDF: vault.KDFAES,
|
||||
}); err != nil {
|
||||
t.Fatalf("ConfigureSecurity() error = %v", err)
|
||||
}
|
||||
if err := sess.Create(vault.Model{}, vault.MasterKey{Password: "correct horse battery staple"}); err != nil {
|
||||
t.Fatalf("Create() error = %v", err)
|
||||
}
|
||||
|
||||
path := filepath.Join(t.TempDir(), "secure.kdbx")
|
||||
if err := sess.SaveAs(path); err != nil {
|
||||
t.Fatalf("SaveAs() error = %v", err)
|
||||
}
|
||||
|
||||
var reopened Manager
|
||||
if err := reopened.Open(path, vault.MasterKey{Password: "correct horse battery staple"}); err != nil {
|
||||
t.Fatalf("Open() error = %v", err)
|
||||
}
|
||||
got := reopened.SecuritySettings()
|
||||
if got.Cipher != vault.CipherAES256 || got.KDF != vault.KDFAES {
|
||||
t.Fatalf("SecuritySettings() = %#v, want aes256/aes-kdf", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSynchronizeRemotePreservesOverwrittenRemoteVariantInHistory(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user