feat(BRIDGE-116): add command-line switches to enable/disable keychain check on macOS.

2025-12-11 05:06:51 +00:00 · 2024-08-08 10:54:11 +02:00
parent 84c0b907d7
commit 3d53bf7477
13 changed files with 355 additions and 51 deletions
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -79,11 +79,13 @@ const (

 // Hidden flags.
 const (
-	flagLauncher         = "launcher"
-	flagNoWindow         = "no-window"
-	flagParentPID        = "parent-pid"
-	flagSoftwareRenderer = "software-renderer"
-	FlagSessionID        = "session-id"
+	flagLauncher            = "launcher"
+	flagNoWindow            = "no-window"
+	flagParentPID           = "parent-pid"
+	flagSoftwareRenderer    = "software-renderer"
+	flagEnableKeychainTest  = "enable-keychain-test"
+	flagDisableKeychainTest = "disable-keychain-test"
+	FlagSessionID           = "session-id"
 )

 const (
@ -91,6 +93,20 @@ const (
 	appShortName = "bridge"
 )

+var cliFlagEnableKeychainTest = &cli.BoolFlag{ //nolint:gochecknoglobals
+	Name:   flagEnableKeychainTest,
+	Usage:  "Enable the keychain test",
+	Hidden: true,
+	Value:  false,
+} //nolint:gochecknoglobals
+
+var cliFlagDisableKeychainTest = &cli.BoolFlag{ //nolint:gochecknoglobals
+	Name:   flagDisableKeychainTest,
+	Usage:  "Disable the keychain test",
+	Hidden: true,
+	Value:  false,
+}
+
 func New() *cli.App {
 	app := cli.NewApp()

@ -168,6 +184,9 @@ func New() *cli.App {
 			Name:   FlagSessionID,
 			Hidden: true,
 		},
+		// the two flags below were introduced by BRIDGE-116
+		cliFlagEnableKeychainTest,
+		cliFlagDisableKeychainTest,
 	}

 	app.Action = run
@ -238,7 +257,8 @@ func run(c *cli.Context) error {

 						return withSingleInstance(settings, locations.GetLockFile(), version, func() error {
 							// Look for available keychains
-							return WithKeychainList(crashHandler, func(keychains *keychain.List) error {
+							skipKeychainTest := checkSkipKeychainTest(c, settings)
+							return WithKeychainList(crashHandler, skipKeychainTest, func(keychains *keychain.List) error {
 								// Unlock the encrypted vault.
 								return WithVault(locations, keychains, crashHandler, func(v *vault.Vault, insecure, corrupt bool) error {
 									if !v.Migrated() {
@ -502,11 +522,11 @@ func withCookieJar(vault *vault.Vault, fn func(http.CookieJar) error) error {
 }

 // WithKeychainList init the list of usable keychains.
-func WithKeychainList(panicHandler async.PanicHandler, fn func(*keychain.List) error) error {
+func WithKeychainList(panicHandler async.PanicHandler, skipKeychainTest bool, fn func(*keychain.List) error) error {
 	logrus.Debug("Creating keychain list")
 	defer logrus.Debug("Keychain list stop")
 	defer async.HandlePanic(panicHandler)
-	return fn(keychain.NewList())
+	return fn(keychain.NewList(skipKeychainTest))
 }

 func setDeviceCookies(jar *cookies.Jar) error {
@ -526,3 +546,35 @@ func setDeviceCookies(jar *cookies.Jar) error {

 	return nil
 }
+
+func checkSkipKeychainTest(c *cli.Context, settingsDir string) bool {
+	if runtime.GOOS != "darwin" {
+		return false
+	}
+
+	enable := c.Bool(flagEnableKeychainTest)
+	disable := c.Bool(flagDisableKeychainTest)
+
+	skip, err := vault.GetShouldSkipKeychainTest(settingsDir)
+	if err != nil {
+		logrus.WithError(err).Error("Could not load keychain settings.")
+	}
+
+	if (!enable) && (!disable) {
+		return skip
+	}
+
+	// if both switches are passed, 'enable' has priority
+	if disable {
+		skip = true
+	}
+	if enable {
+		skip = false
+	}
+
+	if err := vault.SetShouldSkipKeychainTest(settingsDir, skip); err != nil {
+		logrus.WithError(err).Error("Could not save keychain settings.")
+	}
+
+	return skip
+}
--- a/internal/app/app_test.go
+++ b/internal/app/app_test.go
@ -0,0 +1,65 @@
+// Copyright (c) 2024 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package app
+
+import (
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/urfave/cli/v2"
+)
+
+func TestCheckSkipKeychainTest(t *testing.T) {
+	var expectedResult bool
+	dir := t.TempDir()
+	app := cli.App{
+		Flags: []cli.Flag{
+			cliFlagEnableKeychainTest,
+			cliFlagDisableKeychainTest,
+		},
+		Action: func(c *cli.Context) error {
+			require.Equal(t, expectedResult, checkSkipKeychainTest(c, dir))
+			return nil
+		},
+	}
+
+	noArgs := []string{"appName"}
+	enableArgs := []string{"appName", "-" + flagEnableKeychainTest}
+	disableArgs := []string{"appName", "-" + flagDisableKeychainTest}
+	bothArgs := []string{"appName", "-" + flagDisableKeychainTest, "-" + flagEnableKeychainTest}
+
+	const trueOnlyOnMac = runtime.GOOS == "darwin"
+
+	expectedResult = false
+	require.NoError(t, app.Run(noArgs))
+
+	expectedResult = trueOnlyOnMac
+	require.NoError(t, app.Run(disableArgs))
+	require.NoError(t, app.Run(noArgs))
+
+	expectedResult = false
+	require.NoError(t, app.Run(enableArgs))
+	require.NoError(t, app.Run(noArgs))
+
+	expectedResult = trueOnlyOnMac
+	require.NoError(t, app.Run(disableArgs))
+
+	expectedResult = false
+	require.NoError(t, app.Run(bothArgs))
+}