GNOME Bugzilla – Bug 377354
Plugins should use Gnome-Keyring for sensitive data
Last modified: 2012-03-28 22:25:16 UTC
Plugins that store sensitive data (e.g. last.fm password, Magnatune credit card details) should use gnome-keyring in preference to gconf to store data.
Created attachment 77560 [details] [review] Use gnome-keyring to store credit card details in Magnatune plugin This patch puts the CC number, expiry year, and expiry month into gnome-keyring. Should I put the user's name and/or email address there as well? Possible issues: - uses synchronous function calls, since those are the only ones available in the python plugin. This means that the rhythmbox UI freezes while the user is asked for the password to unlock the keyring. - probably does the wrong thing (simply continues with blank fields) if the user fails to unlock the keyring in the preferences window.
Created attachment 77729 [details] [review] updated patch This cleans up the code, stores everything in a single secret, removes keyring references from gconf and should work fine (sans actually storing stuff) without Gnome keyring. I haven't finished working on it yet, so there are quite a few dodgy UI issues I haven't fxed yet.
When I open the preferences window, the line ids = gnomekeyring.find_items_sync (gnomekeyring.ITEM_GENERIC_SECRET, keyring_attributes) in get_cc_details() throws an exception. This has the effect of erasing the secret every time the preferences window is opened. Debug output: (10:28:12) [0x8140410] [Magnatune.get_cc_details] /usr/lib/rhythmbox/plugins/magnatune/__init__.py:284: getting CC details (10:28:12) [0x8140410] [Magnatune.get_cc_details] /usr/lib/rhythmbox/plugins/magnatune/__init__.py:291: ../Python/getargs.c:1158: bad argument to internal function Also, in MagnatuneSource.py, line 178 (ccnumber, ccyear, ccmonth, name, email) = self.plugin.get_cc_details() should be (ccnumber, ccyear, ccmonth, name, email) = self.__plugin.get_cc_details()
Created attachment 78123 [details] [review] turn off keyring From what I can tell, this might actually be a bug in the gnomekeyring python bindings. This patch is basically the same as the last, except that use_gnome_keyring is always set to false so it won't use gnomekeyring, with some minor fixes and UI cleanups. I think that committing this (for the upcoming release), and then trying to fix keyring support would be a good idea as storing CC details in gconf isn't good.
Looks good to me, except for the 'gnommVfs' reference in MagnatuneSource.py.
Okay, committed to cvs.
The Magnatune plugin now uses gnome-keyring to store account usernames and passwords as of commit 0ff31776.