Move git password management to local password control

Don't keep passwords in plain text config files that may be checked into version control. Passwords stored in system-specific password managers Fixes https://gitlab.com/kicad/code/kicad/-/issues/18053
2025-04-21 00:21:25 +00:00 · 2025-01-20 17:28:06 -08:00 · 2025-01-20 17:28:06 -08:00 · 427d7d2dad
commit 427d7d2dad
parent a50d3b5d1b
6 changed files with 65 additions and 7 deletions
--- a/common/git/kicad_git_common.cpp
+++ b/common/git/kicad_git_common.cpp
@ -23,6 +23,8 @@

 #include "kicad_git_common.h"

+#include <kiplatform/secrets.h>
+
 #include <wx/filename.h>
 #include <wx/log.h>
 #include <map>
@ -70,7 +72,7 @@ wxString KIGIT_COMMON::GetCurrentBranchName() const

    git_reference_free( branch );

-    return branchName;
+    return wxString( branchName );
 }


@ -387,6 +389,57 @@ bool KIGIT_COMMON::HasPushAndPullRemote() const
 }


+wxString KIGIT_COMMON::GetRemotename() const
+{
+    wxString retval;
+    git_reference* head = nullptr;
+    git_reference* upstream = nullptr;
+
+    if( git_repository_head( &head, m_repo ) != GIT_OK )
+        return retval;
+
+    if( git_branch_upstream( &upstream, head ) == GIT_OK )
+    {
+        git_buf     remote_name = GIT_BUF_INIT_CONST( nullptr, 0 );
+
+        if( git_branch_remote_name( &remote_name, m_repo, git_reference_name( upstream ) ) == GIT_OK )
+        {
+            retval = remote_name.ptr;
+            git_buf_dispose( &remote_name );
+        }
+
+        git_reference_free( upstream );
+    }
+
+    git_reference_free( head );
+
+    return retval;
+}
+
+
+void KIGIT_COMMON::UpdateCurrentBranchInfo()
+{
+    // We want to get the current branch's upstream url as well as the stored password
+    // if one exists given the url and username.
+
+    wxString remote_name = GetRemotename();
+    git_remote* remote = nullptr;
+
+    if( git_remote_lookup( &remote, m_repo, remote_name.ToStdString().c_str() ) == GIT_OK )
+    {
+        const char* url = git_remote_url( remote );
+
+        if( url )
+            m_remote = url;
+
+        git_remote_free( remote );
+    }
+
+    // Find the stored password if it exists
+    KIPLATFORM::SECRETS::GetSecret( m_remote, m_username, m_password );
+}
+
+
 extern "C" int fetchhead_foreach_cb( const char*, const char*,
                                     const git_oid* aOID, unsigned int aIsMerge, void* aPayload )
 {
--- a/common/git/kicad_git_common.h
+++ b/common/git/kicad_git_common.h
@ -114,10 +114,16 @@ public:
    // Returns true if the repository has a remote that can be pushed to pulled from
    bool HasPushAndPullRemote() const;

+    // Updates the password and remote information for the repository given the current branch
+    void UpdateCurrentBranchInfo();
+
+    wxString GetRemotename() const;
+
 protected:
    git_repository* m_repo;

    GIT_CONN_TYPE m_connType;
+    wxString m_remote;
    wxString m_username;
    wxString m_password;
    wxString m_sshKey;
--- a/common/project/project_local_settings.cpp
+++ b/common/project/project_local_settings.cpp
@ -191,8 +191,6 @@ PROJECT_LOCAL_SETTINGS::PROJECT_LOCAL_SETTINGS( PROJECT* aProject, const wxStrin

    m_params.emplace_back( new PARAM<wxString>( "git.repo_username", &m_GitRepoUsername, "" ) );

-    m_params.emplace_back( new PARAM<wxString>( "git.repo_password", &m_GitRepoPassword, "" ) );
-
    m_params.emplace_back( new PARAM<wxString>( "git.repo_type", &m_GitRepoType, "" ) );

    m_params.emplace_back( new PARAM<wxString>( "git.ssh_key", &m_GitSSHKey, "" ) );
--- a/include/project/project_local_settings.h
+++ b/include/project/project_local_settings.h
@ -150,7 +150,6 @@ public:

    // Upstream git repo info
    wxString m_GitRepoUsername;
-    wxString m_GitRepoPassword;
    wxString m_GitRepoType;
    wxString m_GitSSHKey;

--- a/kicad/project_tree_pane.cpp
+++ b/kicad/project_tree_pane.cpp
@ -78,6 +78,7 @@
 #include <widgets/kistatusbar.h>

 #include <kiplatform/io.h>
+#include <kiplatform/secrets.h>


 /* Note about the project tree build process:
@ -637,9 +638,9 @@ void PROJECT_TREE_PANE::ReCreateTreePrj()
    if( ADVANCED_CFG::GetCfg().m_EnableGit )
    {
        m_TreeProject->SetGitRepo( get_git_repository_for_file( fn.GetPath().c_str() ) );
-        m_TreeProject->GitCommon()->SetPassword( Prj().GetLocalSettings().m_GitRepoPassword );
        m_TreeProject->GitCommon()->SetUsername( Prj().GetLocalSettings().m_GitRepoUsername );
        m_TreeProject->GitCommon()->SetSSHKey( Prj().GetLocalSettings().m_GitSSHKey );
+        m_TreeProject->GitCommon()->UpdateCurrentBranchInfo();

        wxString conn_type = Prj().GetLocalSettings().m_GitRepoType;

@ -1706,7 +1707,7 @@ void PROJECT_TREE_PANE::onGitInitializeProject( wxCommandEvent& aEvent )

    handler.PerformFetch();

-    Prj().GetLocalSettings().m_GitRepoPassword = dlg.GetPassword();
+    KIPLATFORM::SECRETS::StoreSecret( dlg.GetRepoURL(), dlg.GetUsername(), dlg.GetPassword() );
    Prj().GetLocalSettings().m_GitRepoUsername = dlg.GetUsername();
    Prj().GetLocalSettings().m_GitSSHKey = dlg.GetRepoSSHPath();

--- a/kicad/tools/kicad_manager_control.cpp
+++ b/kicad/tools/kicad_manager_control.cpp
@ -27,6 +27,7 @@
 #include <kiway.h>
 #include <kicad_manager_frame.h>
 #include <kiplatform/policy.h>
+#include <kiplatform/secrets.h>
 #include <confirm.h>
 #include <kidialog.h>
 #include <project/project_file.h>
@ -190,7 +191,7 @@ int KICAD_MANAGER_CONTROL::NewFromRepository( const TOOL_EVENT& aEvent )
    wxString dest = pro.GetPath() + wxFileName::GetPathSeparator() + projects.front();
    m_frame->LoadProject( dest );

-    Prj().GetLocalSettings().m_GitRepoPassword = dlg.GetPassword();
+    KIPLATFORM::SECRETS::StoreSecret( dlg.GetRepoURL(), dlg.GetUsername(), dlg.GetPassword() );
    Prj().GetLocalSettings().m_GitRepoUsername = dlg.GetUsername();
    Prj().GetLocalSettings().m_GitSSHKey = dlg.GetRepoSSHPath();