[FR] store network token in system keyring when possible
jellespijker opened this issue · 2 comments
Hi one of the Cura devs here,
I started a review of the v0.9.0 plugin for the Cura Marketplace and I noticed that you store the Network token, as plaintext the Cura preferences. We used to do that for our cloud tokens as well, but found it a security risk, since a lot of users often share their configuration folders with each other.
I believe that security risk for your current use case is low, but I wanted to bring our KeyringAttribute to your attention. This should automatically store sensitive data (such as auth tokens) in the System keyring, while still being able to use it in the same way as you would any plain attribute. Implementing it would be fairly easy, so it might be worth considering.
https://github.com/Ultimaker/Cura/blob/main/cura/OAuth2/KeyringAttribute.py
from cura.OAuth2.KeyringAttribute import KeyringAttribute
class AuthResponse():
token = KeyringAttribute()
def __init__(self, token: str) -> None:
self.token = token
def use_example(self):
if self.token == "12345qwerty":
passReal life example:
https://github.com/Ultimaker/Cura/blob/6a704f48020deb5168e194b127dde83b0fd70579/cura/OAuth2/Models.py#L46
Got you. I'll re-implement the token store very soon.
@jellespijker Thanks for your review.
I implemented it, but as you can see from code, we use device_id getting from networked printer as key/account to store the token. And it's dynamic, so we can't use KeyringAttribute as class descriptor as examples do.
I'm wondering if we can extend the KeyringAttribute class, in order to make it suitable as well for dynamic keyring access.
Update: I've summited SnapamakerPlugin 0.9.2 to the Contributor Portal.