Tests leave key in keyring

src/vorta/keyring/abc.py

@@ -54,6 +54,12 @@ def get_password(self, service, repo_url):
         """
         raise NotImplementedError
 
+    def remove_password(self, service, repo_url):
+        """
+        Removes a password form the underlying store.
+        """
+        raise NotImplementedError
+
     @property
     def is_system(self):
         """

src/vorta/keyring/darwin.py

@@ -15,7 +15,11 @@
 
 
 class VortaDarwinKeyring(VortaKeyring):
-    """Homemade macOS Keychain Service"""
+    """
+    Homemade macOS Keychain Service
+
+    TODO: Could use the newer API, as done here: https://github.com/jaraco/keyring/pull/522/files
+    """
 
     login_keychain = None
 
@@ -42,6 +46,7 @@ def _set_keychain(self):
                 b'i@I*I*o^Io^^{OpaquePassBuff}o^^{OpaqueSecKeychainItemRef}',
             ),
             ('SecKeychainGetStatus', b'i^{OpaqueSecKeychainRef=}o^I'),
+            ('SecKeychainItemDelete', b'i^{OpaqueSecKeychainItemRef=}o^I'),
         ]
 
         objc.loadBundleFunctions(Security, globals(), S_functions)
@@ -97,6 +102,25 @@ def get_password(self, service, repo_url):
         logger.debug(f"Retrieved password for repo {repo_url}")
         return password
 
+    def remove_password(self, service, repo_url):
+        if not self.login_keychain:
+            self._set_keychain()
+
+        (result, password_length, password_buffer, keychain_item,) = SecKeychainFindGenericPassword(
+            self.login_keychain,
+            len(service),
+            service.encode(),
+            len(repo_url),
+            repo_url.encode(),
+            None,
+            None,
+            None,
+        )
+        password = None
+        if (result == 0) and (password_length != 0):
+            logger.debug(f"Found password for repo {repo_url}")
+            SecKeychainItemDelete(keychain_item, None)
+
     @property
     def is_unlocked(self):
         kSecUnlockStateStatus = 1

src/vorta/keyring/db.py

@@ -1,6 +1,6 @@
 import logging
 import peewee
-from vorta.store.models import SettingsModel
+from vorta.store.models import RepoPassword, SettingsModel
 from .abc import VortaKeyring
 
 logger = logging.getLogger(__name__)
@@ -14,16 +14,13 @@ class VortaDBKeyring(VortaKeyring):
     """
 
     def set_password(self, service, repo_url, password):
-        from vorta.store.models import RepoPassword
 
         keyring_entry, created = RepoPassword.get_or_create(url=repo_url, defaults={'password': password})
         keyring_entry.password = password
         keyring_entry.save()
-
         logger.debug(f"Saved password for repo {repo_url}")
 
     def get_password(self, service, repo_url):
-        from vorta.store.models import RepoPassword
 
         try:
             keyring_entry = RepoPassword.get(url=repo_url)
@@ -33,6 +30,15 @@ def get_password(self, service, repo_url):
         except peewee.DoesNotExist:
             return None
 
+    def remove_password(self, service, repo_url):
+
+        try:
+            keyring_entry = RepoPassword.get(url=repo_url)
+            keyring_entry.delete_instance()
+            logger.debug(f"Removed password for repo {repo_url}")
+        except peewee.DoesNotExist:
+            pass
+
     @property
     def is_system(self):
         return False

src/vorta/keyring/kwallet.py

@@ -45,6 +45,12 @@ def get_password(self, service, repo_url):
         logger.debug(f"Retrieved password for repo {repo_url}")
         return password
 
+    def remove_password(self, service, repo_url):
+        entry = [self.handle, self.folder_name, repo_url, service]
+        if self.is_unlocked and self.get_result("hasEntry", args=entry):
+            self.get_result("removeEntry", args=entry)
+            logger.debug(f"Removed password for repo {repo_url}")
+
     def get_result(self, method, args=[]):
         if args:
             result = self.iface.callWithArgumentList(QtDBus.QDBus.AutoDetect, method, args)

src/vorta/keyring/secretstorage.py

@@ -65,6 +65,26 @@ def get_password(self, service, repo_url):
                 return item.get_secret().decode("utf-8")
         return None
 
+    def remove_password(self, service, repo_url):
+        """
+        Remove a password from the underlying store.
+        """
+        if self.is_unlocked:
+            asyncio.set_event_loop(asyncio.new_event_loop())
+            attributes = {
+                'application': 'Vorta',
+                'service': service,
+                'repo_url': repo_url,
+            }
+            items = list(self.collection.search_items(attributes))
+            logger.debug('Found %i passwords matching repo URL.', len(items))
+            for item in items:
+                if item.is_locked() and item.unlock():
+                    return None
+                self.collection.delete(item)
+                logger.debug(f"Removed password for repo {repo_url}")
+        return None
+
     @property
     def is_unlocked(self):
         # unlock() will return True if the unlock prompt is dismissed