Skip to content

Comments

refactor: streamline token management and credential updates#250

Merged
egalvis27 merged 4 commits intomainfrom
refactor/remove-legacy-token
Feb 20, 2026
Merged

refactor: streamline token management and credential updates#250
egalvis27 merged 4 commits intomainfrom
refactor/remove-legacy-token

Conversation

@egalvis27
Copy link

@egalvis27 egalvis27 commented Feb 18, 2026

What is Changed / Added

Everything related to legacyToken is removed, and the mnemonic is encrypted, solving a security issue.

Why

@egalvis27 egalvis27 requested a review from AlexisMora February 18, 2026 15:54
AlexisMora
AlexisMora reviewed Feb 19, 2026
View reviewed changes
src/apps/main/auth/refresh-token/create-token-schedule-with-retry.ts
const tokenScheduler = new TokenScheduler(5, tokens, onUserUnauthorized);
export async function createTokenScheduleWithRetry() {
const { newToken } = getCredentials();
const tokenScheduler = new TokenScheduler(5, newToken, onUserUnauthorized);
Copy link

@AlexisMora AlexisMora Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What this 5 is for?

Copy link
Author

@egalvis27 egalvis27 Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This parameter defines how many days in advance the token should be renewed. It was previously set to 5 days. Do you think that's too long, or is it reasonable?

Copy link

@AlexisMora AlexisMora Feb 20, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its fine its just that we shouldnt use magic numbers, we need to give it context so that we can know properly the justification of the number so that we dont forget

AlexisMora
AlexisMora reviewed Feb 19, 2026
View reviewed changes
src/apps/main/auth/refresh-token/refresh-token.ts Outdated
updateCredentials({ newToken });

return right([token, newToken]);
return right([newToken]);
Copy link

@AlexisMora AlexisMora Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any particular reason we need to return it as array? we are only passing one item

Copy link
Author

@egalvis27 egalvis27 Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no reason to leave it like that. Before, an array was returned because the newToken and bearerToken were delivered.

src/apps/main/auth/get-credentials.ts
}

try {
if (!safeStorage.isEncryptionAvailable()) {
Copy link

@AlexisMora AlexisMora Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question as in #249: When would this actually happen?

Copy link
Author

@egalvis27 egalvis27 Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On Linux, this can happen in at least two relevant scenarios:

  1. No keyring/secret store is availablesafeStorage on Linux relies on a backend such as GNOME Keyring or KWallet. If neither is installed isEncryptionAvailable() will return false.

  2. Missing libsecret dependency — Electron uses libsecret under the hood to communicate with the keyring. On minimal Linux distributions where this library is not installed, encryption operations will fail entirely, regardless of whether a keyring daemon is running.

This guard ensures the application handles those cases gracefully instead of throwing an unhandled error at runtime.

Copy link

@AlexisMora AlexisMora Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can add a ticket on this topic so that we dont move out of the scope this pr, but maybe it could be nice to have some sort of check at startup so that if a user can access safeStorage, we push an error (Pretty much the same as the compatibility with nautilus, libfuse..etc) since this issue is about compatibility
What do you think?

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 19, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
80.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@egalvis27 egalvis27 merged commit acede9c into main Feb 20, 2026
9 checks passed
@egalvis27 egalvis27 deleted the refactor/remove-legacy-token branch February 20, 2026 13:36
egalvis27 added a commit that referenced this pull request Feb 20, 2026
@egalvis27
refactor: streamline token management and credential updates (#250)
5a4551d
@egalvis27 egalvis27 mentioned this pull request Feb 20, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlexisMora AlexisMora AlexisMora approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@egalvis27 @AlexisMora