Better guidance for users to deal with host key changes (#1242)

* Provide actionable guidance for host key mismatches

Signed-off-by: Harsh Shandilya <[email protected]>

* Update changelog

Signed-off-by: Harsh Shandilya <[email protected]>

* Hide host key clear button after use

Signed-off-by: Harsh Shandilya <[email protected]>
(cherry picked from commit ce2e657)
Signed-off-by: Harsh Shandilya <[email protected]>

Author: msfjarvis

CHANGELOG.md

@@ -16,6 +16,7 @@ All notable changes to this project will be documented in this file.
 -   Decrypt screen would stay in memory infinitely, allowing passwords to be seen without re-auth
 -   Git commits in the store would wrongly use the 'default' committer as opposed to the user's configured one
 -   Connection attempts now use a reasonable 10 second timeout as opposed to the default of 30 seconds
+-   A change to the remote host key for a server would prevent the user from being able to connect to it
 
 ## [1.13.1] - 2020-10-23
 

app/src/main/java/com/zeapo/pwdstore/git/BaseGitActivity.kt

@@ -28,6 +28,7 @@ import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.withContext
 import net.schmizz.sshj.common.DisconnectReason
 import net.schmizz.sshj.common.SSHException
+import net.schmizz.sshj.transport.TransportException
 import net.schmizz.sshj.userauth.UserAuthException
 
 /**
@@ -74,6 +75,10 @@ abstract class BaseGitActivity : ContinuationContainerActivity() {
             if (err.message?.contains("cannot open additional channels") == true) {
                 GitSettings.useMultiplexing = false
                 SSHException(DisconnectReason.TOO_MANY_CONNECTIONS, "The server does not support multiple Git operations per SSH session. Please try again, a slower fallback mode will be used.")
+            } else if (err is TransportException && err.disconnectReason == DisconnectReason.HOST_KEY_NOT_VERIFIABLE) {
+                SSHException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE,
+                    "WARNING: The remote host key has changed. If this is expected, please go to Git server settings and clear the saved host key."
+                )
             } else {
                 err
             }

app/src/main/java/com/zeapo/pwdstore/git/GitServerConfigActivity.kt

@@ -82,6 +82,12 @@ class GitServerConfigActivity : BaseGitActivity() {
             setAuthModes(text.startsWith("http://") || text.startsWith("https://"))
         }
 
+        binding.clearHostKeyButton.isVisible = GitSettings.hasSavedHostKey()
+        binding.clearHostKeyButton.setOnClickListener {
+            GitSettings.clearSavedHostKey()
+            Snackbar.make(binding.root, getString(R.string.clear_saved_host_key_success), Snackbar.LENGTH_LONG).show()
+            it.isVisible = false
+        }
         binding.saveButton.setOnClickListener {
             val newUrl = binding.serverUrl.text.toString().trim()
             // If url is of type [email protected]:12435/path/to/repo, then not adding `ssh://`

app/src/main/java/com/zeapo/pwdstore/git/config/GitSettings.kt

@@ -56,6 +56,7 @@ object GitSettings {
     private val settings by lazy(LazyThreadSafetyMode.PUBLICATION) { Application.instance.sharedPrefs }
     private val encryptedSettings by lazy(LazyThreadSafetyMode.PUBLICATION) { Application.instance.getEncryptedGitPrefs() }
     private val proxySettings by lazy(LazyThreadSafetyMode.PUBLICATION) { Application.instance.getEncryptedProxyPrefs() }
+    private val hostKeyPath by lazy(LazyThreadSafetyMode.NONE) { "${Application.instance.filesDir}/.host_key" }
 
     var authMode
         get() = AuthMode.fromString(settings.getString(PreferenceKeys.GIT_REMOTE_AUTH))
@@ -64,6 +65,7 @@ object GitSettings {
                 putString(PreferenceKeys.GIT_REMOTE_AUTH, value.pref)
             }
         }
+
     var url
         get() = settings.getString(PreferenceKeys.GIT_REMOTE_URL)
         private set(value) {
@@ -79,29 +81,33 @@ object GitSettings {
             // should be deleted/reset.
             useMultiplexing = true
             encryptedSettings.edit { remove(PreferenceKeys.HTTPS_PASSWORD) }
-            File("${Application.instance.filesDir}/.host_key").delete()
+            clearSavedHostKey()
         }
+
     var authorName
         get() = settings.getString(PreferenceKeys.GIT_CONFIG_AUTHOR_NAME) ?: ""
         set(value) {
             settings.edit {
                 putString(PreferenceKeys.GIT_CONFIG_AUTHOR_NAME, value)
             }
         }
+
     var authorEmail
         get() = settings.getString(PreferenceKeys.GIT_CONFIG_AUTHOR_EMAIL) ?: ""
         set(value) {
             settings.edit {
                 putString(PreferenceKeys.GIT_CONFIG_AUTHOR_EMAIL, value)
             }
         }
+
     var branch
         get() = settings.getString(PreferenceKeys.GIT_BRANCH_NAME) ?: DEFAULT_BRANCH
         private set(value) {
             settings.edit {
                 putString(PreferenceKeys.GIT_BRANCH_NAME, value)
             }
         }
+
     var useMultiplexing
         get() = settings.getBoolean(PreferenceKeys.GIT_REMOTE_USE_MULTIPLEXING, true)
         set(value) {
@@ -179,4 +185,16 @@ object GitSettings {
         branch = newBranch
         return UpdateConnectionSettingsResult.Valid
     }
+
+    /**
+     * Deletes a previously saved SSH host key
+     */
+    fun clearSavedHostKey() {
+        File(hostKeyPath).delete()
+    }
+
+    /**
+     * Returns true if a host key was previously saved
+     */
+    fun hasSavedHostKey(): Boolean = File(hostKeyPath).exists()
 }

app/src/main/res/layout/activity_git_clone.xml

@@ -120,5 +120,16 @@
             android:text="@string/crypto_save"
             app:layout_constraintEnd_toEndOf="parent"
             app:layout_constraintTop_toBottomOf="@id/auth_mode_group" />
+
+        <com.google.android.material.button.MaterialButton
+            android:id="@+id/clear_host_key_button"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="8dp"
+            android:text="@string/clear_saved_host_key"
+            android:visibility="gone"
+            app:layout_constraintStart_toStartOf="parent"
+            app:layout_constraintTop_toBottomOf="@id/auth_mode_group"
+            tools:visibility="visible" />
     </androidx.constraintlayout.widget.ConstraintLayout>
 </ScrollView>

app/src/main/res/values/strings.xml

@@ -415,5 +415,7 @@
     <string name="pref_proxy_settings">HTTP(S) proxy settings</string>
     <string name="invalid_proxy_url">Invalid URL</string>
     <string name="oreo_autofill_password_fill_and_conditional_save_support">Fill and save passwords (saving requires that no accessibility services are enabled)</string>
+    <string name="clear_saved_host_key">Clear saved host key</string>
+    <string name="clear_saved_host_key_success">Successfully cleared saved host key!</string>
 
 </resources>