search

obscure-com / ti_keychain

iOS keychain wrapper for Appcelerator Titanium
78 stars 30 forks source link

Are keychains stored permanently? #4

Closed dottodot closed 11 years ago

dottodot commented 11 years ago

Just wondering if the keychain store is meant to be permanent until reset, as on my app the values are empty every time the app is started.

So on my account page it either shows account details or a login form. So once the user has logged the page refreshes to show the account details.

or is keychain.createKeychainItem overwriting each time the window is opened?

function AccountWindow(title) {
    var keychain = require('com.obscure.keychain');
    var keychainItem = keychain.createKeychainItem('mylogin', 'supersecretpassphrase');
    Ti.API.info('Your account name is ' + keychainItem.account);
    Ti.API.info('Your password is ' + keychainItem.valueData);

///Code to show account or login form here

loginButton.addEventListener('click', function(e) {
                keychainItem.account = usernameTextfield.value; 
                keychainItem.valueData = passwordTextfield.value;
})

    return self;
}

module.exports = AccountWindow;
pegli commented 11 years ago

Keychain values are stored permanently, but the documentation for the module isn't clear about how to do this. Think of the keychain as a key-value store where the account property of each item is the unique key and the valueData item is the value. In your code above, the login button event listener is creating a new keychain item each time it is called with a different value in usernameTextField.value.

The proper way to use the module is to pick a static name for each keychain item that you want to store and use that name in the call to createKeychainItem:

var usernameItem = keychain.createKeychainItem('username');
usernameTextfield.value = usernameItem.valueData;

I've uploaded a sample project that shows how to do this more clearly.

ChristopherCarranza commented 10 years ago

Pegil,

I'm running into a slight issue with your implementation of your keychain items. In iOS when using the keychain, it essentially has 3 different properties that you use.

Keychain identifier, Account, ValueData

With these three values i can have a username and password field in my iOS app always identified with the unique identifier. The account would equal the username and valuedata would be the password. I the programmer can choose the Keychain identifier in code, which means i have one keychain item to manage. And if i need to reset that keychain item, i can get to it with the identifier that i have established.

The way you have implemented it essentially lets the user create a new keychain item each time because you are using their account as the keychain identifier.

So if a user types in a username of "Chris" then hits save, it will save it as a new keychain item of "Chris". If they go back and modify it to "chris" or "dave" it technically isn't modifying the one keychain item, it is creating a whole new one. So you are allowing the user to create lord knows how many keychain items on their phone.

Hopefully this makes sense, but essentially you are missing a vital piece of the keychain implementation and as it stands this is quite flawed. Is it possible for any changes to happen here.