Allow specification of workdir

2025-05-11 11:19:47 +02:00
parent 3dfd03688b
commit d0b92b220e
3 changed files with 14 additions and 12 deletions
--- a/packages/sshecret-admin/src/sshecret_admin/services/master_password.py
+++ b/packages/sshecret-admin/src/sshecret_admin/services/master_password.py
@ -24,11 +24,14 @@ def setup_master_password(

    This method should run just after setting up the database.
    """
-    created = _initial_key_setup(settings, filename, regenerate)
+    keyfile = Path(filename)
+    if settings.password_manager_directory:
+        keyfile = settings.password_manager_directory / filename
+    created = _initial_key_setup(settings, keyfile, regenerate)
    if not created:
        return None

-    return _generate_master_password(settings, filename)
+    return _generate_master_password(settings, keyfile)


 def decrypt_master_password(
@ -36,10 +39,12 @@ def decrypt_master_password(
 ) -> str:
    """Retrieve master password."""
    keyfile = Path(filename)
+    if settings.password_manager_directory:
+        keyfile = settings.password_manager_directory / filename
    if not keyfile.exists():
        raise RuntimeError("Error: Private key has not been generated yet.")

-    private_key = load_private_key(KEY_FILENAME, password=settings.secret_key)
+    private_key = load_private_key(str(keyfile.absolute()), password=settings.secret_key)
    return decode_string(encrypted, private_key)


@ -50,12 +55,10 @@ def _generate_password() -> str:

 def _initial_key_setup(
    settings: AdminServerSettings,
-    filename: str = KEY_FILENAME,
+    keyfile: Path,
    regenerate: bool = False,
 ) -> bool:
    """Set up initial keys."""
-    keyfile = Path(filename)
-
    if keyfile.exists() and not regenerate:
        return False

@ -67,16 +70,15 @@ def _initial_key_setup(


 def _generate_master_password(
-    settings: AdminServerSettings, filename: str = KEY_FILENAME
+    settings: AdminServerSettings, keyfile: Path
 ) -> str:
    """Generate master password for password database.

    Returns the encrypted string, base64 encoded.
    """
-    keyfile = Path(filename)
    if not keyfile.exists():
        raise RuntimeError("Error: Private key has not been generated yet.")
-    private_key = load_private_key(filename, password=settings.secret_key)
+    private_key = load_private_key(str(keyfile.absolute()), password=settings.secret_key)
    public_key = private_key.public_key()
    master_password = _generate_password()
    return encrypt_string(master_password, public_key)