Add recovery code security tests and implement password recovery flow #19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Introduced a new test suite for recovery code security in `test_recovery_security.py` to validate: - Code generation uniqueness - Code encryption and decryption - One-time use enforcement - Tamper detection - Brute force resistance - File deletion/corruption handling - Modified `MainWindowBase` to integrate recovery code functionality: - Added `verify_password_with_recovery` method for password verification with recovery options. - Updated password dialog to include a "Forgot Password?" link that initiates recovery. - Created `RecoveryCodeDialog` and `RecoveryCodesDisplayDialog` for user interactions during password recovery: - Users can enter recovery codes and set new passwords. - Display generated recovery codes with warnings about their usage. - Enhanced the UI with appropriate styles and messages to guide users through the recovery process.
- Integrated verification callback for recovery codes in the main window. - Improved password prompt handling with recovery options. - Added password strength meter during password creation and recovery. - Updated recovery dialog to include password strength feedback and dynamic tab management. - Enhanced user experience with better error handling and messaging. - Implemented file saving functionality for recovery codes with user confirmation. - Refactored password dialog to support dynamic button text and forgot password visibility.
- Added functionality to protect critical files (recovery codes, encrypted passwords) from deletion/tampering when monitoring is active. - Integrated file protection logic into the main window, ensuring critical files are protected upon starting monitoring and unprotected on exit. - Enhanced the Linux file lock manager to exclude FadCrypt's own process from being terminated during file protection. - Created a test suite for recovery code persistence, ensuring recovery codes remain valid after password resets and are marked as consumed when used.
…tored applications
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduced a new test suite for recovery code security in
test_recovery_security.pyto validate:Modified
MainWindowBaseto integrate recovery code functionality:verify_password_with_recoverymethod for password verification with recovery options.Created
RecoveryCodeDialogandRecoveryCodesDisplayDialogfor user interactions during password recovery:Enhanced the UI with appropriate styles and messages to guide users through the recovery process.