WinVaultKeyring.get_credential with non-existent username returns credential of other user #698
Description
Describe the bug
WinVaultKeyring.get_credential("service", "<username_dne>") with non-existent username can return credentials of another username.
To Reproduce
import keyring
from keyring.backends.Windows import WinVaultKeyring
keyring.set_keyring(WinVaultKeyring())
keyring.set_password(
service_name='service1',
username='user1',
password='password1'
)
keyring.set_password(
service_name='service1',
username='user2',
password='password2'
)
# As expected:
print(keyring.get_credential(service_name="service1",username="user1").password)
print(keyring.get_credential(service_name="service1",username="user2").password)
# I think as expected (defaults most recent? not 100% confident of expected)
# behavior here
print(keyring.get_credential(service_name="service1",username=None).password)
# I think we should expect `None`?
print(keyring.get_credential(service_name="service1",username="nobody!").password)Output:
password1
password2
password2
password2
Expected behavior
keyring.get_credential("service1", "<username dne>") should return None when credential for service1 - <username dne> doesn't exist.
Environment
- OS: Windows
- keyring: 2.4.1
- backend:
WinVaultKeyring
Additional context
get_passworddoes not have the same issue (there is a check that theusernameparameter matches the credential pulled from wincred which should perhaps be added toget_credentialas well.- Will share a PR for consideration shortly to illustrate more precisely
Possibly tangential to some other windows-labelled issues - eg #664