MacOS: Fix startup failure when unable to access the keychain (#13006)

2025-08-24 20:19:10 +02:00 · 2025-08-22 01:32:59 -07:00
parent 37422f316e
commit 371f027a24
2 changed files with 23 additions and 2 deletions
--- a/packages/lib/services/keychain/KeychainService.test.ts
+++ b/packages/lib/services/keychain/KeychainService.test.ts
@@ -1,6 +1,6 @@
 import Setting from '../../models/Setting';
 import shim from '../../shim';
-import { switchClient, setupDatabaseAndSynchronizer } from '../../testing/test-utils';
+import { switchClient, setupDatabaseAndSynchronizer, withWarningSilenced } from '../../testing/test-utils';
 import KeychainService from './KeychainService';
 import KeychainServiceDriverDummy from './KeychainServiceDriver.dummy';
 import KeychainServiceDriverElectron from './KeychainServiceDriver.electron';
@@ -134,6 +134,21 @@ describe('KeychainService', () => {
 		expect(Setting.value('keychain.supported')).toBe(0);
 	});

+	test('should handle the case where safeStorage.encryptString throws', async () => {
+		mockSafeStorage({
+			encryptString: () => {
+				throw new Error('Failed!');
+			},
+		});
+		Setting.setValue('keychain.supported', -1);
+
+		await KeychainService.instance().initialize(makeDrivers());
+		await withWarningSilenced(/Encrypting a setting failed/, async () => {
+			await KeychainService.instance().detectIfKeychainSupported();
+		});
+		expect(Setting.value('keychain.supported')).toBe(0);
+	});
+
 	test('should load settings from a read-only KeychainService if not present in the database', async () => {
 		mockSafeStorage({});

--- a/packages/lib/services/keychain/KeychainServiceDriver.electron.ts
+++ b/packages/lib/services/keychain/KeychainServiceDriver.electron.ts
@@ -31,7 +31,13 @@ export default class KeychainServiceDriver extends KeychainServiceDriverBase {
 		if (canUseSafeStorage()) {
 			logger.debug('Saving password with electron safe storage. ID: ', name);

-			const encrypted = await shim.electronBridge().safeStorage.encryptString(password);
+			let encrypted;
+			try {
+				encrypted = await shim.electronBridge().safeStorage.encryptString(password);
+			} catch (error) {
+				logger.warn('Encrypting a setting failed. Missing keychain permission?', error);
+				return false;
+			}
 			await KvStore.instance().setValue(`${kvStorePrefix}${name}`, encrypted);
 		} else {
 			// Unsupported.