bunny-lab/Borealis-Github-Replica
1
0
Fork 0
mirror of https://github.com/bunny-lab-io/Borealis.git synced 2025-10-26 17:21:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Improve refresh token DPAPI fallback and add reload logging

Browse Source
This commit is contained in:
Nicole Rappe
2025-10-18 02:00:36 -06:00
parent 21c2ce0c0b
commit cf82474e07
2 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Data/Agent/security.py
View File

@@ -227,16 +227,23 @@ class AgentKeyStore:
try:
with open(self._refresh_token_path, "rb") as fh:
protected = fh.read()
raw = _unprotect(protected, scope_system=self.scope_system)
try:
return raw.decode("utf-8")
except Exception:
# Token may have been protected under the opposite DPAPI scope.
alt = _unprotect(protected, scope_system=not self.scope_system)
return alt.decode("utf-8")
except Exception:
return None
# Try both scopes (preferred first) and decode once a UTF-8 payload is recovered.
for scope_first in (self.scope_system, not self.scope_system):
try:
candidate = _unprotect(protected, scope_system=scope_first)
except Exception:
continue
if not candidate:
continue
try:
return candidate.decode("utf-8")
except Exception:
continue
return None
def clear_tokens(self) -> None:
for path in (self._access_token_path, self._refresh_token_path, self._token_meta_path):
try: