Add AuthGuard for inactivity locking and CLI lock command

2025-09-09 07:48:57 +00:00 · 2025-07-18 15:39:19 -04:00
parent d529877888
commit 11b3707087
4 changed files with 79 additions and 1 deletions
--- a/src/seedpass/cli.py
+++ b/src/seedpass/cli.py
@@ -455,6 +455,14 @@ def vault_lock(ctx: typer.Context) -> None:
    typer.echo("locked")


+@app.command("lock")
+def root_lock(ctx: typer.Context) -> None:
+    """Lock the vault for the active profile."""
+    vault_service, _profile, _sync = _get_services(ctx)
+    vault_service.lock()
+    typer.echo("locked")
+
+
@vault_app.command("stats")
 def vault_stats(ctx: typer.Context) -> None:
    """Display statistics about the current seed profile."""
--- a/src/seedpass/core/manager.py
+++ b/src/seedpass/core/manager.py
@@ -109,6 +109,24 @@ class Notification:
    level: str = "INFO"


+class AuthGuard:
+    """Helper to enforce inactivity timeouts."""
+
+    def __init__(
+        self, manager: "PasswordManager", time_fn: callable = time.time
+    ) -> None:
+        self.manager = manager
+        self._time_fn = time_fn
+
+    def check_timeout(self) -> None:
+        """Lock the vault if the inactivity timeout has been exceeded."""
+        timeout = getattr(self.manager, "inactivity_timeout", 0)
+        if self.manager.locked or timeout <= 0:
+            return
+        if self._time_fn() - self.manager.last_activity > timeout:
+            self.manager.lock_vault()
+
+
 class PasswordManager:
    """
    PasswordManager Class
@@ -161,6 +179,7 @@ class PasswordManager:
        self._suppress_entry_actions_menu: bool = False
        self.last_bip85_idx: int = 0
        self.last_sync_ts: int = 0
+        self.auth_guard = AuthGuard(self)

        # Initialize the fingerprint manager first
        self.initialize_fingerprint_manager()
@@ -240,7 +259,12 @@ class PasswordManager:
        return (None, parent_fp, self.current_fingerprint)

    def update_activity(self) -> None:
-        """Record the current time as the last user activity."""
+        """Record activity and enforce inactivity timeout."""
+        guard = getattr(self, "auth_guard", None)
+        if guard is None:
+            guard = AuthGuard(self)
+            self.auth_guard = guard
+        guard.check_timeout()
        self.last_activity = time.time()

    def notify(self, message: str, level: str = "INFO") -> None: