From ccea37e0e004c258e12dd6939287ec65898dda58 Mon Sep 17 00:00:00 2001
From: crschnick <crschnick@xpipe.io>
Date: Sat, 9 Mar 2024 02:02:00 +0000
Subject: [PATCH] Rework ssh host key trust handling

---
 .../main/java/io/xpipe/app/util/AskpassAlert.java    |  2 +-
 .../main/java/io/xpipe/app/util/SecretManager.java   | 12 +++++++++---
 .../java/io/xpipe/app/util/SecretQueryProgress.java  |  2 +-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/app/src/main/java/io/xpipe/app/util/AskpassAlert.java b/app/src/main/java/io/xpipe/app/util/AskpassAlert.java
index f139343f..86417d8b 100644
--- a/app/src/main/java/io/xpipe/app/util/AskpassAlert.java
+++ b/app/src/main/java/io/xpipe/app/util/AskpassAlert.java
@@ -24,7 +24,7 @@ public class AskpassAlert {
                     alert.setAlertType(Alert.AlertType.CONFIRMATION);
 
                     // Link to help page for double prompt
-                    if (!SecretManager.shouldCacheForPrompt(prompt)) {
+                    if (SecretManager.isSpecialPrompt(prompt)) {
                         var type = new ButtonType("Help", ButtonBar.ButtonData.HELP);
                         alert.getButtonTypes().add(type);
                         var button = alert.getDialogPane().lookupButton(type);
diff --git a/app/src/main/java/io/xpipe/app/util/SecretManager.java b/app/src/main/java/io/xpipe/app/util/SecretManager.java
index 3b75795b..20c54254 100644
--- a/app/src/main/java/io/xpipe/app/util/SecretManager.java
+++ b/app/src/main/java/io/xpipe/app/util/SecretManager.java
@@ -47,13 +47,19 @@ public class SecretManager {
         return p;
     }
 
-    public static boolean shouldCacheForPrompt(String prompt) {
+    public static boolean isSpecialPrompt(String prompt) {
         var l = prompt.toLowerCase(Locale.ROOT);
+        // 2FA
         if (l.contains("passcode") || l.contains("verification code")) {
-            return false;
+            return true;
         }
 
-        return true;
+        // SSH host key trust prompt
+        if (l.contains("authenticity of host") || l.contains("please type 'yes', 'no' or the fingerprint")) {
+            return true;
+        }
+
+        return false;
     }
 
     public static SecretValue retrieve(SecretRetrievalStrategy strategy, String prompt, UUID secretId, int sub) {
diff --git a/app/src/main/java/io/xpipe/app/util/SecretQueryProgress.java b/app/src/main/java/io/xpipe/app/util/SecretQueryProgress.java
index 15a8a3ce..8c779dfd 100644
--- a/app/src/main/java/io/xpipe/app/util/SecretQueryProgress.java
+++ b/app/src/main/java/io/xpipe/app/util/SecretQueryProgress.java
@@ -115,7 +115,7 @@ public class SecretQueryProgress {
 
     private boolean shouldCache(SecretQuery query, String prompt) {
         var shouldCache = query.cache()
-                && SecretManager.shouldCacheForPrompt(prompt)
+                && !SecretManager.isSpecialPrompt(prompt)
                 && (!query.respectDontCacheSetting()
                         || !AppPrefs.get().dontCachePasswords().get());
         return shouldCache;