Merge pull request #588 from PhilKes/fix/backup-on-save-decrypt

Fix decrypting database on auto-save backup if biometric lock is enabled
2025-06-28 20:29:54 +00:00 · 2025-05-10 16:43:25 +02:00 · 2025-05-10 16:43:25 +02:00 · 402baf8056
commit 402baf8056
parent 3c2400c7e6 de27d40880
3 changed files with 32 additions and 13 deletions
--- a/app/src/main/java/com/philkes/notallyx/utils/backup/ExportExtensions.kt
+++ b/app/src/main/java/com/philkes/notallyx/utils/backup/ExportExtensions.kt
@ -89,7 +89,7 @@ import net.lingala.zip4j.model.enums.EncryptionMethod
 private const val TAG = "ExportExtensions"
 private const val NOTIFICATION_CHANNEL_ID = "AutoBackups"
 private const val NOTIFICATION_ID = 123412
-private const val NOTALLYX_BACKUP_LOGS_FILE = "notallyx-backup-logs"
+private const val NOTALLYX_BACKUP_LOGS_FILE = "notallyx-backup-logs.txt"
 private const val OUTPUT_DATA_BACKUP_URI = "backupUri"

 const val AUTO_BACKUP_WORK_NAME = "com.philkes.notallyx.AutoBackupWork"
@ -174,7 +174,7 @@ fun ContextWrapper.autoBackupOnSave(backupPath: String, password: String, savedN
            backupFile = folder.createFile(MIME_TYPE_ZIP, ON_SAVE_BACKUP_FILE)
            exportAsZip(backupFile!!.uri, password = password)
        } else {
-            NotallyDatabase.getDatabase(this, observePreferences = false).value.checkpoint()
+            val (_, file) = copyDatabase()
            val files =
                with(savedNote) {
                    images.map {
@ -192,10 +192,7 @@ fun ContextWrapper.autoBackupOnSave(backupPath: String, password: String, savedN
                        audios.map {
                            BackupFile(SUBFOLDER_AUDIOS, File(getExternalAudioDirectory(), it.name))
                        } +
-                        BackupFile(
-                            null,
-                            NotallyDatabase.getCurrentDatabaseFile(this@autoBackupOnSave),
-                        )
+                        BackupFile(null, file)
                }
            try {
                exportToZip(backupFile.uri, files, password)
@ -417,7 +414,7 @@ fun ContextWrapper.copyDatabase(): Pair<NotallyDatabase, File> {
        val cipher = getInitializedCipherForDecryption(iv = preferences.iv.value!!)
        val passphrase = cipher.doFinal(preferences.databaseEncryptionKey.value)
        val decryptedFile = File(cacheDir, DATABASE_NAME)
-        decryptDatabase(this, passphrase, decryptedFile, databaseFile)
+        decryptDatabase(this, passphrase, databaseFile, decryptedFile)
        Pair(database, decryptedFile)
    } else {
        val dbFile = File(cacheDir, DATABASE_NAME)
--- a/app/src/main/java/com/philkes/notallyx/utils/backup/ImportExtensions.kt
+++ b/app/src/main/java/com/philkes/notallyx/utils/backup/ImportExtensions.kt
@ -28,6 +28,7 @@ import com.philkes.notallyx.data.model.parseToColorString
 import com.philkes.notallyx.presentation.getQuantityString
 import com.philkes.notallyx.presentation.showToast
 import com.philkes.notallyx.presentation.viewmodel.NotallyModel.FileType
+import com.philkes.notallyx.presentation.viewmodel.preference.NotallyXPreferences
 import com.philkes.notallyx.utils.FileError
 import com.philkes.notallyx.utils.SUBFOLDER_AUDIOS
 import com.philkes.notallyx.utils.SUBFOLDER_FILES
@ -44,6 +45,8 @@ import com.philkes.notallyx.utils.log
 import com.philkes.notallyx.utils.mimeTypeToFileExtension
 import com.philkes.notallyx.utils.rename
 import com.philkes.notallyx.utils.scheduleNoteReminders
+import com.philkes.notallyx.utils.security.SQLCipherUtils
+import com.philkes.notallyx.utils.security.decryptDatabase
 import java.io.File
 import java.io.FileInputStream
 import java.io.InputStream
@ -86,12 +89,31 @@ suspend fun ContextWrapper.importZip(
                    NotallyDatabase.DATABASE_NAME,
                )

+                var dbFile = File(databaseFolder, NotallyDatabase.DATABASE_NAME)
+                val state = SQLCipherUtils.getDatabaseState(dbFile)
+                if (state == SQLCipherUtils.State.ENCRYPTED) {
+                    val fallbackEncryptionKey =
+                        NotallyXPreferences.getInstance(this@importZip)
+                            .fallbackDatabaseEncryptionKey
+                            .value
+                    if (fallbackEncryptionKey != null) {
+                        val dbFileDecrypted =
+                            File(databaseFolder, "${NotallyDatabase.DATABASE_NAME}-decrypted")
+                        decryptDatabase(
+                            this@importZip,
+                            fallbackEncryptionKey,
+                            dbFile,
+                            dbFileDecrypted,
+                        )
+                        dbFile = dbFileDecrypted
+                    } else {
+                        throw IllegalArgumentException(
+                            "Backup contains encrypted database and 'fallbackDatabaseEncryptionKey' has no value!"
+                        )
+                    }
+                }
                val database =
-                    SQLiteDatabase.openDatabase(
-                        File(databaseFolder, NotallyDatabase.DATABASE_NAME).path,
-                        null,
-                        SQLiteDatabase.OPEN_READONLY,
-                    )
+                    SQLiteDatabase.openDatabase(dbFile.path, null, SQLiteDatabase.OPEN_READONLY)

                val labelCursor = database.query("Label", null, null, null, null, null, null)
                val baseNoteCursor = database.query("BaseNote", null, null, null, null, null, null)
--- a/app/src/main/java/com/philkes/notallyx/utils/security/EncryptionUtils.kt
+++ b/app/src/main/java/com/philkes/notallyx/utils/security/EncryptionUtils.kt
@ -37,8 +37,8 @@ fun decryptDatabase(context: ContextWrapper, passphrase: ByteArray) {
 fun decryptDatabase(
    context: Context,
    passphrase: ByteArray,
-    decryptedFile: File,
    databaseFile: File,
+    decryptedFile: File,
 ) {
    val state = SQLCipherUtils.getDatabaseState(databaseFile)
    if (state == SQLCipherUtils.State.ENCRYPTED) {