Skip to content

refactor(auth): remove legacy plaintext token migration#3031

Open
afonsojramos wants to merge 1 commit into
mainfrom
remove-legacy-auth-token-migration
Open

refactor(auth): remove legacy plaintext token migration#3031
afonsojramos wants to merge 1 commit into
mainfrom
remove-legacy-auth-token-migration

Conversation

@afonsojramos

Copy link
Copy Markdown
Member

Summary

  • Removes the temporary plaintext → encrypted token migration that ran on startup (marked with a TODO for a future release).
  • Keeps keychain key-rotation persistence under persistRotatedAuthTokens.
  • Renames migrateLegacyAuthState to sanitiseAuthState so permanent auth sanitisation is not framed as a one-shot migration.
  • Updates startup tests: decrypt failures no longer trigger re-encryption.

Breaking change: users who still have unencrypted tokens from pre-safeStorage releases will need to re-login. Anyone who already upgraded through an encrypting release is unaffected.

Test plan

  • pnpm exec vitest run src/renderer/context/App.test.tsx (19 tests pass)
  • Manual: app with already-encrypted tokens still logs in and refreshes accounts on startup
  • Manual: keychain rotation still persists rotated ciphertext when reEncryptedToken is returned

Drop the startup path that re-encrypted plaintext tokens for pre-safeStorage
upgrades. Tokens are now expected to already be encrypted at rest; only
keychain rotation ciphertext is persisted. Users still on plaintext tokens
must re-login after this major release.
@afonsojramos afonsojramos requested a review from setchy as a code owner July 10, 2026 16:52
@github-actions github-actions Bot added the refactor Refactoring of existing feature label Jul 10, 2026
@sonarqubecloud

Copy link
Copy Markdown

@setchy

setchy commented Jul 10, 2026

Copy link
Copy Markdown
Member

Great, thanks for picking this up mate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

refactor Refactoring of existing feature

Development

Successfully merging this pull request may close these issues.

2 participants