PR3487 unattended settings export (final)

[vanelsberg]

This PR enables unattended exports
(see also issue ##3296)

Functional short description:

The master password should be entered as usual when manually exporting settings from the AAPS maintenance menu.
When the "unattended exports" option is enabled in maintenance preferences the password entered is encrypted and securely stored on the user's phone (not in AAPS).

Subsequent exports will no longer require the user to enter the master password until it expires or is reset.

• A new Pod Activation automation is added for automating settings export.
• A new Trigger is added for triggering an action on Pod Activation

When active, the new "Export settings" automation will alert in AAPS overview on exporting and (when relevant) not being enabled or password expiry. The user can (grace period) or is required (expired) to reenter the password executing a manual export.

Choice:

User has a choice to enable/disable unattended exports through the maintenance settings.
When disabled, no password is stored and unattended exports are unavailable.

When enabled:

Password will be securely stored encrypted on the local phone's Android DataStore (1).
Encryption key needed for decrypting is generated and protected by the local phone's Android KeyStore (2).
To ensure user needs to "maintain" the master password it will expire after 4 weeks with a grace periode of 1 week (non-configurable)
Stored password will be removed on changing the master password or AAPS password reset.
Importing setting or other functionality that needs entering the master password/PIN/Biometrics are not affected.

Ad1) Android DataStore:
This system provides a robust and flexible way of storing key-value pairs on the phones storage.

Ad2) Android Keystore:
This system allows to store cryptographic keys in a secure container, making them difficult to extract from the device.

Testing:

• Password expiry/grace period (it is set fixed at 4 weeks+1 week grace):
  For testing purposes, placing a semaphore file named DebugUnattendedExport (no extension!) will set expiry to 1 day with a grace periode of 1 day.

[vanelsberg]

@MilosKozak
This PR3487 replaces PR 3463

To dev's that would like to test, please do (thanks!):
I think this could be the "final" PR, ready for "field testing" finding possible bugs?

[MilosKozak]

I found only one thing to consider. Assume automatic export on child's phone. The child will ignore the warning regarding re-entering the password (own experience). Backup will stop work without parent's knowledge.
In this case i'd create "Announcement" (rather than "Settings export") event because it pop-ups in NS as notification.

[vanelsberg]

child's phone.

Done!

(B.t.w: main reason for the Settings export event is because Pod Chance automation triggers when latest Cannula change event is newer then latest Settingsexport event)

[vanelsberg]

Password expiry/grace period (it is set fixed at 4 weeks+1 week grace):

For testing purposes, placing a semaphore file named DebugUnattendedExport (no extension!) will set expiry to 1 day with a grace periode of 1 day.

[sonarqubecloud]

Quality Gate failed

Failed conditions
B Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

[vanelsberg]

Fixed build: rebase on current dev commit#c12639b7 + fix .toml dependencies)

[WesSec]

@vanelsberg

Error found on in logcat, i recently switched back from AIMI to dev. the key was likely still stored somewhere and not deleted upon deletion of the AIMI branch. If i understand the error correctly: I suggest checking if the key already exists before storing it.

2024-11-26 08:48:29.681 28698-28698 PreferenceGroup info.nightscout.androidaps E Found duplicated key: "enable_unattended_export". This can cause unintended behaviour, please use unique keys for every preference.

[vanelsberg]

... duplicated key: "enable_unattended_export".

Thanks! Will check on this.

[MilosKozak]

fixed in 2d0944a