diff --git a/screen_locker/_phone_verification.py b/screen_locker/_phone_verification.py index 6d5d6d2..513632f 100644 --- a/screen_locker/_phone_verification.py +++ b/screen_locker/_phone_verification.py @@ -257,16 +257,17 @@ class PhoneVerificationMixin: def _is_workout_finish_recent(self, db_path: Path) -> bool: """Check if the latest workout's finish time is recent. - A fresh workout should have finished within the last few hours. - This prevents using an old pre-prepared database dump. + A fresh workout should have finished within the last 24 hours. + This prevents using an old pre-prepared database dump while + still accepting workouts done earlier the same day. Args: db_path: Path to the locally-pulled StrongLifts database. Returns: - True if the latest finish time is within 4 hours of now. + True if the latest finish time is within 24 hours of now. """ - max_age_seconds = 4 * 3600 + max_age_seconds = 24 * 3600 try: conn = sqlite3.connect(str(db_path)) try: diff --git a/screen_locker/screen_lock.py b/screen_locker/screen_lock.py index ee605ca..adb9569 100755 --- a/screen_locker/screen_lock.py +++ b/screen_locker/screen_lock.py @@ -25,6 +25,7 @@ from python_pkg.screen_locker._constants import ( STRONGLIFTS_DB_REMOTE, ) from python_pkg.screen_locker._log_integrity import ( + _load_hmac_key, compute_entry_hmac, verify_entry_hmac, ) @@ -296,10 +297,15 @@ class ScreenLocker( entry = logs.get(today) if entry is None: return False - if not verify_entry_hmac(entry): - _logger.warning("HMAC verification failed for today's log entry") - return False - return True + if verify_entry_hmac(entry): + return True + if _load_hmac_key() is None and "hmac" not in entry: + _logger.info( + "HMAC key unavailable — accepting unsigned entry", + ) + return True + _logger.warning("HMAC verification failed for today's log entry") + return False def _load_existing_logs(self) -> dict: """Load existing workout logs from file."""