public/unlock-store: idempotent call for passphrases

This allows the user to call it even after the store has been unlock in
order to get the admin token.

cmd/dkl-local-server/ws-public.go

@@ -12,6 +12,7 @@ import (
 
 	restful "github.com/emicklei/go-restful"
 	"m.cluseau.fr/go/httperr"
+	"novit.tech/direktil/local-server/secretstore"
 )
 
 type NamedPassphrase struct {
@@ -27,6 +28,8 @@ func wsUnlockStore(req *restful.Request, resp *restful.Response) {
 		return
 	}
 
+	defer secretstore.Memzero(np.Passphrase)
+
 	if secStore.IsNew() {
 		if len(np.Name) == 0 {
 			wsBadRequest(resp, "no name given")
@@ -39,6 +42,15 @@ func wsUnlockStore(req *restful.Request, resp *restful.Response) {
 		return
 	}
 
+	if secStore.Unlocked() {
+		if secStore.HasKey(np.Passphrase) {
+			resp.WriteEntity(adminToken)
+		} else {
+			wsError(resp, ErrUnauthorized)
+		}
+		return
+	}
+
 	if err := unlockSecretStore(np.Name, np.Passphrase); err.Any() {
 		err.WriteJSON(resp.ResponseWriter)
 		return