Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New entries can be discarded if user only presses Apply #2191

Closed
wgreenberg opened this issue Aug 8, 2018 · 5 comments
Closed

New entries can be discarded if user only presses Apply #2191

wgreenberg opened this issue Aug 8, 2018 · 5 comments
Assignees
@droidmonkey
Labels
high priority 🚨
Milestone
v2.5.0

Comments

@wgreenberg
Copy link

(using KeepassXC 2.3.3)

Clicking Apply (but not Ok) on a new entry can lead to data loss in some circumstances. For example, if a user is creating a new entry and only presses Apply, they can exit keepass without a modal asking them to save. When the user relaunches keepass, the entry will be gone.

Similarly, if a user creates a new entry and only Applys it, the inactivity lock can come up without a warning modal and cause the entry to be lost.

Expected Behavior

The modals for preventing loss of unsaved data should come up when an entry has only been Applyd.

Current Behavior

A new entry which has been Applyd will not prompt the warning modals when exiting keepass or when the database is locked.

Steps to Reproduce (for bugs)

  1. Create new entry w/ some contents
  2. Press Apply (but not Ok)
  3. Exit keepass (note that no warning modal appears)
  4. Re-open keepass, note that the entry is gone

OR

  1. Set an inactivity timeout
  2. Create new entry w/ some contents
  3. Press Apply (but not Ok)
  4. Wait for timeout to lock the database
  5. Unlock database, note that the entry is gone

Context

I've lost irrecoverable credentials due to an inactivity lock screen. Clicking Apply displays a nice green alert saying "Entry successfully updated", which gave me a false sense of security about my data.

Debug Info

KeePassXC - Version 2.3.3
Revision: 0a155d8

Libraries:
- Qt 5.9.1
- libgcrypt 1.7.8

Operating system: Ubuntu 17.10
CPU architecture: x86_64
Kernel: linux 4.13.0-46-generic

Enabled extensions:
- Auto-Type
- Browser Integration
- Legacy Browser Integration (KeePassHTTP)
- SSH Agent
- YubiKey
@droidmonkey
Copy link
Member

oh wow good catch, this is a big deal.

@droidmonkey droidmonkey self-assigned this Aug 8, 2018
@droidmonkey droidmonkey added this to the v2.3.4 milestone Aug 8, 2018
@droidmonkey
Copy link
Member

droidmonkey commented Aug 12, 2018
edited
Loading

After debugging this it looks like it cannot be fixed without a major refactor. Basically the changes are not notified up the chain to the database because the new entry is not added to the current group until AFTER the EditEntryWidget is closed by the DatabaseWidget. Further, the actual group the entry should belong to is not given to the EditEntryWidget so it can do that job instead (hence the refactor).

I think disabling the apply button in 2.3.4 for new entries is an acceptable option and does not require a refactor. Any thoughts?

@TheZ3ro
Copy link
Contributor

TheZ3ro commented Aug 13, 2018

We had many issue with it, what about removing it entirely?

Anyway I agree we should disable it in the meantime

@droidmonkey
Copy link
Member

droidmonkey commented Aug 13, 2018
edited
Loading

I am going to use this issue to springboard into a refactor of the open/edit/save process for entries and groups in 2.4. The whole chain is very fragile and based on timed/hidden signal/slot calls. Even trying to debug this issue itself took over 2 hours of finding the right place to put the breakpoint because nothing at all is linear about this process, it's also spread across 5 different source files.

@droidmonkey droidmonkey mentioned this issue Aug 15, 2018
Merged
@droidmonkey droidmonkey modified the milestones: v2.3.4, v2.4.0 Sep 1, 2018
@hifi
Copy link
Member

hifi commented Sep 7, 2018

Even when it's obvious, I'll just add that lock on lid close / suspend can also trigger this or just manually locking a database while the dialog is open (like Ctrl-L).

Guess who just lost a newly created password when my system automatically suspended on low battery 😉

@droidmonkey droidmonkey modified the milestones: v2.4.0, v2.5.0 Jan 21, 2019
droidmonkey added a commit that referenced this issue Apr 7, 2019
@droidmonkey
Correct issues with apply button
a702aa3 
* Don't show apply button when creating new entries or groups (Fix #2191)
* Don't mark entry/group as dirty when first creating a new one (prevents unnecessary discard dialog on cancel)
* Properly enable/disable apply button when changes are made to entries and groups
* Don't show discard change warning when locking database unless their are actual changes made

NOTE: Extra pages in the group edit widget are not watched for changes yet. Requires a major refactor.
@droidmonkey droidmonkey mentioned this issue Apr 7, 2019
Merged
droidmonkey added a commit that referenced this issue Apr 7, 2019
@droidmonkey
Correct issues with apply button
3839449 
* Don't show apply button when creating new entries or groups (Fix #2191)
* Don't mark entry/group as dirty when first creating a new one (prevents unnecessary discard dialog on cancel)
* Properly enable/disable apply button when changes are made to entries and groups
* Don't show discard change warning when locking database unless their are actual changes made

NOTE: Extra pages in the group edit widget are not watched for changes yet. Requires a major refactor.
droidmonkey added a commit that referenced this issue Apr 7, 2019
@droidmonkey
Correct issues with apply button
b349dd0 
* Don't show apply button when creating new entries or groups (Fix #2191)
* Don't mark entry/group as dirty when first creating a new one (prevents unnecessary discard dialog on cancel)
* Properly enable/disable apply button when changes are made to entries and groups
* Don't show discard change warning when locking database unless their are actual changes made

NOTE: Extra pages in the group edit widget are not watched for changes yet. Requires a major refactor.
droidmonkey added a commit that referenced this issue Apr 7, 2019
@droidmonkey
Correct issues with apply button
0c5f802 
* Don't show apply button when creating new entries or groups (Fix #2191)
* Don't mark entry/group as dirty when first creating a new one (prevents unnecessary discard dialog on cancel)
* Properly enable/disable apply button when changes are made to entries and groups
* Don't show discard change warning when locking database unless their are actual changes made

NOTE: Extra pages in the group edit widget are not watched for changes yet. Requires a major refactor.
@samiraguiar samiraguiar mentioned this issue Jun 26, 2019
Closed
@droidmonkey droidmonkey mentioned this issue Jul 3, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@droidmonkey droidmonkey

Labels
high priority 🚨
Projects
None yet
Milestone
v2.5.0
Development

No branches or pull requests
4 participants
@hifi @wgreenberg @TheZ3ro @droidmonkey