Gopassbridge tries to decrypt passwords before they are chosen

[yanchenko-igor]

I am using trezor device for my PGP key, every time I click on gopassbridge icon, before choosing the password I get a PIN form which appears when gpg tries to decode my password, as a result focus moves to the PIN window and gopassbridge menu vanishes as it looses focus. I believe that it might be useful to decrypt the passwords before user requests that, but could it be possible to make that behavior optional and managed in settings?

[martinhoefling]

Ideally, you should only get a prompt if you actually requested to fill in the password or if you open the details of a password entry. The latter can cause problems with pinentry programs that steal the focus while the first one, shouldn't (see https://github.com/gopasspw/gopassbridge/blob/master/web-extension/background.js#L5).

Can you explain a bit more in detail what are the steps and at which point you get the pinentry? Gopass itself only requests the pin if you display an entry, not if you're searching right?

[yanchenko-igor]

@martinhoefling you are right, it only requests the pin when there is something in search field, the issue that that field gets filled from previous searches, so I don't have opportunity to clean the field before I get the PIN request.

[Pharb]

@yanchenko-igor As far as I understand your issue, I cannot reproduce it on Chrome 74 with gopassbridge 0.5.1 on Mac with pinentry-mac because the gopassbridge menu stays open after entering my pin. But with Firefox the popup menu closes when pinentry is opened, but the password filling still works for me there.

Can you please check if that is only a Firefox issue? Can you also please provide your browser, OS and gopassbridge versions?

This is probably related to #20?

[yanchenko-igor]

Hi @Pharb I just tried to reproduce it in Chromium and I didn't manage that, the issue is indeed Firefox related, my configuration is following: Browser Firefox Version 66.0.5 Build ID 20190507231222 User Agent Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 OS Linux 5.0.10-arch1-1-ARCH

The issue is reproducible in case:

1. Firefox Browser
2. The page where I open should include some form with recognized username or password inputs
3. Search field should contain some string (not sure if this is needed, I managed to reproduce with empty search field as well)

I am not sure that this is related to #20 because it doesn't describe that gopassbridge tries to decrypt password before it's chosen.

UPDATE: I managed to reproduce this behavior in Chromium as well, it happens if previous time I clicked on arrow-down icon, after that PIN window appears just after clicking on gopassbridge icon without choosing the password.

[martinhoefling]

Yeah, that's stored and the entry needs to be decrypted to be shown. The down arrows open the details menu. To be honest, I have no real proper solution for that chicken egg problem.

One thing we could do is to create a setting "turn on details view" or something similar, that is turned on by default. If you disable it, the three arrows aren't shown and the state is not retained. Any other ideas?

[yanchenko-igor]

Thanks @martinhoefling, that makes sense, as I understand it remembers the last open details view and keeps it open every time you open the menu. In that case I would call the option "remember last opened details view". I wouldn't face this issue if I didn't need the details view, but I don't need it to remember what I opened before. So perfect solution would be keep details view, but not remember (optionally) if the view was open before.

[martinhoefling]

Yes, but as far as I understood, you won‘t be able to. The pinentry defocus would always close the popup before you can see the entry details. In the case of inserting credentials, we defer obtaining them to a background script (we don’t care about the popup anymore).

[yanchenko-igor]

Ah, I see what you mean, maybe then it would be possible to show details view in a popup window? if that is enabled is settings.

[yanchenko-igor]

Also it would be logical to expire stored status of the details view, if for example I accessed one more then 8 hours ago it's not helpful anyway.

[Pharb]

Having a separate configuration option to turn off the persistent detail view is probably the simplest and realistic solution to your problem that can be implemented easily.

[yanchenko-igor]

I'm not sure how it helps if I need to see the details view, for example for otp codes which gopassbridge cannot fill.

[martinhoefling]

I do not see how we can make the details view working for that browser behavior. You could cache the pin for a (short) period, then a 2nd attempt would work.

[yanchenko-igor]

Yes, PIN gets cached for 10 minutes. That's the reason I'm suggesting to timeout stored state of the detailed view, same issue I assume happens with the password.

[yanchenko-igor]

Also, failed attempt to show the details view could invalidate the stored state of the details view, so it wouldn't ask password/PIN again if I refused to enter one

[martinhoefling]

@yanchenko-igor it's not clear to me how reopening can fail if your device pin is cached. Can you explain what happens with a cached pin?

[yanchenko-igor]

I am not entering the PIN when gopassbridge is trying to decrypt the wrong(or possibly wrong) item. For example: last time I used gopassbridge more than 12 hours ago, I don't remember what I opened last time or remember but it's not the same what I want to open now, when I open gopassbridge yet I get password/PIN request to decrypt something, I refuse to decrypt it because I don't want to decrypt some random password I used last time, so I press cancel, when I open menu again, I get the request again. Just to be clear about the issue: It's not about me being not able to open the menu, it's about gopassbridge trying to decrypt something I don't ask and if I refuse to decrypt then I'm not able to open the menu. What I see as a solution:

1. Gopassbridge forgets what detail view was opened last time once it opens successfully. (optional, would be logical though)
2. Gopassbridge forgets what detail view was opened if last try to open it was not successfull.
3. Gopassbridge invalidates state of the detail view after some timeout. ideally the same timeout as password/PIN cache (might be different in different environments).

[martinhoefling]

Ah, now I got it. I would prefer solution 2. here as it does not affect the happy path.