Password stored as a plain text

[sajonCC]

Hi,

I've run in to the issue with connecting to VPN server. While trying to debug the problem, I found an issue with storing user credentials. While typing a password in Settings pop-up, in the konsole warning is displayed that password is saved as a plain text, why?

WARNING:eovpn.settings_window.py:on_password_stored:Password saved as plain text!

Below is a debug log from the start of the app.

flatpak run com.github.jkotra.eovpn --debug 10 DEBUG:eovpn.eovpn_base.py:get_setting:dark-theme True DEBUG:eovpn.eovpn_base.py:get_setting:manager openvpn3 DEBUG:eovpn.eovpn_base.py:get_setting:layout card-h DEBUG:eovpn.eovpn_base.py:get_setting:show-flag False DEBUG:eovpn.eovpn_base.py:get_setting:layout card-h DEBUG:eovpn.eovpn_base.py:get_setting:last-connected-cursor -1 DEBUG:eovpn.eovpn_base.py:get_setting:req-auth False DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = fl | v = 73f495 DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = h | v = 104.16.123.96 DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = ip | v = 178.43.8.85 DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = ts | v = 1706601536.756 DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = visit_scheme | v = http DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = uag | v = Python-urllib/3.10 DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = colo | v = WAW DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = sliver | v = none DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = http | v = http/1.1 DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = loc | v = PL DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = tls | v = off DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = sni | v = off DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = warp | v = off DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = gateway | v = off DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = rbi | v = off DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = kex | v = none DEBUG:eovpn.eovpn_base.py:get_setting:ca None INFO:eovpn.connection_manager.py:connect:config path: b'/net/openvpn/v3/configuration/3f8f7caexbc57x4a79x9132x201ade71fea7' INFO:eovpn.connection_manager.py:connect:session path: b'/net/openvpn/v3/sessions/10802cb3s6d6as4594s8785s1d6981ecf05f' DEBUG:eovpn.backend.openvpn3.dbus.py:sub_callback:StatusMajor.CONNECTION(2) StatusMinor.CFG_REQUIRE_USER(4) Username/password credentials needed DEBUG:eovpn.eovpn_base.py:get_setting:auth-user None ERROR:eovpn.main_window.py:on_connection_event:Username/password credentials needed DEBUG:eovpn.eovpn_base.py:get_setting:notifications True (eovpn:2): libnotify-WARNING **: 08:58:58.229: Running in confined mode, using Portal notifications. Some features and hints won't be supported DEBUG:eovpn.eovpn_base.py:get_setting:remote /run/user/1000/doc/6b8a7bce/CC-VPN.zip DEBUG:eovpn.eovpn_base.py:get_setting:req-auth False DEBUG:eovpn.eovpn_base.py:get_setting:auth-user None DEBUG:eovpn.eovpn_base.py:get_setting:auth-user None DEBUG:eovpn.eovpn_base.py:get_setting:ca None DEBUG:eovpn.eovpn_base.py:get_setting:notifications True DEBUG:eovpn.eovpn_base.py:get_setting:show-flag False DEBUG:eovpn.eovpn_base.py:get_setting:dark-theme True DEBUG:eovpn.eovpn_base.py:get_setting:manager openvpn3 DEBUG:eovpn.eovpn_base.py:get_setting:manager openvpn3 DEBUG:eovpn.eovpn_base.py:set_setting:req-auth true DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 's' DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'sa' DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'saj' DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'sajo' DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'sajon' DEBUG:eovpn.eovpn_base.py:get_setting:auth-user sajon DEBUG:eovpn.eovpn_base.py:set_setting:auth-pass '#' WARNING:eovpn.settings_window.py:on_password_stored:Password saved as plain text!

I'm on Kubuntu 22.04. When trying your app in the other linux distro in the VM, all is working fine. What am I missing?

Thank you very much for your support.

[jkotra]

https://github.com/jkotra/eOVPN/blob/1558afb2da86b217f492307c28510d308631cf79/eovpn/settings_window.py#L370-L376

eOVPN uses secrets library to store password. If an exception is raised in this process, application falls back to plain text. This was initially introduced as a workaround to support older LTS (currently EOL) editions of ubuntu.

You have investigate why secrets API is not working as expected in your distribution.

There's a case to improve logging here, tell user about the details of exception. I will do that in next release. Thanks.