search

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud
GNU Affero General Public License v3.0
215 stars 45 forks source link

Weak (Duplicate) status remains despite appropriate cleanup #401

Closed JMLatGitHub closed 3 years ago

JMLatGitHub commented 3 years ago

System Information

Server:

 {
    "version": {
        "server": "21.0.2.1",
        "app": "2021.7.21",
        "lsr": false,
        "php": "8.0.8"
    },
    "environment": {
        "os": "Linux",
        "architecture": "x86_64",
        "bits": 64,
        "database": "mysql",
        "cron": "cron",
        "proxy": false,
        "sslProxy": true,
        "subdirectory": true
    },
    "legacyApi": {
        "enabled": 0,
        "used": false
    },
    "services": {
        "images": "imagick",
        "favicons": "bi",
        "previews": "pageres",
        "security": "bigdb+hibp",
        "words": "leipzig",
        "previewApi": false,
        "faviconApi": false
    },
    "settings": {
        "channel": "stable",
        "nightlies": false,
        "handbook": false,
        "performance": 5
    },
    "encryption": {
        "sse": {
            "SSEv1r1": false,
            "SSEv1r2": true,
            "SSEv2r1": false,
            "none": false,
            "default": "SSEv1r2"
        },
        "cse": {
            "CSEv1r1": false,
            "none": true,
            "default": "none"
        }
    }
}

Client:

 Browser and Version: Firefox V89.0.2
 Client OS and Version: Microsoft Windows 10 21H1 (OS Build 19043.1083)

Steps to reproduce

  1. Register two or more entries/accounts with a duplicate password.
  2. The status of the affected entries changes as expected to "Weak (Duplicate)". The corresponding entries are also listed under "Security" > "Weak".
  3. Clean up all duplicates till the password is unique.

Expected result

The status of the remaining entry/account with a unique password should change to "Secure".

Actual result

This record will still retain the status "Weak".

Nextcloud log

Nextcloud log ``` - Open the Nextcloud admin settings - Open the "Log" section - Click the "Copy" icon, then "Copy Raw" ```

Browser log

Browser log ``` Press F12, copy the content of the console tab ```
flo-mic commented 3 years ago

Please check the recycle bin. If the password is still in the recycle bin the password app detects it and will not update the security state.

JMLatGitHub commented 3 years ago

That was the case. Now the status has changed back to "Secure". If you know this relationship, it's OK, but this approach I do not feel very intuitive... only my two cents.

Thanks for the quick reply!

marius-wieschollek commented 3 years ago

This is the intended behavior as passwords in trash are still part of the overall database.

JMLatGitHub commented 3 years ago

Well, @marius-wieschollek, I NOW understand that relation and can perfectly deal with, no problem, but maybe you could make it more visible/transparent, e.g. on adding the corresponding trash entries somehow under "Security" > "Weak"...