search

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud
GNU Affero General Public License v3.0
215 stars 45 forks source link

Shared password not updating #449

Closed nooblag closed 2 years ago

nooblag commented 3 years ago

System Information

Server:

{
    "version": {
        "server": "22.2.0.2",
        "app": "2021.10.20",
        "lsr": false,
        "php": "8.0.11"
    },
    "environment": {
        "os": "Linux",
        "architecture": "x86_64",
        "bits": 64,
        "database": "pgsql",
        "cron": "cron",
        "proxy": false,
        "sslProxy": true,
        "subdirectory": false
    },
    "legacyApi": {
        "enabled": 0,
        "used": false
    },
    "services": {
        "images": "imagick",
        "favicons": "local",
        "previews": "screeenly",
        "security": "hibp",
        "words": "local",
        "previewApi": true,
        "faviconApi": false
    },
    "settings": {
        "channel": "stable",
        "nightlies": false,
        "handbook": false,
        "performance": 5
    },
    "encryption": {
        "sse": {
            "SSEv1r1": false,
            "SSEv1r2": true,
            "SSEv2r1": false,
            "none": false,
            "default": "SSEv1r2"
        },
        "cse": {
            "CSEv1r1": false,
            "none": true,
            "default": "none"
        }
    }
}

Client:

 Browser and Version: Firefox 93.0
 Client OS and Version: Ubuntu 20

Steps to reproduce

  1. Share a password with another user
  2. Other user changes the password
  3. Password and metadata is not updated for original user

Expected result

Any changes to the password share are reflected for all shared users

Actual result

Password and metadata is not updated

Video Recording GIF of behaviour https://ibb.co/bXs4YWM

Nextcloud log

Nextcloud log ``` N/A ```

Browser log

Browser log ``` N/A ```
marius-wieschollek commented 3 years ago

https://git.mdns.eu/nextcloud/passwords/wikis/Users/F.A.Q#sharing

nooblag commented 3 years ago

Thank you for that, but continuing with example data provided above, looks like this is not happening for me. It's been 3 hours and the password hasn't updated for the original user.

Test user (original) aCapture

Test2 user (share) Capture

Still no logs. /var/log/nginx/error.log is empty, no browser console logs, etc.

How can I check this 'privileged automated process on the server' is working?

nooblag commented 3 years ago

I can somewhat also replicate this issue on production server. User 1 created password on 25th September at 5:31 PM and shared it with User 2. User 2 changes the password on 19th October at 8:07 PM and User 2 also changes it just now, I wait ~30 minutes, login as User 1 the password is updated but the metadata is still incorrect.

User 1 (original) user1

User 2 (share) user2

Something isn't working correctly on both servers?

nooblag commented 3 years ago

2nd, more fresh example on production:

User 1 creates password at 2:38 AM, shares it with User 2. User 2 logs in, changes it at 2:42 AM. As of 3:00 AM, password has updated for User 1 but the last updated time is incorrect:

User 2 (share) user2-1

User 1 (original), 16 minutes later user1-1

marius-wieschollek commented 3 years ago

i can confirm that the edited time is not updated correctly

nooblag commented 2 years ago

Nice work 👍