KeePassium cannot reference a file over Apple Files app

[Slug-V]

Expected behaviour

KeePassium, an iOS App for KeePass, can use any KeePass2.x-Database file over Apple Files app. Nextcloud also can be used by KeePassium.

Actual behaviour

Files linked to KeePassium remain available only for several minutes. (mostly, but few times alive 2days) After that, any attempt to access the linked file results "The file doesn't exist." error.

Steps to reproduce

1. prepare Nextcloud server and iOS App, and install KeePassium.
2. enable Nextcloud in Apple Files app and settle your kdbx.
3. open KeePassium and select the kdbx in Nextcloud App.
4. confirm you can use the kdbx.
5. close KeePassium, and wait several minutes.
6. reopen KeePassium or call KeePassium from iOS Password Manager API.
7. cannot use the kdbx and get "The file doesn’t exist."(Code=-1005) error.

Reasoning or why should it be changed/implemented?

Why this issue isn't KeePassium's issue?

First, I wrote this in KeePassium's tracker. Then @keepassium pointed out barely invalid server response, and told me that Failing to avoid this (server-side) problem is Nextcloud-iOS's issue.

After this conversation, I copied my kdbx into my Dropbox. There was no issue like this in Dropbox iOS App. Next, I attempted reproducing this WebDAV response using curl but got a perfect response. Considering both, I guess this issue related to Nextcloud iOS App.

iOS version

iOS 13.7 in iPhone X

App version

3.0.8(and few previous version)

Server configuration

Operating system: Gentoo Linux

• sys-apps/baselayout 2.7
• kernel(sys-kernel/gentoo-sources) 5.4.66
• sys-apps/systemd 245.7-r1

Web server: www-servers/h2o 2.2.6 with dev-libs/libressl 3.1.4

Database: dev-db/mariadb 10.4.13-r2

PHP version: dev-lang/php 7.4.9

Nextcloud version: 19.0.3

[patdavid]

Just to add to this, the problem persists in iOS 14 as well:

Client

• iOS 14.0.1
• Nextcloud Coherence for iOS 3.0.8.0

Server

• Nextcloud Server 19.0.3
• Apache/2.4.41 (Ubuntu)
• PHP 7.4.9 (fpm-fcgi)
• Redis server v=5.0.7
• Mysql Ver 8.0.21-0ubuntu0.20.04.4

This setup (keepassium + nextcloud synced key file) had been working for me very well for quit some time. It is only relatively recently that this problem has started happening.
I am not 100% sure when I first noticed it, as I don't use my password manager daily, but it seems like it was around 3-4 months back?

It's terribly frustrating. If there's something more I can do to help move the resolution forward please let me know.

[patdavid]

I just tested this on a second, fresh install of Nextcloud 19.0.3 on a new server and location.

Same result. :(

[Slug-V]

I confirmed that Strongbox has the same trouble.

[JAKuhr]

I can confirm the issue. As pointed out in the FAQ of KeePassium regarding the syncronization with Nextcloud/iOS [1] this might be related to following issues:

https://github.com/nextcloud/ios/issues/649 https://github.com/nextcloud/ios/issues/372

[1] https://keepassium.com/articles/sync-ios-keepass-with-nextcloud/

[Slug-V]

Seems disappeared in iOS 14.2. I'll close this issue for several days(if there're no new comments).

[patdavid]

@Slug-V agreed. This seems to have resolved somewhere recently.

[loeffelpan]

I‘m facing this again using iOS 14.2. On every change on my db-file (located on nextcloud) connection to keepassium via files app is lost. „Recent“ tab in files app shows a new file with another timestamp and same name on any change.

Anyone else? Someone to help?

[Slug-V]

I checked in iOS14.3/iPhone X, but it didn't reproduce.

1. confirm both apps are the latest in App Store(Nextcloud 3.2.0 & KeePassium 1.20).
2. change something in my kdbx via KeePassXC on macOS.(then the kdbx is auto-overwrote: Safely save checkbox is ON)
3. confirm overwrote in Nextcloud client for macOS.
4. open Nextcloud iOS App and confirm overwrote.
5. open KeePassium.
6. watch the list and you'll see the app changing timestamp.
7. no duplication, and you can use Face ID(if Pro).

Files app also had no problem.

@loeffelpan Files App behavior is changed in iOS14.1&earlier, 14.2, 14.3 I saw, respectively. Would you update your iPhone to iOS14.3 and try it again? and...I didn't saw the "Recent spam" with this issue. So, it's needed a new issue I think if it still happend in iOS14.3.

[loeffelpan]

Thats kind of strange. I updated everything (iOS and Nextcloud) to most recent version as you mentioned. Safely save is on, but doesn‘t matter if off.

• Made some changes with KeePassXC on Windows.
• Nextcloud Webinterface shows new timestamp
• Nextcloud App on iOS shows new timestamp
• Files App on iOS shows old and new file!!!
• KeePassium breaks (obviously)

How could that work for you? Any idea before I start a new issue?

[Slug-V]

Thank you for your action, and I'm sorry this didn't help you. I think it OK to start a new issue, but needed active collaborators' opinion because I'm just a novice.

I didn't check on Files App in iOS14.1, 14.2. And no any dups now(iOS14.3). @patdavid How about yours?

[Slug-V]

Recently I noticed that the original KeePass's direct WebDAV connect feature still occurs this behavior. But I don't think this is an issue.

When KeePass overwrite example.kdbx, KeePass takes the following sequence:

1. make example.kdbx.tmp as a new file
2. remove original example.kdbx
3. rename example.kdbx.tmp to example.kdbx
4. Then, Nextcloud-iOS removes the example.kdbx cache, because "it was removed".

So, the two example.kdbx are completely different from the filesystem.

What I think about this behavior: This is not a bug for any apps. To solve this, needed a Request-For-Enhancement to KeePassium.

[loeffelpan]

@Slug-V I would agree, but what about other WebDav App with Files integration? I use Boxcryptor as a workaround (due to suggestion in KeePassiums FAQ) as another WebDAV app for the same Nextcloud instance and don‘t face this issue.

Do you really think Nextcloud on iOS has not an issue? I‘ll let #1538 open to solve this.

[keepassium]

@Slug-V , KeePass uses this multi-stage saving process by default, but it can also write directly in the original file. Try to disable the "Use file transactions for writing databases" option in Tools → Options → tab Advanced.

[Slug-V]

@keepassium Thank you very much. This solved me.

Try to disable the "Use file transactions for writing databases" option in Tools → Options → tab Advanced.

I tried this and I confirmed that KeePass doesn't make example.kdbx.tmp, Activity App on Nextcloud logs "Updated example.kdbx" instead of issuecomment-791210622's 3-stage transaction, and then KeePassium correctly tracked example.kdbx.

@loeffelpan Thank you, but I won't tell Boxcryptor my personal domain because it requires an account on their server. ...today, I opened the account creation webpage, but I abandoned it again because they want my real name.

The origin of this problem is the over-strict file integrity check of iOS's filesystem, or original KeePass relies on the over-lazy file detection (just checking filename) of Windows, I think. So technologically appropriate adoption is "Apple makes a lazy-check option in Files API and KeePassium uses it", but we can't hope Apple to implement such (insecure)API.

The second solution is that if KeePassium cannot reference directly the kdbx, KeePassium re-access databases' path and detect same-filename kdbx, and load it or make a prompt such as "There is no database, but there is a database which has the same filename. Would you use this database?". This is what I thought of as "RFE".

note: KeePassXC's "Safely save database files (may be incompatible with Dropbox, etc)" preference didn't make this 3-stage log on Nextcloud Activity. I have no clue why this difference exists.

[loeffelpan]

note: KeePassXC's "Safely save database files (may be incompatible with Dropbox, etc)" preference didn't make this 3-stage log on Nextcloud Activity. I have no clue why this difference exists.

The developer of KeePassXC explains this here. https://github.com/keepassxreboot/keepassxc/issues/6112#issuecomment-778769254 This is therefore not the same option as the one you mentioned in KeePass.

@Slug-V This cannot be due to apples file pointers in files app. Using another app like boxcrytor (via files app) and the issue does not appear.

@keepassium What about that idea mentioned here, to ask when there is a file with same name?

As another solution I would make an feature request to KeePassXC and ask for implementation of that option like the original KeePass Client.

[keepassium]

The second solution is that if KeePassium cannot reference directly the kdbx, KeePassium re-access databases' path and detect same-filename kdbx, and load it or make a prompt such as "There is no database, but there is a database which has the same filename. Would you use this database?".

Unfortunately, this would not be possible technically. iOS apps cannot access arbitrary paths in other apps; there is only a (strictly-controlled) way to access specific files manually selected by the user. When the user selects the file in the standard file picker dialog, the user implicitly tells the system that KeePassium is allowed to access that selected file (and that file only).

KeePassium's reference to the selected file is not path-based, it is usually ID-based. This way, the app cannot explore which folder the file is in, what files are there, and generally not even which cloud hosts the file (although I found a loophole for the latter). The file ID is interpreted by the file provider app. Some file providers internally map the ID to the full file name — so they don't care if the file was recreated (e.g. Boxcryptor). Others use the ID directly — so they would return that the file was deleted (not sure about NextCloud, but definitely iCloud Drive and pCloud).

So the best I can do here is to show a popup "The database is no longer available. Please select it again, so KeePassium can access the file." and then show the standard file selection dialog again...

[loeffelpan]

This would help anyway. It would be nice to keep master key (assuming it is the same database). Easier as for now (reopen, select keyfile, type db-password).

But I don’t get how this could work with other apps e. g. Boxcryptor. Reference for KeePass is an ID, too. And KeePass or KeePassXC are writing to a new file, too. Why does the reference breaks with nextcloud integration in files app, and not with Boxcryptor Integration?

[Slug-V]

@loeffelpan OK, I got a local account. The result is here.

PC: Windows 10 Pro Insider(Dev channel) Build 21332 Synced via: Nextcloud client for Windows 3.1.3 device: iPhone X iOS: 14.4

KeePassXC 2.6.4(safely save:ON)

• Nextcloud-iOS: OK
• Boxcryptor: OK

KeePass 2.47(file transaction:ON)

• Nextcloud-iOS: blocked and reloading makes a dup
• Boxcryptor: OK

KeePass 2.47(file transaction:OFF)

• Nextcloud-iOS: OK(for this time: sometime I face unstability)
• Boxcryptor: OK

@keepassium Thank you for the definite answer.

The file ID is interpreted by the file provider app. Some file providers internally map the ID to the full file name — so they don't care if the file was recreated (e.g. Boxcryptor).

I confirmed this is true. The second solution is also unrealizable(Sure we know the reload-requesting prompt is already implemented in current KeePassium)...too bad.

And there is the third solution: Nextcloud-iOS copy this behavior as an option. But I don't think that implementing this is important(nor attractive) for this app, so I won't reopen this issue or make a new issue.

[DaDummy]

I am facing the original problem this issue was about with iOS 15.5.

Any chance that something you did while debugging/analyzing the issue made it disappear?

[DaDummy]

nvm looks like the issue was that I thought "Integration in "Dateien"-App von iOS d..." meant to turn on integration for the files app, while it really did disable that very integration.

Where whould I file such a localization issue?

[zeratax]

I am sorry if I missed something in this thread, but it seems like this issue still persists? I definitely still seem to have this as long as I haven’t used the nextcloud app recently.

[keepassium]

@zeratax , I have recently added in-app WebDAV support to KeePassium. So now there is an alternative (an arguably more stable) approach to sync with Nextcloud server (without Nextcloud's iOS app).

[zeratax]

@keepassium the past week worked flawlessly with this! thank you!