Sharing, unsharing and re-sharing is not working correctly

[gschoenberger]

Bug report

Unshared credentials cannot be shared again by Alice, moreover they are (somehow) duplicating password entries on Bob's side (cf. Screenshots).

Steps to reproduce

1. Alice unshares a credential -> this disappears correctly on Bob's (the receiver) side.

2. Alice tries to share the credential again, seems to work at first glance. If Alice wants to leave the share dialog the "this will corrupt the credential" error message appears

3. On Bob's side the credential does not appear again, but suddenly an other entry is listed twice. If Bob selects the duplicate entry both entries are highlighted as selected (they only seem to be doubled in the view):

4. Alice cannot press the "unshare" button again:

5. If Alice tries to share the credential again, the share process is listed as pending, but sharing to Bob did not work.

Expected behaviour

If Alice presses the "unshare" button at a certain credential -> the entry disappears on Bob's side If Alice presses "share" again -> Bob's side receives a notification for the shared credential In Bob's vault the shared credential should appear On both sides the share icons for the credential are update

Actual behaviour

The unshare button deletes the credential on Bob's side -> that's correct A next share of Alice leads to an incomplete share state -> a corruption error appears on Alice's side and Bob gets duplicate entries in his vault On Alice's side neither sharing nor unsharing is working anymore. On Bob's side the shared credential is not listed

Configuration

Operating system: Ubuntu 16.04 on server and client side

Browser:
Tested with Chrome Version 60.0.3112.78 (Official Build) (64-bit) and Firefox 54.0 (64-bit)

Passman version:
Version: 2.1.4

Database: MySQL 5.7.19-0ubuntu0.16.04.1

PHP version: PHP-FPM 7.0.18-0ubuntu0.16.04.1

cloud server: Nextcloud Nextcloud 12

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/48010330-sharing-unsharing-and-re-sharing-is-not-working-correctly?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github).

[brantje]

We always use Alice (owner) and Bob (share receiver), to make things clear for our self. Will update the issue to reflect Alice and Bob as soon i get time.

[gschoenberger]

I have updated the issue with Alice and Bob!

[animalillo]

Many thanks! I will try to look into this this weekend if I have time! (No promises tho)

[KB7777]

I got the same bug with AD auth:

Operating system: CentOS 7 Browser: Tested with Chrome Version 59.0.3071.115 Passman version: Version: 2.1.4 Database: 10.1.25-MariaDB PHP version: 7.1.8 from remi repo Cloud server: Nextcloud 12.0.1

[gschoenberger]

Any updates on this issue?

[animalillo]

Yes, we have tracked it down.

Seems nextcloud is refusing to save null for the shared key, which is the way we detect if it's shared or not.

I might try to fix it this weekend, I have booked some time for passman.

[gschoenberger]

Nice! Really looking forward to use passman, but sharing is essential for me. Maybe I can afford some credits to donate - I will try my best :+1:

[ScreamingDev]

Does this issue also cover that Bob is not seeing the shared password (even on first share attempt)? I mean: Alice is using "Share with users and groups" to give Bob the password but it does not pop-up in Bobs list.

I'm asking because I only see the link tab open in the screens and I currently have that issue.

[huynhcongdanh]

@ScreamingDev I dont think this issue is related. Do you have a vault created under Bob account?

@brantje / @animalillo Is there any update on this issue or some information that could help to debug? Passman is really nice. Im trying to onboard this tool for my team and ran into this issue.

After reading comment about "refuse to save null for the shared key", I thought why not creating a trigger to update the shared_key to null, but it seems to be more than that :) Look like this involve the logic of encrypt/decrypt the cred with shared_key="somestring". When unshared, the shared_key set to "", the cred seem to be re-encrypted or do something with that empty string and a simple trigger would not help :)

Anyway, I'm not familiar with the code and may take me forever to understand the whole magic. It would be great if I could get some explanation or something to start with.

Thanks very much and great works.

[mkreckovic]

Anything new about this issue? This is a huge problem, because if you unshare something you stay with a corupted password database.

[mkreckovic]

Is this project still alive?