Link "Or switch to another account." leads to a recovery page instead of login page for another user

passbolt / passbolt_api

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

GNU Affero General Public License v3.0

4.63k stars 306 forks source link

Passbolt Version:

sudo bin/cake passbolt version

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__  |__  ) /_/ / /_/ / / /
/_/    \__,_/____/____/_.___/\____/_/\__/

Open source password manager for teams
-------------------------------------------------------------------------------
Passbolt CE 3.5.0
Cakephp 4.2.9

Platform and Target: -- Operating system:

$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

-- PHP:

$ php --version
PHP 7.4.28 (cli) (built: Feb 17 2022 16:17:19) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.28, Copyright (c), by Zend Technologies

-- Web server:

$ sudo nginx -v
nginx version: nginx/1.18.0

-- Database server:

$ mysql --version
mysql  Ver 15.1 Distrib 10.5.15-MariaDB, for debian-linux-gnu (x86_64) using  EditLine wrapper

-- etc.: I'm using Passbolt CE AWS package

What you did

When logging in on page /auth/login?locale=en-UK as a user I previously created, I clicked "Or switch to another account"

What happened

I got to a user recovery page /users/recover?locale=en-UK

What you expected to happen

I expected to get to a login page for another user. I need to access passbolt as various users and don't expect to recover accounts whenever I want to switch users. If that's the intended behavior for some reason, maybe explain it on the recovery page? I'm really confused about why I can't just switch between users by logging out and entering credentials for another user.

Hi @gvlasov 👋

Displaying the recovery page while clicking on "Or switch to another account" is the expected behavior.

As you may know, passbolt uses a PGP key pair to handle password encryption. Passwords are encrypted with the public PGP key, and you need a private key to be able to decrypt them. You can know more on this FAQ page: https://help.passbolt.com/faq/discover/how-does-it-work

While configuring the passbolt extension, you are asked for your private key who will be stored on the browser extension local storage. When you log in to passbolt through the extension, you are not connecting yourself to the passbolt API server, but you unlock your private key.

The passbolt browser extension currently support only one passbolt account (aka one private key stored in the browser local storage). That's why you are redirected to a user recovery page.

It is in our backlog to support multiple accounts, but we don't have any ETA for now. I can propose you a workaround: you can in your browser configure multiple profile, with one passbolt account per profile.

Don't hesitate if you have further questions.

Additional resources:

Best regards,

passbolt / passbolt_api