passman icon indicating copy to clipboard operation
passman copied to clipboard
verified publisher icon nextcloud

Sharing, unsharing and re-sharing is not working correctly

Open gschoenberger opened this issue 8 years ago • 11 comments

Bug report

Unshared credentials cannot be shared again by Alice, moreover they are (somehow) duplicating password entries on Bob's side (cf. Screenshots).

Steps to reproduce

  1. Alice unshares a credential -> this disappears correctly on Bob's (the receiver) side. image image

  2. Alice tries to share the credential again, seems to work at first glance. If Alice wants to leave the share dialog the "this will corrupt the credential" error message appears image image

  3. On Bob's side the credential does not appear again, but suddenly an other entry is listed twice. If Bob selects the duplicate entry both entries are highlighted as selected (they only seem to be doubled in the view): image

  4. Alice cannot press the "unshare" button again: image

  5. If Alice tries to share the credential again, the share process is listed as pending, but sharing to Bob did not work. image

Expected behaviour

If Alice presses the "unshare" button at a certain credential -> the entry disappears on Bob's side If Alice presses "share" again -> Bob's side receives a notification for the shared credential In Bob's vault the shared credential should appear On both sides the share icons for the credential are update

Actual behaviour

The unshare button deletes the credential on Bob's side -> that's correct A next share of Alice leads to an incomplete share state -> a corruption error appears on Alice's side and Bob gets duplicate entries in his vault On Alice's side neither sharing nor unsharing is working anymore. On Bob's side the shared credential is not listed

Configuration

Operating system: Ubuntu 16.04 on server and client side

Browser:
Tested with Chrome Version 60.0.3112.78 (Official Build) (64-bit) and Firefox 54.0 (64-bit)

Passman version:
Version: 2.1.4

Database: MySQL 5.7.19-0ubuntu0.16.04.1

PHP version: PHP-FPM 7.0.18-0ubuntu0.16.04.1

cloud server: Nextcloud Nextcloud 12

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

gschoenberger avatar Aug 07 '17 13:08 gschoenberger

We always use Alice (owner) and Bob (share receiver), to make things clear for our self. Will update the issue to reflect Alice and Bob as soon i get time.

brantje avatar Aug 08 '17 15:08 brantje

I have updated the issue with Alice and Bob!

gschoenberger avatar Aug 09 '17 06:08 gschoenberger

Many thanks! I will try to look into this this weekend if I have time! (No promises tho)

animalillo avatar Aug 09 '17 06:08 animalillo

I got the same bug with AD auth:

Operating system: CentOS 7 Browser: Tested with Chrome Version 59.0.3071.115 Passman version: Version: 2.1.4 Database: 10.1.25-MariaDB PHP version: 7.1.8 from remi repo Cloud server: Nextcloud 12.0.1

KB7777 avatar Aug 09 '17 09:08 KB7777

Any updates on this issue?

gschoenberger avatar Aug 30 '17 07:08 gschoenberger

Yes, we have tracked it down.

Seems nextcloud is refusing to save null for the shared key, which is the way we detect if it's shared or not.

I might try to fix it this weekend, I have booked some time for passman.

animalillo avatar Aug 30 '17 07:08 animalillo

Nice! Really looking forward to use passman, but sharing is essential for me. Maybe I can afford some credits to donate - I will try my best :+1:

gschoenberger avatar Aug 30 '17 09:08 gschoenberger

Does this issue also cover that Bob is not seeing the shared password (even on first share attempt)? I mean: Alice is using "Share with users and groups" to give Bob the password but it does not pop-up in Bobs list.

I'm asking because I only see the link tab open in the screens and I currently have that issue.

ScreamingDev avatar Nov 02 '17 22:11 ScreamingDev

@ScreamingDev I dont think this issue is related. Do you have a vault created under Bob account?

@brantje / @animalillo Is there any update on this issue or some information that could help to debug? Passman is really nice. Im trying to onboard this tool for my team and ran into this issue.

After reading comment about "refuse to save null for the shared key", I thought why not creating a trigger to update the shared_key to null, but it seems to be more than that :) Look like this involve the logic of encrypt/decrypt the cred with shared_key="somestring". When unshared, the shared_key set to "", the cred seem to be re-encrypted or do something with that empty string and a simple trigger would not help :)

Anyway, I'm not familiar with the code and may take me forever to understand the whole magic. It would be great if I could get some explanation or something to start with.

Thanks very much and great works.

huynhcongdanh avatar Jan 05 '18 00:01 huynhcongdanh

Anything new about this issue? This is a huge problem, because if you unshare something you stay with a corupted password database.

mkreckovic avatar May 25 '18 10:05 mkreckovic

Is this project still alive?

mkreckovic avatar Jul 27 '18 11:07 mkreckovic