Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change password #303

Open
dtu-compute opened this issue Jun 13, 2019 · 27 comments · May be fixed by #1659
Open

Change password #303

dtu-compute opened this issue Jun 13, 2019 · 27 comments · May be fixed by #1659
Assignees
Labels
good first issue Simple change to start learning code base help wanted This issue is available, comment if you want to fix it type:enhancement Improvement of an existing function type:feature New functionality

Comments

@dtu-compute
Copy link

Is your feature request related to a problem? Please describe.
A way to change the password I provided when the repo were created.

Describe the solution you'd like
A text field with password just like the other init parameters.

@Hofer-Julian
Copy link
Collaborator

Sounds reasonable and shouldn't be too hard to provide with https://borgbackup.readthedocs.io/en/stable/usage/key.html#borg-key-change-passphrase

@Hofer-Julian Hofer-Julian added good first issue Simple change to start learning code base help wanted This issue is available, comment if you want to fix it type:feature New functionality labels Jun 14, 2019
@vapaavetehinen
Copy link
Contributor

vapaavetehinen commented May 31, 2020

vorta_screenshot

What do people think about something like this for the UI? I'd appreciate some input to refine this or brainstorm something else. The issue that come to mind with this is that it might be a little confusing to have a button next to encryption that only changes the passphrase and doesn't change the encryption type. It would also benefit from adding a title above the fields like "Change Passphrase" and from some sort of UI element saying whether the passwords match.

@vapaavetehinen
Copy link
Contributor

Thinking a bit more about the 2x password design, the existing init new repository lacks a second prompt for the passphrase. That seems like an issue. If someone accidentally types the passphrase wrong and then the machine with vorta needs to be restored but the only copy of the passphrase was on that machine, the passphrase that was accidentally typed incorrectly on init is gone.

@Hofer-Julian
Copy link
Collaborator

@vapaavetehinen some thoughts:

  1. Maybe the button could at the right of "Encryption: repokey" and not only include the icon but also the text "change passphrase"? Might include discoverability
  2. The button should only be visible for encryption type "repokey"
  3. I also think we should ask the user two times when creating a new repository. Good point!

@vapaavetehinen
Copy link
Contributor

I've started work on this in a fork under a branch 'change-password'. I will update here with questions and progress. So far I've added a UI component. Will work on adding the logic to pass down the borg command next.

@Hofer-Julian
Copy link
Collaborator

Great!

@m3nu m3nu added this to the Far away.. milestone Feb 15, 2021
@eSoares
Copy link

eSoares commented Mar 16, 2021

May I add to the issue, since I think is related. The UI maybe should permit change anything about the repository (same UI as "Add existing repository").
This would be useful to change any extra parameters needed or password.

@Ramblurr
Copy link

Is there a workaround for this feature in the meantime?

@Hofer-Julian
Copy link
Collaborator

Changing the password with borg cli and removing and readding the repo on vorta

@ThomasWaldmann
Copy link
Collaborator

ThomasWaldmann commented Mar 4, 2023

Guess this somehow went off the radar and could get higher priority.

@m3nu why is this "far away" milestone?

@jetchirag
Copy link
Contributor

Is there any update on it's status? I would like to work on Passphrase change.

@Hofer-Julian
Copy link
Collaborator

Is there any update on it's status? I would like to work on Passphrase change.

Feel free to pick it up. To my knowledge nobody is working on it.

However, it would be good to discuss the intended changes with mockups first before you start implementing.

@jetchirag
Copy link
Contributor

@Hofer-Julian Thanks! For passphrase change dialog, I've designed a simple dialog.

I'm considering this (realised after taking these screenshots):

  • If encryption is none, grey out this option
  • Create a "Misc" dropdown button similar to + button and put this option under there since these options won't be frequently used.

Screenshot at Mar 16 22-36-14

Screenshot at Mar 16 22-35-54

Change Passphrase Placement 1

@real-yfprojects
Copy link
Collaborator

The screenshots look good.

  • If encryption is none, grey out this option

The action should only be enabled when the encryption is of type repokey.

@jetchirag
Copy link
Contributor

@real-yfprojects Would you prefer to hide the option or disable it?

@real-yfprojects
Copy link
Collaborator

Disabling since this tells the user that the feature exists.

@ThomasWaldmann
Copy link
Collaborator

ThomasWaldmann commented Mar 16, 2023

@jetchirag please be more precise and consistent with wording:

  • the passphrase is protecting the (encrypted) borg key, so "borg key passphrase" or "borg passphrase" is a good wording.
  • "repository passphrase" might be problematic, we have 2 sorts of keys: repokey and keyfile (and only the first is in the repo, but both types are protected with a passphrase in the same way)
  • consistently use "passphrase" (not: "password")

borg itself does not have a minimum passphrase length requirement, not sure how vorta wants to deal with it. freedom vs. trying to keep users safe.

@jetchirag
Copy link
Contributor

@ThomasWaldmann Will do.

For "password" wording, I've reused the password validator function which I think is in utils since "New Repository" also uses it.

image

Should I update the function to use "passphrase"? It will impact this dialog as well.

vorta/src/vorta/utils.py

Lines 473 to 485 in c4d16e2

def validate_passwords(first_pass, second_pass):
'''Validates the password for borg, do not use on single fields'''
pass_equal = first_pass == second_pass
pass_long = len(first_pass) > 8
if not pass_long and not pass_equal:
return trans_late('utils', "Passwords must be identical and greater than 8 characters long.")
if not pass_equal:
return trans_late('utils', "Passwords must be identical.")
if not pass_long:
return trans_late('utils', "Passwords must be greater than 8 characters long.")
return ""

@jetchirag
Copy link
Contributor

borg itself does not have a minimum passphrase length requirement, not sure how vorta wants to deal with it. freedom vs. trying to keep users safe.

Do you think it would be worth having an option to disable this validation?

@ThomasWaldmann
Copy link
Collaborator

A long time ago I tried to write a function that determines pw quality/strength. But I realized that isn't easily possible without a lot of world knowledge.

BTW, changing this is not really in scope of this PR. Just use whatever vorta did until now.

@eSoares
Copy link

eSoares commented Mar 16, 2023

Why not instead of a completely new popup for only the password change, the UI be more like the "initialize new backup repository" and allow editing the repository itself?

@m3nu
Copy link
Contributor

m3nu commented Mar 17, 2023

Which other things could be edited on a repo after adding it, @eSoares ?

@eSoares
Copy link

eSoares commented Mar 17, 2023

The path it self or the extra borg arguments.

In the past I relied in a ssh host name that latter I wanted to rename, but that caused issues if I didn't edit the repo in vorta.
Another issue that I found is the destination OS stopped to find bog in the path and needed to pass the extra argument --remote-path.
This things should be ease to edited and fix.

@Hofer-Julian
Copy link
Collaborator

The path itself

That is a good point.
Also had this situation quite a few times myself.

@jetchirag jetchirag linked a pull request Mar 17, 2023 that will close this issue
9 tasks
@real-yfprojects
Copy link
Collaborator

UI be more like the "initialize new backup repository" and allow editing the repository itself

You can always unlink and readd a repository. How is that different from what you propose?

The path it self or the extra borg arguments.

Those a good ideas. However I think this would exceed the scope of this PR. Let's open a new issue for that.

@jetchirag
Copy link
Contributor

Why not instead of a completely new popup for only the password change, the UI be more like the "initialize new backup repository" and allow editing the repository itself?

I'm thinking of different dialog for each edit or seperating passphrase and these two configs.

Create a "Misc" dropdown button similar to + button and put this option under there since these options won't be frequently used.

I'll send new mockups after finishing this issue.

@jetchirag
Copy link
Contributor

image

image (2)

We can create a new menu and put config options there. I like the first option where we can keep passphrase change and edit repo options seperately but we can also create tab in edit dialog and put passphrase option there (image 2; ignore eye icon) as suggested by @eSoares .

How does it look?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Simple change to start learning code base help wanted This issue is available, comment if you want to fix it type:enhancement Improvement of an existing function type:feature New functionality
Projects
None yet
Development

Successfully merging a pull request may close this issue.

9 participants