| Summary: | When I lock the screen and then press ESC key, the login controls unhide immediately before the screen is turned off | ||
|---|---|---|---|
| Product: | [Plasma] plasmashell | Reporter: | Patrick Silva <bugseforuns> |
| Component: | Theme - Breeze | Assignee: | Plasma Bugs List <plasma-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | nate, visual-design |
| Priority: | NOR | ||
| Version First Reported In: | 5.27.0 | ||
| Target Milestone: | 1.0 | ||
| Platform: | Neon | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/plasma/plasma-workspace/commit/e1fa127278d3dc470141fe1cbefdf2ee0e393872 | Version Fixed In: | 5.27.2 |
| Sentry Crash Report: | |||
|
Description
Patrick Silva
2023-02-17 12:43:17 UTC
Git commit 8879fefe8f3f4d18c92b8216538d24817adab42e by Nate Graham, on behalf of Bartosz Taudul. Committed on 21/02/2023 at 17:52. Pushed by ngraham into branch 'master'. Lock screen: Prevent Escape key from displaying UI if it's currently hidden Merge request https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/99 implemented turning off the screen when the Escape key is pressed on the lock screen. However, the lock screen UI logic was not updated to take this into account. There are two behaviors to consider here. The first is such that pressing the Escape key on the password prompt clears the entry and hides the UI. This is expected and works well in conjunction with the screen going off. When the user returns to the computer after a while and tries to log in again, they would not expect to see a partially typed password. Or, even worse, the user might enter the password and then press the Escape key. If the previous entry were left as entered, unbeknownst to the user, an adversary could gain access to the user's account. The second behavior is when the password entry UI is not displayed. In this case, the UI logic reacted by displaying the password entry prompt. While this behavior may have been fine before, with the change to turn off the screen, this looks like some sort of bug. This commit disables Escape key handling when the password entry UI is not visible. FIXED-IN: 5.27.2 M +7 -5 lookandfeel/org.kde.breeze/contents/lockscreen/LockScreenUi.qml https://invent.kde.org/plasma/plasma-workspace/commit/8879fefe8f3f4d18c92b8216538d24817adab42e Git commit e1fa127278d3dc470141fe1cbefdf2ee0e393872 by Nate Graham, on behalf of Bartosz Taudul. Committed on 21/02/2023 at 18:00. Pushed by ngraham into branch 'Plasma/5.27'. Lock screen: Prevent Escape key from displaying UI if it's currently hidden Merge request https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/99 implemented turning off the screen when the Escape key is pressed on the lock screen. However, the lock screen UI logic was not updated to take this into account. There are two behaviors to consider here. The first is such that pressing the Escape key on the password prompt clears the entry and hides the UI. This is expected and works well in conjunction with the screen going off. When the user returns to the computer after a while and tries to log in again, they would not expect to see a partially typed password. Or, even worse, the user might enter the password and then press the Escape key. If the previous entry were left as entered, unbeknownst to the user, an adversary could gain access to the user's account. The second behavior is when the password entry UI is not displayed. In this case, the UI logic reacted by displaying the password entry prompt. While this behavior may have been fine before, with the change to turn off the screen, this looks like some sort of bug. This commit disables Escape key handling when the password entry UI is not visible. FIXED-IN: 5.27.2 (cherry picked from commit 8879fefe8f3f4d18c92b8216538d24817adab42e) M +7 -5 lookandfeel/org.kde.breeze/contents/lockscreen/LockScreenUi.qml https://invent.kde.org/plasma/plasma-workspace/commit/e1fa127278d3dc470141fe1cbefdf2ee0e393872 |