Bug 469877

Summary: No way to cancel / revoke a pairing request once started
Product: [Applications] kdeconnect Reporter: Adam Fontenot <adam.m.fontenot+kde>
Component: commonAssignee: Albert Vaca Cintora <albertvaka>
Status: RESOLVED FIXED    
Severity: normal CC: andrew.g.r.holmes
Priority: NOR    
Version First Reported In: 23.04.1   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: https://invent.kde.org/network/kdeconnect-android/-/commit/537f2e35ac84b498b248d7fd5da1abeeffe439dd Version Fixed/Implemented In:
Sentry Crash Report:

Description Adam Fontenot 2023-05-17 00:45:23 UTC 
SUMMARY

If you accidentally click on the wrong device when requesting pairing, there is no way to cancel. This means you must wait for either (a) the request to timeout, or (b) the (potentially hostile) other device to accept your pairing request, and then revoke pairing as quickly as possible, hopefully before it is able to do any damage.

A secondary component of this issue is that there's no way for the device that requests pairing to verify the key of the device that receives the request before pairing is activated. If both sides had to click okay, with a chance to view the other's key, before pairing became active, that would ameliorate this issue. As things stand "request pair" amounts to "please give away all my device permissions to whatever is on the other end of this device label".

This issue applies to both desktop (at least on Linux) and the Android applications. 

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.27.5
KDE Frameworks Version: 5.106.0
Qt Version: 5.15.9
Kernel Version: 6.3.2-arch1-1 (64-bit)
Graphics Platform: X11

Android version 1.24.5 (Google Play store)
Comment 1 Bug Janitor Service 2023-05-30 15:34:04 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/network/kdeconnect-android/-/merge_requests/366
Comment 2 Albert Vaca Cintora 2023-05-31 15:23:46 UTC 
Git commit 537f2e35ac84b498b248d7fd5da1abeeffe439dd by Albert Vaca Cintora.
Committed on 31/05/2023 at 15:23.
Pushed by albertvaka into branch 'master'.

Add the option to cancel a pairing request we sent

M  +1    -0    res/values/strings.xml
M  +1    -1    src/org/kde/kdeconnect/Backends/BasePairingHandler.java
M  +1    -1    src/org/kde/kdeconnect/Backends/BluetoothBackend/BluetoothPairingHandler.java
M  +2    -2    src/org/kde/kdeconnect/Backends/LanBackend/LanPairingHandler.java
M  +2    -2    src/org/kde/kdeconnect/Backends/LoopbackBackend/LoopbackPairingHandler.java
M  +3    -4    src/org/kde/kdeconnect/Device.java
M  +8    -1    src/org/kde/kdeconnect/UserInterface/DeviceFragment.kt
M  +1    -1    src/org/kde/kdeconnect/UserInterface/MainActivity.kt

https://invent.kde.org/network/kdeconnect-android/-/commit/537f2e35ac84b498b248d7fd5da1abeeffe439dd