428135 – Dolphin sftp constantly sends authentication request when adjusting username

Bug 428135 - Dolphin sftp constantly sends authentication request when adjusting username

Summary: Dolphin sftp constantly sends authentication request when adjusting username

Status:	CONFIRMED

Alias:	None

Product:	dolphin
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Manjaro Linux

Importance:	NOR minor
Target Milestone:	---
Assignee:	Dolphin Bug Assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-10-23 12:24 UTC by Adam Lyall
Modified:	2020-11-04 10:46 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Lyall 2020-10-23 12:24:15 UTC

This seems in part a "feature" because Dolphin will lookup paths on the server while typing in order to show them as options. However, if adjusting the username (or any part not related to the path) Dolphin should not send a new authentication request until the user hits enter otherwise every character change causes a failed log in which some servers will rate limit the number of failed logins within a given time frame. This has caused my machine to be blocked for a while a few times as I switch to another user on servers.

Note this may require the use of SSH key to trigger the bug as I have not tested via a server that allows password authentication.

STEPS TO REPRODUCE
1. Enter a sftp address in Dolphin's location bar. Eg. sftp://myuser@server.tld:/the/folder and hit enter to login.
2. Now edit the existing URI by deleting the username (e.g myuser) one character at a time and then enter another username (e.g. otheruser@).
3. Checking the server SSH authentication log will show a request for each character change. E.g myuse@server.tld, myus@server.tld, myu@server.tld ~ o@server.tld, ot@server.tld, oth@server.tld ~ otheruser@server.tld

OBSERVED RESULT
Many login request are sent.

EXPECTED RESULT
Don't send a new request until the user presses enter when they are changing the username or any part before the path component.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Linux 5.9, Manjaro
(available in About System)
KDE Plasma Version: 5.19.5
KDE Frameworks Version: 5.74
Qt Version: 5.15.1

Comment 1 Harald Sitter 2020-11-03 11:02:57 UTC

Cannot reproduce. Dolphin correctly marks the request with no-auth-prompt which indeed results in no dialog appearing. What's the exact server configuration you have?

Comment 2 Adam Lyall 2020-11-03 16:09:31 UTC

There is no dialogue involved. When I am adjusting the path it seems to constantly send a request to the server for every character added and removed from the URI. This is fine when only changing the path but not when adjusting the user ID. My server provider (in this case Opalstack) informed me the server received multiple failed login attempts in the form of:

```
[DATE] [SERVER] sshd[24486]: Invalid user myusernam from 123.123.123.321 port 40310
[DATE] [SERVER] sshd[24490]: Invalid user myuserna from 123.123.123.321 port 40312
[DATE] [SERVER] sshd[24494]: Invalid user myusern from 123.123.123.321 port 40314
[DATE] [SERVER] sshd[24498]: Invalid user myuser from 123.123.123.321 port 40316
[DATE] [SERVER] sshd[24503]: Invalid user myuse from 123.123.123.321 port 40318
```

That matches with me deleting `myusername` in the URI `sftp://myusername@server:/path/dir` in Dolphin's address bar as I placed the cursor after myusername and started hitting backspace.

Comment 3 Harald Sitter 2020-11-04 10:46:01 UTC

Ah! 

Well, I don't know why dolphin does it. I suppose if it's just for autocompletion or something it indeed wouldn't make much sense.

Marking confirmed because it indeed sends authless requests even on master builds.