Bug 453828 - Undo operation possible in lock-screen password field (Ctrl-Z)
Summary: Undo operation possible in lock-screen password field (Ctrl-Z)
Status: RESOLVED FIXED
Alias: None
Product: plasmashell
Classification: Unclassified
Component: Theme - Breeze (show other bugs)
Version: master
Platform: Other Linux
: NOR normal
Target Milestone: 1.0
Assignee: Plasma Bugs List
URL:
Keywords:
: 387418 422421 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-05-15 14:06 UTC by Derek Christ
Modified: 2022-06-12 14:09 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In: 5.95


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Derek Christ 2022-05-15 14:06:12 UTC
SUMMARY
It's possible to do Ctrl-Z and restore the previous written text in the password entry field.
Consider the scenario where a user partly enters the password but then decides to something else and not unlock the screen. The user then clears the password field thinking the password cannot be restored by some other person.
Some other person can now hit Ctrl-Z and restore the password and make it visible by clicking on the eye symbol.


STEPS TO REPRODUCE
1. Type something in the lock screen password field
2. Delete it
3. Hit Ctrl-Z

OBSERVED RESULT
Password restored

EXPECTED RESULT
Ctrl-Z should not be possible

SOFTWARE/OS VERSIONS
Operating System: Manjaro Linux
KDE Plasma Version: 5.24.5
KDE Frameworks Version: 5.93.0
Qt Version: 5.15.3
Kernel Version: 5.17.6-1-MANJARO (64-bit)
Graphics Platform: X11
Comment 1 Nate Graham 2022-05-16 15:56:04 UTC
Can confirm. Would probably be good to disable this.
Comment 2 Nate Graham 2022-05-16 16:02:33 UTC
Looks like TextInput has a `canUndo:` property, but unfortunately it is read-only.
Comment 3 Bug Janitor Service 2022-05-31 16:57:06 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/1788
Comment 4 Bug Janitor Service 2022-06-04 17:09:09 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/plasma-framework/-/merge_requests/542
Comment 5 Nate Graham 2022-06-06 14:19:49 UTC
Fixed by Derek Christ with https://invent.kde.org/frameworks/plasma-framework/-/commit/3d887cd71f03358c8def733a3e19ed22a8f66e8a in Frameworks 5.95!
Comment 6 Nate Graham 2022-06-06 14:19:49 UTC
Git commit 51cab794c2d071aa3761f02436a7b96cd8e27478 by Nate Graham, on behalf of Derek Christ.
Committed on 06/06/2022 at 14:19.
Pushed by ngraham into branch 'master'.

Port lockscreen & sddm theme password fields to PlasmaExtras.PasswordField

M  +2    -2    lookandfeel/contents/lockscreen/LockScreenUi.qml
M  +3    -5    lookandfeel/contents/lockscreen/MainBlock.qml
M  +5    -3    sddm-theme/Login.qml

https://invent.kde.org/plasma/plasma-workspace/commit/51cab794c2d071aa3761f02436a7b96cd8e27478
Comment 7 Nate Graham 2022-06-12 14:09:40 UTC
*** Bug 387418 has been marked as a duplicate of this bug. ***
Comment 8 Nate Graham 2022-06-12 14:09:46 UTC
*** Bug 422421 has been marked as a duplicate of this bug. ***