Bug 453828 - Undo operation possible in lock-screen password field (Ctrl-Z)
Summary: Undo operation possible in lock-screen password field (Ctrl-Z)
Status: RESOLVED FIXED
Alias: None
Product: plasmashell
Classification: Plasma
Component: Theme - Breeze (show other bugs)
Version: master
Platform: Other Linux
: NOR normal
Target Milestone: 1.0
Assignee: Plasma Bugs List
URL:
Keywords:
: 387418 422421 464741 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-05-15 14:06 UTC by Derek Christ
Modified: 2023-02-28 11:51 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In: 5.95
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Derek Christ 2022-05-15 14:06:12 UTC
SUMMARY
It's possible to do Ctrl-Z and restore the previous written text in the password entry field.
Consider the scenario where a user partly enters the password but then decides to something else and not unlock the screen. The user then clears the password field thinking the password cannot be restored by some other person.
Some other person can now hit Ctrl-Z and restore the password and make it visible by clicking on the eye symbol.


STEPS TO REPRODUCE
1. Type something in the lock screen password field
2. Delete it
3. Hit Ctrl-Z

OBSERVED RESULT
Password restored

EXPECTED RESULT
Ctrl-Z should not be possible

SOFTWARE/OS VERSIONS
Operating System: Manjaro Linux
KDE Plasma Version: 5.24.5
KDE Frameworks Version: 5.93.0
Qt Version: 5.15.3
Kernel Version: 5.17.6-1-MANJARO (64-bit)
Graphics Platform: X11
Comment 1 Nate Graham 2022-05-16 15:56:04 UTC
Can confirm. Would probably be good to disable this.
Comment 2 Nate Graham 2022-05-16 16:02:33 UTC
Looks like TextInput has a `canUndo:` property, but unfortunately it is read-only.
Comment 3 Bug Janitor Service 2022-05-31 16:57:06 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/1788
Comment 4 Bug Janitor Service 2022-06-04 17:09:09 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/plasma-framework/-/merge_requests/542
Comment 5 Nate Graham 2022-06-06 14:19:49 UTC
Fixed by Derek Christ with https://invent.kde.org/frameworks/plasma-framework/-/commit/3d887cd71f03358c8def733a3e19ed22a8f66e8a in Frameworks 5.95!
Comment 6 Nate Graham 2022-06-06 14:19:49 UTC
Git commit 51cab794c2d071aa3761f02436a7b96cd8e27478 by Nate Graham, on behalf of Derek Christ.
Committed on 06/06/2022 at 14:19.
Pushed by ngraham into branch 'master'.

Port lockscreen & sddm theme password fields to PlasmaExtras.PasswordField

M  +2    -2    lookandfeel/contents/lockscreen/LockScreenUi.qml
M  +3    -5    lookandfeel/contents/lockscreen/MainBlock.qml
M  +5    -3    sddm-theme/Login.qml

https://invent.kde.org/plasma/plasma-workspace/commit/51cab794c2d071aa3761f02436a7b96cd8e27478
Comment 7 Nate Graham 2022-06-12 14:09:40 UTC
*** Bug 387418 has been marked as a duplicate of this bug. ***
Comment 8 Nate Graham 2022-06-12 14:09:46 UTC
*** Bug 422421 has been marked as a duplicate of this bug. ***
Comment 9 Bug Janitor Service 2022-07-13 10:28:59 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/qqc2-desktop-style/-/merge_requests/171
Comment 10 Nicolas Fella 2023-01-24 18:14:00 UTC
*** Bug 464741 has been marked as a duplicate of this bug. ***
Comment 11 Bug Janitor Service 2023-02-26 23:21:51 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/qqc2-desktop-style/-/merge_requests/239
Comment 12 ratijas 2023-02-28 01:40:06 UTC
Git commit a0fd0328ac9ae1b483af978eb8ee849cfc8c8e0e by ivan tkachenko.
Committed on 28/02/2023 at 00:32.
Pushed by ratijas into branch 'master'.

TextField: Fix password-protection code from affecting normal text fields

Event interception should only be enabled for text fields which set
appropriate echo mode hint.

Amends 70ea0a191413c2c871f73b78bebfeefe4641d92e.

M  +1    -1    org.kde.desktop/TextField.qml

https://invent.kde.org/frameworks/qqc2-desktop-style/commit/a0fd0328ac9ae1b483af978eb8ee849cfc8c8e0e
Comment 13 ratijas 2023-02-28 11:51:45 UTC
Git commit 7103ff3530b611994ce702dcfc7a3ad7a037403a by ivan tkachenko.
Committed on 28/02/2023 at 11:51.
Pushed by ratijas into branch 'kf5'.

TextField: Fix password-protection code from affecting normal text fields

Event interception should only be enabled for text fields which set
appropriate echo mode hint.

Amends 70ea0a191413c2c871f73b78bebfeefe4641d92e.
(cherry picked from commit a0fd0328ac9ae1b483af978eb8ee849cfc8c8e0e)

M  +1    -1    org.kde.desktop/TextField.qml

https://invent.kde.org/frameworks/qqc2-desktop-style/commit/7103ff3530b611994ce702dcfc7a3ad7a037403a