STEPS TO REPRODUCE 1. lock the screen - the screen is locked, the avatar, password field and the buttons are hidden 2. turn the screen off by pressing ESC key 3. OBSERVED RESULT avatar, password field and the buttons unhide immediately before the screen is turned off EXPECTED RESULT avatar, password field and the buttons should remain hidden after pressing ESC SOFTWARE/OS VERSIONS Operating System: KDE neon Unstable Edition KDE Plasma Version: 5.27.80 KDE Frameworks Version: 5.104.0 Qt Version: 5.15.8 Graphics Platform: Wayland
Git commit 8879fefe8f3f4d18c92b8216538d24817adab42e by Nate Graham, on behalf of Bartosz Taudul. Committed on 21/02/2023 at 17:52. Pushed by ngraham into branch 'master'. Lock screen: Prevent Escape key from displaying UI if it's currently hidden Merge request https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/99 implemented turning off the screen when the Escape key is pressed on the lock screen. However, the lock screen UI logic was not updated to take this into account. There are two behaviors to consider here. The first is such that pressing the Escape key on the password prompt clears the entry and hides the UI. This is expected and works well in conjunction with the screen going off. When the user returns to the computer after a while and tries to log in again, they would not expect to see a partially typed password. Or, even worse, the user might enter the password and then press the Escape key. If the previous entry were left as entered, unbeknownst to the user, an adversary could gain access to the user's account. The second behavior is when the password entry UI is not displayed. In this case, the UI logic reacted by displaying the password entry prompt. While this behavior may have been fine before, with the change to turn off the screen, this looks like some sort of bug. This commit disables Escape key handling when the password entry UI is not visible. FIXED-IN: 5.27.2 M +7 -5 lookandfeel/org.kde.breeze/contents/lockscreen/LockScreenUi.qml https://invent.kde.org/plasma/plasma-workspace/commit/8879fefe8f3f4d18c92b8216538d24817adab42e
Git commit e1fa127278d3dc470141fe1cbefdf2ee0e393872 by Nate Graham, on behalf of Bartosz Taudul. Committed on 21/02/2023 at 18:00. Pushed by ngraham into branch 'Plasma/5.27'. Lock screen: Prevent Escape key from displaying UI if it's currently hidden Merge request https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/99 implemented turning off the screen when the Escape key is pressed on the lock screen. However, the lock screen UI logic was not updated to take this into account. There are two behaviors to consider here. The first is such that pressing the Escape key on the password prompt clears the entry and hides the UI. This is expected and works well in conjunction with the screen going off. When the user returns to the computer after a while and tries to log in again, they would not expect to see a partially typed password. Or, even worse, the user might enter the password and then press the Escape key. If the previous entry were left as entered, unbeknownst to the user, an adversary could gain access to the user's account. The second behavior is when the password entry UI is not displayed. In this case, the UI logic reacted by displaying the password entry prompt. While this behavior may have been fine before, with the change to turn off the screen, this looks like some sort of bug. This commit disables Escape key handling when the password entry UI is not visible. FIXED-IN: 5.27.2 (cherry picked from commit 8879fefe8f3f4d18c92b8216538d24817adab42e) M +7 -5 lookandfeel/org.kde.breeze/contents/lockscreen/LockScreenUi.qml https://invent.kde.org/plasma/plasma-workspace/commit/e1fa127278d3dc470141fe1cbefdf2ee0e393872