node-keytar
node-keytar copied to clipboard
atom
[Windows] Old credential comes back after current one is deleted
Prerequisites
- [ ] Put an X between the brackets on this line if you have done all of the following:
- Reproduced the problem in Safe Mode: https://flight-manual.atom.io/hacking-atom/sections/debugging/#using-safe-mode
- Followed all applicable steps in the debugging guide: https://flight-manual.atom.io/hacking-atom/sections/debugging/
- Checked the FAQs on the message board for common solutions: https://discuss.atom.io/c/faq
- Checked that your issue isn't already filed: https://github.com/issues?utf8=✓&q=is%3Aissue+user%3Aatom
- Checked that there is not already an Atom package that provides the described functionality: https://atom.io/packages
Description
A value was set for some service/account for keytar 4.x. Then migrate keytar to 7.x and set another value for same service/account. Delete this service/account and the old value set in keytar-4.x came back after rebooting the computer.
Steps to Reproduce
- npm i keytar@^4
- keytar.setPassword('service', 'account', '1')
- npm i keytar@^7
- keytar.setPassword('service', 'account', '2')
- keytar.deletePassword('service', 'account')
- reboot computer
- Check Windows Credential Manager and service/account credential still exists and its value is 1.
Expected behavior: There should be no service/account credential in Windows Credential Manager after calling deletePassword.
Actual behavior: The old one set in keytar-4.x came back.
Reproduces how often: Every time
Versions
Additional Information
Just an FYI
Mailspring uses keytar and there are various reports of issues with passwords, i.e. being old or reset to a previous one. https://community.getmailspring.com/search?q=password%20%23bugs
Most seem to be related to Windows OS
If anyone is using key-tar in Electron; Electron has its own similar mechanism now. I forget the name though.