keepass2android
keepass2android copied to clipboard
PhilippC
[BUG] Wrong state when saving in app, then syncing remote nextcloud.
Checks
- [X] I have read the FAQ section, searched the open issues, and still think this is a new bug.
Describe the bug you encountered:
Hey,
i love your app and use it at least since 1 year and enjoy it's simplicity and feature-richness.
However, in the last month i observed some weird behavior that is quite breaking the app's use case for me: When making modifications in the app and saving it to my remote keepass file (nextcloud) everything seems to work fine. First i observed vanishing entries. Then i could trigger it explicitly via clicking on "Sync database". Then it should normally look at the local copy, then at the remote and should resolve / merge the two copies. In my case it basically just says "another program modified the file, reload it". I can click on "cancel" or "ok". When i click on "ok" all my changes are deleted and i seemingly have the "old" remote copy on my app.
I tried to remove the database (including cache) but this did not work out.
I attached the debug log and one can see that there is a hash difference even if there shouldn't be one.
Any advice here?
Btw: It is quite risky to log username/password combinations into the debug log. I nearly uploaded it here with credentials.
Describe what you expected to happen:
Updating the remote, syncing the modified version back to my device
What version of Keepass2Android are you using?
1.09e-r7
Which version of Android are you on?
13
Any advice here? I basically lost my PIN because of this and it is quite risky for me to keep using it.
Btw: It is quite risky to log username/password combinations into the debug log. I nearly uploaded it here with credentials.
Totally agree, this is not intentional. Can you tell where exactly you found this in the log?
This sounds like a severe issue, thanks for reporting.
Unfortunately, it is not exactly clear to me what you are doing and what you are losing.
Can you give a step-by-step description how to reproduce this, please?
Btw: It is quite risky to log username/password combinations into the debug log. I nearly uploaded it here with credentials.
Totally agree, this is not intentional. Can you tell where exactly you found this in the log?
Yes, sure. It is basically everywhere in my appended debug.txt where "https://my.nextcloud.url/persoenlich.kdbx" is. I replaced it so i have a quite anonymous log to upload. It looks normally like this
https://<username>:<password>@my.nextcloud.url/remote.php/webdav/<path-to-kdbx-file>
I think it is simply like this because authentication is handled in via the URL (maybe webdav can only do so). A simple regex-replacement (python-version) for each line like
re.sub("https://.+:.+@", "https://", <input>)
should be able to cut out authentication stuff that's in the URL
This sounds like a severe issue, thanks for reporting.
Unfortunately, it is not exactly clear to me what you are doing and what you are losing.
Can you give a step-by-step description how to reproduce this, please?
Sure. Basically i have a KeePass File saved on a hosted NextCloud Instance. I simply try to add an entry to the keepass file via the app. When i click save, nothing special happens and it seems like it is working as intended. However, these changes are seemingly not synced to the remote NextCloud-hosted file. When I, for example, download the file afterwards onto my PC and open it with KeePass the saved entry is missing. But in the app the entry is present (i think in the local cache). But when i actively instruct the app to sync with the remote (via clicking on "Sync database") it just says "another program modified the file, reload it" ( i assume it hash-checks remote and local and assumes remote is more recent so no need to merge). When i click ok, the KeePass file is seemingly re-loaded from the Remote and my new entry is missing (presumably because it never was synced to the remote).
So basically i am losing every entry i add when using the app and i currently use the app only as read-only and add keys only using a computer. But adding keys was a quite essential feature, especially for mobile apps.
Maybe it is just a setting but I never changed something here. NextCloud access is granted because i can seamlessly fetch computer-added entries on my app after the nextcloud client synced the changed to the remote.