vorta icon indicating copy to clipboard operation
vorta copied to clipboard

Published 20 hours ago verified publisher icon borgbase

Change password

Open dtu-compute opened this issue 6 years ago • 29 comments

Is your feature request related to a problem? Please describe. A way to change the password I provided when the repo were created.

Describe the solution you'd like A text field with password just like the other init parameters.

dtu-compute avatar Jun 13 '19 13:06 dtu-compute

Sounds reasonable and shouldn't be too hard to provide with https://borgbackup.readthedocs.io/en/stable/usage/key.html#borg-key-change-passphrase

Hofer-Julian avatar Jun 14 '19 08:06 Hofer-Julian

vorta_screenshot

What do people think about something like this for the UI? I'd appreciate some input to refine this or brainstorm something else. The issue that come to mind with this is that it might be a little confusing to have a button next to encryption that only changes the passphrase and doesn't change the encryption type. It would also benefit from adding a title above the fields like "Change Passphrase" and from some sort of UI element saying whether the passwords match.

vapaavetehinen avatar May 31 '20 20:05 vapaavetehinen

Thinking a bit more about the 2x password design, the existing init new repository lacks a second prompt for the passphrase. That seems like an issue. If someone accidentally types the passphrase wrong and then the machine with vorta needs to be restored but the only copy of the passphrase was on that machine, the passphrase that was accidentally typed incorrectly on init is gone.

vapaavetehinen avatar May 31 '20 20:05 vapaavetehinen

@vapaavetehinen some thoughts:

  1. Maybe the button could at the right of "Encryption: repokey" and not only include the icon but also the text "change passphrase"? Might include discoverability
  2. The button should only be visible for encryption type "repokey"
  3. I also think we should ask the user two times when creating a new repository. Good point!

Hofer-Julian avatar May 31 '20 21:05 Hofer-Julian

I've started work on this in a fork under a branch 'change-password'. I will update here with questions and progress. So far I've added a UI component. Will work on adding the logic to pass down the borg command next.

vapaavetehinen avatar Jun 05 '20 16:06 vapaavetehinen

Great!

Hofer-Julian avatar Jun 05 '20 18:06 Hofer-Julian

May I add to the issue, since I think is related. The UI maybe should permit change anything about the repository (same UI as "Add existing repository"). This would be useful to change any extra parameters needed or password.

eSoares avatar Mar 16 '21 19:03 eSoares

Is there a workaround for this feature in the meantime?

Ramblurr avatar Mar 17 '21 10:03 Ramblurr

Changing the password with borg cli and removing and readding the repo on vorta

Hofer-Julian avatar Mar 17 '21 11:03 Hofer-Julian

Guess this somehow went off the radar and could get higher priority.

@m3nu why is this "far away" milestone?

ThomasWaldmann avatar Mar 04 '23 13:03 ThomasWaldmann

Is there any update on it's status? I would like to work on Passphrase change.

jetchirag avatar Mar 16 '23 14:03 jetchirag

Is there any update on it's status? I would like to work on Passphrase change.

Feel free to pick it up. To my knowledge nobody is working on it.

However, it would be good to discuss the intended changes with mockups first before you start implementing.

Hofer-Julian avatar Mar 16 '23 15:03 Hofer-Julian

@Hofer-Julian Thanks! For passphrase change dialog, I've designed a simple dialog.

I'm considering this (realised after taking these screenshots):

  • If encryption is none, grey out this option
  • Create a "Misc" dropdown button similar to + button and put this option under there since these options won't be frequently used.
Screenshot at Mar 16 22-36-14 Screenshot at Mar 16 22-35-54 Change Passphrase Placement 1

jetchirag avatar Mar 16 '23 17:03 jetchirag

The screenshots look good.

  • If encryption is none, grey out this option

The action should only be enabled when the encryption is of type repokey.

real-yfprojects avatar Mar 16 '23 18:03 real-yfprojects

@real-yfprojects Would you prefer to hide the option or disable it?

jetchirag avatar Mar 16 '23 19:03 jetchirag

Disabling since this tells the user that the feature exists.

real-yfprojects avatar Mar 16 '23 19:03 real-yfprojects

@jetchirag please be more precise and consistent with wording:

  • the passphrase is protecting the (encrypted) borg key, so "borg key passphrase" or "borg passphrase" is a good wording.
  • "repository passphrase" might be problematic, we have 2 sorts of keys: repokey and keyfile (and only the first is in the repo, but both types are protected with a passphrase in the same way)
  • consistently use "passphrase" (not: "password")

borg itself does not have a minimum passphrase length requirement, not sure how vorta wants to deal with it. freedom vs. trying to keep users safe.

ThomasWaldmann avatar Mar 16 '23 20:03 ThomasWaldmann

@ThomasWaldmann Will do.

For "password" wording, I've reused the password validator function which I think is in utils since "New Repository" also uses it.

image

Should I update the function to use "passphrase"? It will impact this dialog as well.

https://github.com/borgbase/vorta/blob/c4d16e250dd1130bab113911c388d183096223a6/src/vorta/utils.py#L473-L485

jetchirag avatar Mar 16 '23 21:03 jetchirag

borg itself does not have a minimum passphrase length requirement, not sure how vorta wants to deal with it. freedom vs. trying to keep users safe.

Do you think it would be worth having an option to disable this validation?

jetchirag avatar Mar 16 '23 21:03 jetchirag

A long time ago I tried to write a function that determines pw quality/strength. But I realized that isn't easily possible without a lot of world knowledge.

BTW, changing this is not really in scope of this PR. Just use whatever vorta did until now.

ThomasWaldmann avatar Mar 16 '23 22:03 ThomasWaldmann

Why not instead of a completely new popup for only the password change, the UI be more like the "initialize new backup repository" and allow editing the repository itself?

eSoares avatar Mar 16 '23 22:03 eSoares

Which other things could be edited on a repo after adding it, @eSoares ?

m3nu avatar Mar 17 '23 08:03 m3nu

The path it self or the extra borg arguments.

In the past I relied in a ssh host name that latter I wanted to rename, but that caused issues if I didn't edit the repo in vorta. Another issue that I found is the destination OS stopped to find bog in the path and needed to pass the extra argument --remote-path. This things should be ease to edited and fix.

eSoares avatar Mar 17 '23 10:03 eSoares

The path itself

That is a good point. Also had this situation quite a few times myself.

Hofer-Julian avatar Mar 17 '23 10:03 Hofer-Julian

UI be more like the "initialize new backup repository" and allow editing the repository itself

You can always unlink and readd a repository. How is that different from what you propose?

The path it self or the extra borg arguments.

Those a good ideas. However I think this would exceed the scope of this PR. Let's open a new issue for that.

real-yfprojects avatar Mar 17 '23 15:03 real-yfprojects

Why not instead of a completely new popup for only the password change, the UI be more like the "initialize new backup repository" and allow editing the repository itself?

I'm thinking of different dialog for each edit or seperating passphrase and these two configs.

Create a "Misc" dropdown button similar to + button and put this option under there since these options won't be frequently used.

I'll send new mockups after finishing this issue.

jetchirag avatar Mar 17 '23 17:03 jetchirag

image image (2)

We can create a new menu and put config options there. I like the first option where we can keep passphrase change and edit repo options seperately but we can also create tab in edit dialog and put passphrase option there (image 2; ignore eye icon) as suggested by @eSoares .

How does it look?

jetchirag avatar Mar 18 '23 19:03 jetchirag