securedrop-client icon indicating copy to clipboard operation
securedrop-client copied to clipboard
verified publisher icon freedomofpress

[securedrop-export] Add option to keep a device unlocked on sd-devices

Open sssoleileraaa opened this issue 4 years ago • 4 comments

Follow-up for https://github.com/freedomofpress/securedrop-export/pull/39

We will need to create a followup issue with a new status code to inform the client that the device is already unlocked and no user passphrase is necessary.

The issue for this was created here: https://github.com/freedomofpress/securedrop-client/issues/1734

**Important: ** If the device is unlocked by an external program we will still lock it after a file transfer. This is to err on the side of caution.

No issue was created for this at the time because it was something I thought we wouldn't want to support. But once freedomofpress/securedrop-client#1734 is done, we can revisit this topic and potentially add a new option to keep the device unlocked while continuing to default to locking the device after a transfer completes. If we did this, I think it would make sense to say something more like "Keep device unlocked" rather than "Remember password."

User story

As a journalist who wants to export multiple documents, I'd like to keep the luks-encrypted thumb drive unlocked until I finish all my exports.

sssoleileraaa avatar Mar 08 '22 02:03 sssoleileraaa

As a journalist who wants to export multiple documents, I'd like to keep the luks-encrypted thumb drive unlocked until I finish all my exports.

This user story will at least partially be addressed by adding support for exporting multiple files from a source.

sssoleileraaa avatar Apr 04 '22 20:04 sssoleileraaa

Some of the new status codes (e.g. Status.DEVICE_WRITABLE) introduced in freedomofpress/securedrop-export#105 will enable detecting unlocked devices early in the export process if that's something we want to do. That could allow to offer different paths depending on the initial state of the device: like not re-locking a device that wasn't unlocked as part of the export.

No action yet, just flagging that current work will make this easier is we ever want to proceed.

gonzalo-bulnes avatar Oct 13 '22 01:10 gonzalo-bulnes

Now that #1777 has been merged, this change will be straightforward to implement, but still needing some UX consideration:

  • In one (or more) ExportWizardPage, add a QCheckbox that defaults to checked (true) that says "lock this device after export" or similar. use registerField the same way the passphrase is a registered field, so that the wizard has access to the boolean value of this checkbox
  • Pass the result to sd-devices, either via a json metadata field, if we are still using json metadata, or via a qrexec service argument, if we have transitioned to that already.
  • There is already logic in export/disk/cli.py that unmounts and closes the volume only if should_close_volume is True (True by default, so currently it always closes and locks the volume).

The UX question to consider is where this option should be presented. The only page that users are guaranteed to see is the Preflight page. Everything else is conditional on what state their device is in. The easiest option is probably to add a "Review before Exporting" page that offers this checkbox, along with a summary of what is about to be exported, and then updating the "nextID" method so that everywhere we currently jump straight to the Export Done page, we would go to the Review page instead The only reason I didn't implement it already is it means an extra click.

rocodes avatar Feb 22 '24 16:02 rocodes