saber-notes
[BUG] Show encryption password somewhere in the app, and/or allow resetting it.
Describe the bug
I have a device registered (on https://nc.saber.adil.hanney.org ), and it syncs just fine.
I have forgot the encryption password, though. No data loss, my notes are all on the device. But now, I need to share the notes with another device.
I would have expected begin able to just copy the encryption password to the device that syncs to the other one, and have both share notes.
But the Saber app doesn't seem to show the encryption password anywhere.
Notice that I would have no problem in setting a new encryption password and just re-syncing from scratch, deleting all data currently on NextCloud.
But even this doesn't seem to be straightforward. If I delete the notes, I'm afraid they will be deleted on the device too. If I somehow succeed in setting a new encryption password (assuming it is possible) and re-sync to NextCloud, then I will get a mix of files synced with the old and with the new password.
To reproduce
- Configure syncing on a device
- Forget encryption password
Expected behavior
Given that the device has the syncronization password, I would expect to be able to see it.
But a valid alternative would be a way to re-initialize syncronization with a new encryption password.
By the way: in the login screen, it would be nice to clarify that the encryption password can just be generated independently. The first time, it took me a while to understand it was not some already existing password generated by NextCloud.
Saber version
0.1.11 from Google Play (9080)
Device
- Device: Samsung Galaxy Tab SM-T585
- OS: Android 8.1.0
Anything else?
No response
Notice that I would have no problem in setting a new encryption password and just re-syncing from scratch, deleting all data currently on NextCloud.
But even this doesn't seem to be straightforward. If I delete the notes, I'm afraid they will be deleted on the device too. If I somehow succeed in setting a new encryption password (assuming it is possible) and re-sync to NextCloud, then I will get a mix of files synced with the old and with the new password.
For now, you can go to Nextcloud and delete the Saber folder. This won't cause your notes to be deleted locally on your device. Then re-login to the app with a new encryption password. There's currently no option to resync all local files, so a note will only be synced when you edit it.
Expected behavior
Given that the device has the syncronization password, I would expect to be able to see it.
I'll add this.
By the way: in the login screen, it would be nice to clarify that the encryption password can just be generated independently. The first time, it took me a while to understand it was not some already existing password generated by NextCloud.
Yep I've added this to the FAQ section on the login page in v0.9.12 which is now live on the Play Store.
My personal opinion is that the encryption password shouldn't be saved on saber, any potential security vulnerability could compromise your account.
Although it may make sense to change the encryption password, please use a password manager with strong password as a good security practice in general.
My personal opinion is that the encryption password shouldn't be saved on saber, any potential security vulnerability could compromise your account.
Oh, in this case my account is not very important. Having Saber sync without asking me a password is much more important to me.
My personal opinion is that the encryption password shouldn't be saved on saber, any potential security vulnerability could compromise your account.
Oh, in this case my account is not very important. Having Saber sync without asking me a password is much more important to me.
Well to some it maybe important. It is always advised to follow good practices, but it comes down to what the user chooses. To you, it may not be a big deal, for someone it might be.
it comes down to what the user chooses
Sorry, I misinterpreted your "shouldn't" as "Saber shouldn't be able to store the password anymore", rather than as "Saber should allow users not to store the password if they whish so - and I suggest users not to store it". Allowing users to insert their encryption password every time can't harm, if there are some who whish so.
it comes down to what the user chooses
Sorry, I misinterpreted your "shouldn't" as "Saber shouldn't be able to store the password anymore", rather than as "Saber should allow users not to store the password if they whish so - and I suggest users not to store it". Allowing users to insert their encryption password every time can't harm, if there are some who whish so.
Yes, I am glad you understand :D
I never got an encryption password, how to get one. "You choose it when you first login to Saber" this never happened. Ok I figured it out, I had to go to devices and sessions and create a new one. Sorry for wasting your time.
I would suggest a slight change in the workflow for creating a new account. Perhaps it should look something like this:
- Create new account using the current procedure.
- During the first login, go to a separate screen where the user is asked whether: a. This is the first time creating an account. b. The user wants to sync from an existing account.
- In case (2a), the user is prompted to create an encryption password. In case (2b), the user is prompted to enter their pre-existing encryption password.
- Proceed to login as usual.
This would add one more screen, but would be a bit more intuitive. Any thoughts / feedback on this suggestion?
EDIT: I would try to work on a patch, but I know literally nothing about Dart...
