Skip to content

Protect proxy password by not storing it between sessions#9652

Merged
Siedlerchr merged 26 commits into
JabRef:mainfrom
JacobTrossing:fix-for-issue-8055
Mar 27, 2023
Merged

Protect proxy password by not storing it between sessions#9652
Siedlerchr merged 26 commits into
JabRef:mainfrom
JacobTrossing:fix-for-issue-8055

Conversation

@JacobTrossing

@JacobTrossing JacobTrossing commented Mar 6, 2023
edited
Loading

Copy link
Copy Markdown
Contributor

Fixes #8055 by storing the proxy password only during run time and not in the system preferences. Also adds a pop-up at the start of the program if the user has checked "Use proxy" and "Use authentication" to allow them to enter the password for the proxy. An image of this pop-up can be seen below.

image

We considered using encryption to add extra security but were unsure if it was needed. What are your opinions on this?

  • Change in CHANGELOG.md described in a way that is understandable for the average user (if applicable)
  • Tests created for changes (if applicable)
  • Manually tested changed features in running JabRef (always required)
  • Screenshots added in PR description (for UI changes)
  • Checked developer's documentation: Is the information available and up to date? If not, I outlined it in this pull request.
  • Checked documentation: Is the information available and up to date? If not, I created an issue at https://github.com/JabRef/user-documentation/issues or, even better, I submitted a pull request to the documentation repository.

JacobTrossing and others added 25 commits March 1, 2023 14:28
@JacobTrossing
(feat) Makes sure password is never stored in preferences
46cd633 
 Instead asks user for the password at the start of the program if they
 have enabled proxy with password.
(Feat): #1 Added test for storage of proxy preferences
bd1446b 
Don't accept the pull request and start the testing when password changes
have been implemented.
(Fix) #4 Change to if statements
1cb1363
(Fix) #4 removed clear for testing purposes
63c49e9
@JacobTrossing
(feat) #6 Makes sure the password is not saved in registry
bc1181e 
 No ui changes in this commit, leaves password field empty on launch
(Fix) #1 Added further testing with mock data
329f3d4
(Fix) #1 Cleaned code and added description
af71f88
(Fix) fixed spelling and further explained the code through comments
2e5b5c7
Added second test for requirment R2 with appropriate comments.
3587914
(Refactor): #1 changed "testName" string to hostname => not hardcode
c0c5c37 
closes #1
@jakobewaldsson
(feat) #2 Added password dialog
01c529c
@jakobewaldsson
(feat) #2 Added functionality for password dialog pop up. It is trigg…
828110f 
…ered from JabRefGUI if proxy requires password
@jakobewaldsson
(fix) #2 proxy-password popup now only triggers if both proxy and aut…
cb3cac3 
…hentication are enabled, before only auth was checked
@JacobTrossing
Merge pull request #3 from JacobTrossing/feat-#1
4c06177 
(Feat): #1 Added test for storage of proxy preferences
@Darpos
Merge pull request #9 from JacobTrossing/Add-#2
e4d4f45 
(feat) #2 Adds pop-up asking for password at launch.
@JacobTrossing
Merge branch 'JabRef:main' into fix-for-issue-8055
f030f8f
(Fix) #10 Removed dependency issue test functions
6de6773
@Minhao037
(doc) Modified CHANGELOG.md to meet contribution requirements
425753e
@Darpos
Merge branch 'fix-for-issue-8055' into fix-#10
56ad2f2
@Minhao037
(fix) Corrected wrong spelling
af8a1ba
@JacobTrossing
Merge pull request #12 from JacobTrossing/fix-#10
62690de 
(Fix) #10 Removed dependency issue test functions
@JacobTrossing
Merge branch 'JabRef:main' into fix-for-issue-8055
90ff780
@jakobewaldsson
(fix) #2 Added Localization.lang to the english termes used for popup
1be0dbe
@JacobTrossing
(refactor) add back accidentally removed line
dbf9127
@jakobewaldsson
(fix) #14 changed import order and other checkstyle requirements
e55b28c
@koppor

koppor commented Mar 20, 2023

Copy link
Copy Markdown
Member

Summarizing the requirements of the issue:

  1. Ask for proxy password at first connect
  2. Ask the user whether they want to store the password permanently
  3. If no: The password is stored in-memory only
  4. If yes: Store the password using the Windows credential manager (or other credential managers). See Do not save password in Preferences #8055 (comment) for a discussion on the libraries.

This PR addresses the "If no" case only. It does not address all the other requirements.

Could you comment on your success investigating the libraries listed at #8055 (comment) - to handle requirements 2 and 4?

I am not sure whether requirement 1 is easy to implement.

@koppor koppor added the status: waiting-for-feedback The submitter or other users need to provide more information about the issue label Mar 23, 2023
@Siedlerchr Siedlerchr merged commit f4f3b3d into JabRef:main Mar 27, 2023
@calixtus calixtus mentioned this pull request Apr 5, 2023
Merged
@calixtus calixtus mentioned this pull request Jun 28, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

component: preferences status: waiting-for-feedback The submitter or other users need to provide more information about the issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Do not save password in Preferences

8 participants

@JacobTrossing @koppor @Siedlerchr @ThiloteE @jakobewaldsson @Darpos @Minhao037 @calixtus