When changing master password, don't prompt for the existing password if it is stored in the system password helper and is valid

[nyalldawson]

No description provided.

[benoitdm-oslandia]

LGTM

[elpaso]

I think that the original behavior was created to prevent someone to change the master password on somebody else's PC while a session is opened.

It is quite the standard behavior that you have to re-digit the old password in order to set a new one.

[nyalldawson]

@elpaso how would you suggest we handle the situation that the user has never seen the current password then?

I think we need to make a trade off here. If someone has access to someone else's qgis sessions, all assumptions of security (both inside and outside qgis) are completely gone. A knowledgeable person could easily extract and access all that user's secure credentials. (Or even just install a keylogger to snoop on everything!) 😂

[elpaso]

@elpaso how would you suggest we handle the situation that the user has never seen the current password then?

I would have preferred to see all these changes to the auth system discussed into a QEP.

When it comes to security we need to pay attention: the auth system was carefully designed and it has been used by large organizations and government for a decade.

I think we need to make a trade off here. If someone has access to someone else's qgis sessions, all assumptions of security (both inside and outside qgis) are completely gone. A knowledgeable person could easily extract and access all that user's secure credentials. (Or even just install a keylogger to snoop on everything!) 😂

You never had a spiteful colleague with a taste for bad jokes?

Anyway, I'm not a corporate/government user of QGIS, I'd happily follow the opinion of those.

[nyalldawson]

@elpaso

I would have preferred to see all these changes to the auth system discussed into a QEP.

Good point -- I've created a QEP at qgis/QGIS-Enhancement-Proposals#278 for greater discussion

[github-actions]

The QGIS project highly values your contribution and would love to see this work merged! Unfortunately this PR has not had any activity in the last 14 days and is being automatically marked as "stale". If you think this pull request should be merged, please check

• that all unit tests are passing

• that all comments by reviewers have been addressed

• that there is enough information for reviewers, in particular

  • link to any issues which this pull request fixes

  • add a description of workflows which this pull request fixes

  • add screenshots if applicable

• that you have written unit tests where possible
  In case you should have any uncertainty, please leave a comment and we will be happy to help you proceed with this pull request.
  If there is no further activity on this pull request, it will be closed in a week.

[github-actions]

While we hate to see this happen, this PR has been automatically closed because it has not had any activity in the last 21 days. If this pull request should be reconsidered, please follow the guidelines in the previous comment and reopen this pull request. Or, if you have any further questions, just ask! We love to help, and if there's anything the QGIS project can do to help push this PR forward please let us know how we can assist.