[Qgis-psc] Grant report: Authentication system revision (v1.1)
Nyall Dawson
nyall.dawson at gmail.com
Thu Feb 6 20:56:40 PST 2025
PSC,
I'm writing to provide an update on the grant for QEP 289 --
Authentication system revision (v1.1)
This work is now complete. After in-depth review and discussions
between Alessandro Passotti and myself, and in-depth peer-reviews of
the submitted changesets, the entirety of the proposal from
https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278 was
deemed acceptable and has been now been merged into QGIS for 3.42.
This grant resulted in the following changes to the authentication framework:
- Passwords are now automatically synchronized with the system
keychain whenever a user changes their master password within QGIS.
Previously, this was a manual step which the user was required to do
themselves, and failure to do this step would result in an unreadable
authentication store. (see https://github.com/qgis/QGIS/pull/55227)
- On systems with keychain support (i.e. Windows, Linux) we now
automatically create a cryptographically secure random master
authentication password and store it in the keychain for all new user
profiles. This means that an out-of-the-box new QGIS install will
immediately have a usable authentication store ready to go, with no
manual user setup required. (see
https://github.com/qgis/QGIS/pull/55144). Note that this is not
functional on Mac OS builds due to lack of notarization (see
https://github.com/qgis/QGIS/issues/46175), Note that this logic can
be disabled for enterprise installs via settings ini configuration.
- When a QGIS user opts to change their master password and they are
using the default randomly generated keychain password, we no longer
prompt them for the existing password. This makes password change
operations more user-friendly, as the user will not know what this
random password was (unless they are knowledgeable enough to retrieve
it from the system keychain!). See
https://github.com/qgis/QGIS/pull/55228)
There was also an additional work item completed as part of this grant
which was not in the original proposal -- a round of UI tweaks were
made around password handling, including:
- Avoiding use of hardcoded English strings for the password wallet/keychain
- We don't confusingly offer to backup the authentication database if
non-sqlite storage in use
- We now require the new password to be confirmed in the Reset
Password dialog, so that users who make a typo in the new password
aren't permanently locked out of the db!
(see https://github.com/qgis/QGIS/pull/60441)
Overall, this grant has resulted in a better out-of-the-box experience
for both users and QGIS plugin developers who require secure storage
of credentials within QGIS.
Thanks again for the opportunity to work on this!
Nyall
More information about the QGIS-PSC
mailing list