<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 22:32:35 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[COMPASS-3235] Eliminate multiple keychain password requests</title>
                <link>https://jira.mongodb.org/browse/COMPASS-3235</link>
                <project id="13182" key="COMPASS">Compass </project>
                    <description>&lt;p&gt;The multiple keychain password prompt has been a long-running unexplained behavior we haven&apos;t been able to get to the bottom of. A roll-up of bug reports:&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-1767&quot; title=&quot;Keychain approval appears many times after initial install&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-1767&quot;&gt;&lt;del&gt;COMPASS-1767&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-3091&quot; title=&quot;Investigate Password Storage Regression on 1.15.0&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-3091&quot;&gt;&lt;del&gt;COMPASS-3091&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-3147&quot; title=&quot;Clicking allow, deny, or always allow does not cause keychain access prompt to close&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-3147&quot;&gt;&lt;del&gt;COMPASS-3147&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-3215&quot; title=&quot;Repeated request for keychain password&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-3215&quot;&gt;&lt;del&gt;COMPASS-3215&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;My hunch after re-reading these tickets is this happens after an auto-update or a manual upgrade. What&apos;s most likely is that we simply need to call &lt;tt&gt;keytar&lt;/tt&gt; methods from the main process via ipc rather than from the renderer as we do today. &lt;a href=&quot;https://stackoverflow.com/a/43239854&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;See this example on stackoverflow&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://medium.com/cameron-nokes/how-to-securely-store-sensitive-information-in-electron-with-node-keytar-51af99f1cfc4&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;From this blog post&lt;/a&gt;:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;One other important note: I recommend you only call node-keytar from the main process. If you set a password from the main process and then attempt to get it from a renderer process, it&#8217;ll prompt a permissions dialog for the user (this is macOS only, Windows doesn&#8217;t seem to mind either way). Additionally, I think it&#8217;s cleaner and clearer to the user if the access control list has your app name and it&#8217;s icon, instead of MyApp Helper and the generic app icon which is what you get when a renderer sets it.&lt;/p&gt;&lt;/blockquote&gt;




&lt;p&gt;More notes from previous tickets rolled up below.&lt;/p&gt;

&lt;p&gt;&amp;#8212;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://developer.apple.com/documentation/security/1397301-seckeychainfindgenericpassword?language=objc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;&lt;tt&gt;SecKeychainFindGenericPassword&lt;/tt&gt;&lt;/a&gt;, which is the method &lt;a href=&quot;https://github.com/atom/node-keytar/blob/master/src/keytar_mac.cc#L107&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;&lt;tt&gt;keytar&lt;/tt&gt; uses to read a stored connection password&lt;/a&gt;. In the discussion:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;This function automatically calls the function &lt;a href=&quot;https://developer.apple.com/documentation/security/1400341-seckeychainunlock?language=objc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;&lt;tt&gt;SecKeychainUnlock&lt;/tt&gt;&lt;/a&gt; to display the Unlock Keychain dialog box if the keychain is currently locked.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;A few ideas on what might need to happen:&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Maybe something in the keytar bindings is too specific?&lt;br/&gt;
Maybe when we run app-migrations today, macOS needs to re-validate or something?&lt;/li&gt;
	&lt;li&gt;Maybe a bulk-read call to fetch all passwords with &lt;tt&gt;FindPassword&lt;/tt&gt; would guarantee this unlock dialog is shown once and only once in all cases (a single, implicit &lt;tt&gt;SecKeychainUnlock&lt;/tt&gt; call), but there are some potential security implications to consider.&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="629674">COMPASS-3235</key>
            <summary>Eliminate multiple keychain password requests</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="2" iconUrl="https://jira.mongodb.org/images/icons/priorities/critical.svg">Critical - P2</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="durran.jordan@mongodb.com">Durran Jordan</assignee>
                                    <reporter username="lucas.hrabovsky">Lucas Hrabovsky</reporter>
                        <labels>
                            <label>security</label>
                    </labels>
                <created>Tue, 6 Nov 2018 15:10:56 +0000</created>
                <updated>Sun, 29 Oct 2023 02:41:11 +0000</updated>
                            <resolved>Tue, 10 Sep 2019 12:43:45 +0000</resolved>
                                    <version>1.19.0</version>
                                    <fixVersion>1.20.0</fixVersion>
                                    <component>Connectivity</component>
                    <component>Favorites</component>
                    <component>Security</component>
                        <due></due>
                            <votes>1</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="2368210" author="elie@draftfantasyfootball.co.uk" created="Tue, 13 Aug 2019 09:12:12 +0000"  >&lt;p&gt;This still seems to be an issue. Since downloading 1.19.0 I cannot use Compass anymore. It keeps asking for keychain password.&lt;/p&gt;</comment>
                            <comment id="2206778" author="durran.jordan@10gen.com" created="Tue, 9 Apr 2019 16:18:42 +0000"  >&lt;p&gt;Have not seen this on master in a few weeks.&lt;/p&gt;</comment>
                            <comment id="2196203" author="xgen-internal-githook" created="Fri, 29 Mar 2019 16:53:11 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;email&apos;: &apos;durran@gmail.com&apos;, &apos;name&apos;: &apos;Durran Jordan&apos;, &apos;username&apos;: &apos;durran&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-3546&quot; title=&quot;Connection Model Not Setting Username and Password&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-3546&quot;&gt;&lt;del&gt;COMPASS-3546&lt;/del&gt;&lt;/a&gt;: Fix Connections Requiring Password:&lt;/p&gt;

&lt;p&gt;The connection model version was not updated in the data-service to the&lt;br/&gt;
models that both Compass and the data-service were using were actually&lt;br/&gt;
different. Compass was using an extended model and the data-service was&lt;br/&gt;
using the old undecorated model. This meant where the actuall connection&lt;br/&gt;
was happening in the data-service the model was not properly retrieving&lt;br/&gt;
the username and password from the secure storage.&lt;/p&gt;

&lt;p&gt;This fixes that issue, and also removes the cyclic dependency between&lt;br/&gt;
the extended connection model and the data-service. The #test method was&lt;br/&gt;
not used in Compass thus the data-service connection testing&lt;br/&gt;
functionality in the model itself was no longer needed. This must only&lt;br/&gt;
happen in the data service.&lt;/p&gt;

&lt;p&gt;This also brings the keytar versions in the data-service and Compass in&lt;br/&gt;
line. Could potentially fix &lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-3235&quot; title=&quot;Eliminate multiple keychain password requests&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-3235&quot;&gt;&lt;del&gt;COMPASS-3235&lt;/del&gt;&lt;/a&gt;. I don&apos;t see this behaviour&lt;br/&gt;
anymore but will give it some time. This also fixes the tests in the&lt;br/&gt;
data-service since the electron require in the extended models now&lt;br/&gt;
protect against failure to load electron in pure node envs.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/compass/commit/79c7a05b35a123c7d17aec51e9b5671209939ded&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/compass/commit/79c7a05b35a123c7d17aec51e9b5671209939ded&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2196194" author="xgen-internal-githook" created="Fri, 29 Mar 2019 16:47:37 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;email&apos;: &apos;durran@gmail.com&apos;, &apos;name&apos;: &apos;Durran Jordan&apos;, &apos;username&apos;: &apos;durran&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-3546&quot; title=&quot;Connection Model Not Setting Username and Password&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-3546&quot;&gt;&lt;del&gt;COMPASS-3546&lt;/del&gt;&lt;/a&gt;: Fix Connections Requiring Password:&lt;/p&gt;

&lt;p&gt;The connection model version was not updated in the data-service to the&lt;br/&gt;
models that both Compass and the data-service were using were actually&lt;br/&gt;
different. Compass was using an extended model and the data-service was&lt;br/&gt;
using the old undecorated model. This meant where the actuall connection&lt;br/&gt;
was happening in the data-service the model was not properly retrieving&lt;br/&gt;
the username and password from the secure storage.&lt;/p&gt;

&lt;p&gt;This fixes that issue, and also removes the cyclic dependency between&lt;br/&gt;
the extended connection model and the data-service. The #test method was&lt;br/&gt;
not used in Compass thus the data-service connection testing&lt;br/&gt;
functionality in the model itself was no longer needed. This must only&lt;br/&gt;
happen in the data service.&lt;/p&gt;

&lt;p&gt;This also brings the keytar versions in the data-service and Compass in&lt;br/&gt;
line. Could potentially fix &lt;a href=&quot;https://jira.mongodb.org/browse/COMPASS-3235&quot; title=&quot;Eliminate multiple keychain password requests&quot; class=&quot;issue-link&quot; data-issue-key=&quot;COMPASS-3235&quot;&gt;&lt;del&gt;COMPASS-3235&lt;/del&gt;&lt;/a&gt;. I don&apos;t see this behaviour&lt;br/&gt;
anymore but will give it some time. This also fixes the tests in the&lt;br/&gt;
data-service since the electron require in the extended models now&lt;br/&gt;
protect against failure to load electron in pure node envs.&lt;br/&gt;
Branch: fix-connect&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/compass/commit/913f64c8c13d5482bb1a1c45a918f5a9dcf4d633&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/compass/commit/913f64c8c13d5482bb1a1c45a918f5a9dcf4d633&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="702837">COMPASS-3469</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="597136">COMPASS-3091</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="610263">COMPASS-3147</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="809179">COMPASS-3710</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="418380">COMPASS-1767</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="622218">COMPASS-3215</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="226974" name="Screen Shot 2019-08-13 at 10.09.43 AM.png" size="185736" author="felicia.hsieh@mongodb.com" created="Tue, 13 Aug 2019 14:09:57 +0000"/>
                            <attachment id="211530" name="keychain-password-requests.mov" size="5532660" author="massimiliano.marcon@mongodb.com" created="Fri, 15 Mar 2019 15:13:46 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 15 Mar 2019 15:13:57 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        4 years, 26 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10257" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Documentation Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10250"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14266" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Documentation Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;It&apos;s worth including in the release notes for Compass 1.20 that on OSX, after the upgrade, Compass will ask for the keychain password a few times (depending on the number of favorites). In this release, we changed the process that loads the favorites and our expectation is that this is the last time the user will have to enter their keychain password after an update.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>COMPASS-3417</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            4 years, 26 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>durran.jordan@mongodb.com</customfieldvalue>
            <customfieldvalue>elie@draftfantasyfootball.co.uk</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>lucas.hrabovsky</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|huc69r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hw405z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="2926">Iteration Bison</customfieldvalue>
    <customfieldvalue id="3250">Iteration Manatee</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10555" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hubsj3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>