OTP setup overwrites existing KeePassOTP.RecoveryCodes
Adambean opened this issue · 3 comments
Overview
Scenario: You've decided to start using this plug-in because you like the idea of KeePass housing your OTPs in addition to your phone or whatever, however prior to using this plug-in you had MFA recovery codes as a string field in entries already like a good boy. You also noticed that this plug-in used field name "KeePassOTP.RecoveryCodes" so you used the entry search tool to replace whatever field name you were using for "KeePassOTP.RecoveryCodes" in bulk.
When you proceed to setup OTP on an entry your existing "KeePassOTP.RecoveryCodes" string fields will be overwritten.
Steps to Reproduce
- Have a KeePass entry with a "KeePassOTP.RecoveryCodes" string field.
- Proceed to Setup OTP and import your QR code.
- The Recovery Codes field will not read the existing "KeePassOTP.RecoveryCodes" string field, it'll be empty.
Expected Behavior
When using Setup OTP any existing "KeePassOTP.RecoveryCodes" string field should be read into the Recovery Codes tab.
Actual Behavior
When you save your OTP your recovery codes would be lost.
Context
OS: Windows 10
KeePass Version: 2.52 (64-bit)
Plugin Version: 1.5
I will check this when I'm back home.
To be sure my understanding is correct:
KeePassOTP.RecoveryCodes should be preserved when setting up OTP for an entry and this is not the case as of now?
If OTP is already set up, KeePassOTP.RecoveryCodes is shown in the OTP details as expected and won't be cleared after changing something?
Yep, that's correct on both points. No problem if OTP is already set up.
Having not checked the plug-in source code I suspect the Setup OTP form only checks for the existence of a "otp" string field to decide whether it should also retrieve the "KeePassOTP.RecoveryCodes" content, instead of looking for "KeePassOTP.RecoveryCodes" independently.
^ Thanks for resolving this. I've just tried version 1.6.2, looks fixed to me. :)