starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-24 20:46:04 +03:00

[GH-ISSUE #1871] 🐛 [Bug] Settings Save page save permanently - not working cannot explicitly allow it #732

New issue

Open

opened 2026-02-25 21:35:46 +03:00 by kerem · 3 comments

kerem commented

2026-02-25 21:35:46 +03:00

Owner

Originally created by @PeopleInside on GitHub (Feb 17, 2026).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1871

🐛 Bug

On my .env file I have:
DEFAULT_SETTING_NO_PASSWORD_SAVE=true

But If I made settings change, for example the language and save the page then going into ?page=save I'm asked for password and some settings appear to be saved because an edit has been done.

I'm in production mode.
For save settings I have to save the page after edit settings (for example language) then to made permanent I need to go at ?page=save insert password and save.

As I set in the .env file
DEFAULT_SETTING_NO_PASSWORD_SAVE=true

I should not going to the page ?page=save to save.

If I dont do this all settings edit are lost after logout

Version & Environment

Version 2.6.0 (17 February 2026)

OS: Ubuntu 24 LTS

Originally created by @PeopleInside on GitHub (Feb 17, 2026). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1871 ## 🐛 Bug On my .env file I have: `DEFAULT_SETTING_NO_PASSWORD_SAVE=true` But If I made settings change, for example the language and save the page then going into ?page=save I'm asked for password and some settings appear to be saved because an edit has been done. I'm in production mode. For save settings I have to save the page after edit settings (for example language) then to made permanent I need to go at `?page=save` insert password and save. As I set in the .env file `DEFAULT_SETTING_NO_PASSWORD_SAVE=true` I should not going to the page ?page=save to save. If I dont do this all settings edit are lost after logout ### Version & Environment  Version 2.6.0 (17 February 2026)  OS: Ubuntu 24 LTS

kerem added the

bug

label

2026-02-25 21:35:46 +03:00

kerem commented

2026-02-25 21:35:47 +03:00

Author

Owner

@IrAlfred commented on GitHub (Feb 18, 2026):

@PeopleInside

The environment variable DEFAULT_SETTING_NO_PASSWORD_SAVE does not control whether user preferences/settings need to be saved via the ?page=save page. This setting only controls whether email account passwords (IMAP/SMTP) are persisted between sessions.

What This Setting Actually Does

When DEFAULT_SETTING_NO_PASSWORD_SAVE=true:

Email server passwords (IMAP/SMTP) are NOT saved on the server
Users must re-enter their email account passwords each session
More secure but less convenient

When DEFAULT_SETTING_NO_PASSWORD_SAVE=false:

Email server passwords ARE saved on the server
Users don't need to re-enter email passwords after logging in
More convenient but less secure

Expected Behavior (Working as Designed)

The requirement to visit ?page=save and enter your password to permanently save settings is intentional by design for security reasons:

During session: Settings changes are temporary (stored in session only)
To persist permanently: Users must explicitly navigate to ?page=save, enter their password, and click "Save"
Without permanent save: All changes are discarded on logout

There is no environment variable (for now) to bypass the ?page=save workflow. This is a core security feature of Cypht. To permanently save any settings changes (language, timezone, etc.), you must:

Make your changes in settings
Navigate to ?page=save
Enter your password
Click "Save" or "Save and Logout"

@IrAlfred commented on GitHub (Feb 18, 2026): @PeopleInside The environment variable `DEFAULT_SETTING_NO_PASSWORD_SAVE` does **not** control whether user preferences/settings need to be saved via the `?page=save` page. This setting only controls whether **email account passwords (IMAP/SMTP)** are persisted between sessions. ### What This Setting Actually Does **When `DEFAULT_SETTING_NO_PASSWORD_SAVE=true`:** - Email server passwords (IMAP/SMTP) are NOT saved on the server - Users must re-enter their email account passwords each session - **More secure** but less convenient **When `DEFAULT_SETTING_NO_PASSWORD_SAVE=false`:** - Email server passwords ARE saved on the server - Users don't need to re-enter email passwords after logging in - More convenient but less secure ### Expected Behavior (Working as Designed) The requirement to visit `?page=save` and enter your password to permanently save settings is **intentional by design** for security reasons: 1. **During session:** Settings changes are temporary (stored in session only) 2. **To persist permanently:** Users must explicitly navigate to `?page=save`, enter their password, and click "Save" 3. **Without permanent save:** All changes are discarded on logout **There is no environment variable (for now) to bypass the `?page=save` workflow.** This is a core security feature of Cypht. To permanently save any settings changes (language, timezone, etc.), you must: 1. Make your changes in settings 2. Navigate to `?page=save` 3. Enter your password 4. Click "Save" or "Save and Logout"

kerem commented

2026-02-25 21:35:47 +03:00

Author

Owner

@PeopleInside commented on GitHub (Feb 18, 2026):

Understood. Many time i loose settings and thing because of that. Pressed save and was thinking was saved then lost all.
Also is not very confrontabile have to save and remember to going into save page where a password is needed.
I keep this issue open so maybe in the future can exist a way to bypass this.
If you think this issue should be close you can close.

@PeopleInside commented on GitHub (Feb 18, 2026): Understood. Many time i loose settings and thing because of that. Pressed save and was thinking was saved then lost all. Also is not very confrontabile have to save and remember to going into save page where a password is needed. I keep this issue open so maybe in the future can exist a way to bypass this. If you think this issue should be close you can close.

kerem commented

2026-02-25 21:35:47 +03:00

Author

Owner

@IrAlfred commented on GitHub (Feb 18, 2026):

Understood. Many time i loose settings and thing because of that. Pressed save and was thinking was saved then lost all. Also is not very confrontabile have to save and remember to going into save page where a password is needed. I keep this issue open so maybe in the future can exist a way to bypass this. If you think this issue should be close you can close.

Let's keep this issue open. Here is another related comment https://github.com/cypht-org/cypht/issues/1815#issuecomment-3829491743. Seems a common case to forget to manually save the settings

@IrAlfred commented on GitHub (Feb 18, 2026): > Understood. Many time i loose settings and thing because of that. Pressed save and was thinking was saved then lost all. Also is not very confrontabile have to save and remember to going into save page where a password is needed. I keep this issue open so maybe in the future can exist a way to bypass this. If you think this issue should be close you can close. Let's keep this issue open. Here is another related comment https://github.com/cypht-org/cypht/issues/1815#issuecomment-3829491743. Seems a common case to forget to manually save the settings