lockbox

password manager
Log | Files | Refs | README | LICENSE
commit 9d30745d69593ffd1654b4ed6965e9a21b046a47
parent bdcea6c4acd5a15bcd395e414aba965badd92eb7
Author: Sean Enck <sean@ttypty.com>
Date:   Mon, 12 Jan 2026 20:02:19 -0500

Revert "enable including the path in the hash for uniqueness"

This reverts commit bdcea6c4acd5a15bcd395e414aba965badd92eb7.

Diffstat:

Mcmd/lb/main_test.go | 5-----


Mcmd/lb/tests/expected.log | 9---------


Minternal/config/vars.go | 8--------


Minternal/kdbx/query.go | 15+++++----------


Minternal/kdbx/query_test.go | 22+++-------------------


5 files changed, 8 insertions(+), 51 deletions(-)

diff --git a/cmd/lb/main_test.go b/cmd/lb/main_test.go
@@ -196,7 +196,6 @@ func test(profile string) error {
 		}
 	}
 
-	c["json.hash_path"] = "false"
 	c["readonly"] = "true"
 	r.writeConfig(c)
 	r.run("echo testing |", "insert test1/key1/password")
@@ -307,10 +306,6 @@ func test(profile string) error {
 	c["json.hash_length"] = "3"
 	r.writeConfig(c)
 	r.run("", "json test6/*")
-	c["json.mode"] = c.quoteString("hash")
-	c["json.hash_path"] = "true"
-	r.writeConfig(c)
-	r.run("", "json test6/*")
 
 	r.section("clipboard")
 	copyFile := filepath.Join(r.testDir, "clip.copy")
diff --git a/cmd/lb/tests/expected.log b/cmd/lb/tests/expected.log
@@ -392,14 +392,6 @@ json
     "password": "cbf"
   }
 }
-{
-  "test6/multiline": {
-    "modtime": "XXXX-XX-XX",
-    "notes": "4df",
-    "otp": "630",
-    "password": "4df"
-  }
-}
 clipboard
 invalids
 Wrong password? HMAC-SHA256 of header mismatching
@@ -419,7 +411,6 @@ store           ok
 env
 LOCKBOX_CLIP_COPY=[touch testdata/datadir/clip.copy]
 LOCKBOX_JSON_HASH_LENGTH=3
-LOCKBOX_JSON_HASH_PATH=true
 LOCKBOX_JSON_MODE=hash
 LOCKBOX_STORE=testdata/datadir/pass.kdbx
 LOCKBOX_TOTP_TIMEOUT=1
diff --git a/internal/config/vars.go b/internal/config/vars.go
@@ -177,12 +177,4 @@ Set to '%s' to ignore the set key value`, noKeyMode, IgnoreKeyMode),
 			flags:   []stringsFlags{canExpandFlag},
 		},
 	})
-	// EnvJSONHashPath will include path in hashing operations
-	EnvJSONHashPath = environmentRegister(EnvironmentBool{
-		environmentDefault: newDefaultedEnvironment(true,
-			environmentBase{
-				key:         jsonCategory + "HASH_PATH",
-				description: "Enable including the entity path in hashing of entries.",
-			}),
-	})
 )
diff --git a/internal/kdbx/query.go b/internal/kdbx/query.go
@@ -173,13 +173,12 @@ func (t *Transaction) QueryCallback(args QueryOptions) (QuerySeq2, error) {
 		}
 		jsonMode = m
 	}
-	hashPath := config.EnvJSONHashPath.Get()
-	jsonHasher := func(string, string) string {
+	jsonHasher := func(string) string {
 		return ""
 	}
 	switch jsonMode {
 	case output.JSONModes.Raw:
-		jsonHasher = func(val, _ string) string {
+		jsonHasher = func(val string) string {
 			return val
 		}
 	case output.JSONModes.Hash:
@@ -188,12 +187,8 @@ func (t *Transaction) QueryCallback(args QueryOptions) (QuerySeq2, error) {
 			return nil, err
 		}
 		l := int(hashLength)
-		jsonHasher = func(val, path string) string {
-			added := ""
-			if hashPath {
-				added = path
-			}
-			data := fmt.Sprintf("%x", sha512.Sum512([]byte(added+val)))
+		jsonHasher = func(val string) string {
+			data := fmt.Sprintf("%x", sha512.Sum512([]byte(val)))
 			if hashLength > 0 && len(data) > l {
 				data = data[0:hashLength]
 			}
@@ -215,7 +210,7 @@ func (t *Transaction) QueryCallback(args QueryOptions) (QuerySeq2, error) {
 					val = v.Value.Content
 					switch args.Values {
 					case JSONValue:
-						val = jsonHasher(val, entity.Path)
+						val = jsonHasher(val)
 					}
 				}
 				if key == modTimeKey || key == titleKey {
diff --git a/internal/kdbx/query_test.go b/internal/kdbx/query_test.go
@@ -148,7 +148,6 @@ func TestValueModes(t *testing.T) {
 			t.Errorf("invalid result value: %s", k)
 		}
 	}
-	store.SetBool("LOCKBOX_JSON_HASH_PATH", false)
 	q, err = fullSetup(t, true).Get("test/test/abc", kdbx.JSONValue)
 	if err != nil {
 		t.Errorf("no error: %v", err)
@@ -162,20 +161,6 @@ func TestValueModes(t *testing.T) {
 	}) {
 		t.Errorf("invalid entity: %v", q)
 	}
-	store.SetBool("LOCKBOX_JSON_HASH_PATH", true)
-	q, err = fullSetup(t, true).Get("test/test/abc", kdbx.JSONValue)
-	if err != nil {
-		t.Errorf("no error: %v", err)
-	}
-	if !compareEntity(q, kdbx.Entity{
-		Path: "test/test/abc",
-		Values: map[string]string{
-			"notes":    "aa9d44feade8efee5728a0a3ac61af09510649c2d2ef5ffa32187a48861c64c27ef5f204c7d4ee92bcbd1c18c53e76a4f2662987e1428ce4b51b7fe8f959074c",
-			"password": "9378107fdb4acbe3851bdd015017d35dcc921c18ce0c9ad24c730d3e1bf402ab1835ef547f8ccd191e21fd75d13fc86457dbbeae475e0ec817aae4c79ccf5884",
-		},
-	}) {
-		t.Errorf("invalid entity: %v", q)
-	}
 	store.SetInt64("LOCKBOX_JSON_HASH_LENGTH", 10)
 	q, err = fullSetup(t, true).Get("test/test/abc", kdbx.JSONValue)
 	if err != nil {
@@ -184,8 +169,8 @@ func TestValueModes(t *testing.T) {
 	if !compareEntity(q, kdbx.Entity{
 		Path: "test/test/abc",
 		Values: map[string]string{
-			"notes":    "aa9d44fead",
-			"password": "9378107fdb",
+			"notes":    "9057ff1aa9",
+			"password": "44276ba24d",
 		},
 	}) {
 		t.Errorf("invalid entity: %v", q)
@@ -288,7 +273,7 @@ func TestSetModTime(t *testing.T) {
 	if !compareEntity(q, kdbx.Entity{
 		Path: "test/xyz",
 		Values: map[string]string{
-			"password": "7117cd5faee8c269ced77e173fc88f3586bdb015099873deef6d97bcd41bb7494b17674ab98e3d78b7fffabbb331dd8c10be1d77bf5b9e485ec6f32f5dfca9e6",
+			"password": "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff",
 			"modtime":  testDateTime,
 		},
 	}) {
@@ -331,7 +316,6 @@ func TestAttributeModes(t *testing.T) {
 	}) {
 		t.Errorf("invalid entity: %v", q)
 	}
-	store.SetBool("LOCKBOX_JSON_HASH_PATH", false)
 	q, err = fullSetup(t, true).Get("test/test/totp", kdbx.JSONValue)
 	if err != nil {
 		t.Errorf("no error: %v", err)