Moving documents between accounts in v7 causes data loss
I've recently upgraded to 1Password 7 from v4 and set up a Families account and a Teams account - I have over 1,500 entries in my vault, many of which are related to my business, so I figured it was a good chance to separate that data out.
However, during the process of moving things to my Teams account, I discovered a pretty serious data loss issue.
Documents moved between accounts lose their file!
I see the following message:
... and the file is just gone - the document record is moved but the attached file simply disappears. This is kind of a big deal given that these are important things like SSH keys, license keys and other things I only keep in my vault. Indeed, I consider any kind of data loss in my password file to be an extremely big deal.
Fortunately I have a backup of my v4 vault (or the opvault) I can recover this stuff from - but it's not filling me with confidence that 1Password v7 is stable enough for business use yet, especially when a key bit of functionality (being able to use multiple accounts in parallel) guarantees data loss? It wouldn't even be an issue if you only ever used one type of account - it's specifically related to moving between accounts.
Note that I tested this both ways - created a document in my Families account and moved it to my Teams account, then created a document in my Teams account and moved it to my Families account - in both cases the data was lost, so it doesn't seem related to a specific type of 1Password.com account?
I also tried it on Android and it did work as expected - the document was successfully moved between accounts with the file still attached - so I'm guessing this is a Windows v7 client related issue?
Steps to reproduce:
1. create a new document and attach a file
2. move that document to any vault in a different account
3. the document record is moved, but the attached file is stripped from the document in the destination account
1Password Version: 7.3.657
Extension Version: Not Provided
OS Version: Windows 10 Pro 1803
Sync Type: 1Password.com
Comments
-
Hello, @SimonHampel! This actually shouldn't be causing data loss – the Documents are still in the vault they were originally. They are skipped in that they're not moved or delted – they just stay put. Keep in mind 1Password.com is different from standalone vaults in that any Document items are discreet items in addition to being able to be linked to other items. With a standalone vault, those Documents only existed as part of the item they were attached to. Not so with 1Password.com. Check the vault you moved from. You should find the Document item(s) that matches the one the item(s) you moved were linked to. You do have to download that Document item, re-add it to the new account and link it to the item again and I apologize for that fuss. It's something we want to improve in the future. Since local copies of Documents aren't maintained unless you download them, we can't decrypt them and then re-encrypt them with the keys for the new account the way we can with normal items, but we're definitely thinking about ways to handle this more seamlessly. As you noted, this works fine when moving between vaults in the same account, so once you get everything into the proper account, this isn't something that should give you many problems moving forward, assuming your Business items will remain in your Business account. :+1:
0 -
@bundtkate I think you may have misunderstood the issue?
I am not dealing with attachments imported from my standalone vault - I'm aware of the limitations there and I can see how it all works.
I am specifically referring to moving a newly created document (not linked to any existing entry - just a "document" record), and it really has disappeared.
Try my "steps to reproduce" - create a new document:
... attach a file ...
... save it and then move it to a different account.
... the attached file has now been stripped.
This has nothing to do with linked records.
once you get everything into the proper account, this isn't something that should give you many problems moving forward, assuming your Business items will remain in your Business account
Unfortunately, this is not the case - since we have to choose a default vault to save any new records into - there is always going to be a need to move documents between accounts - since the alternative is to first change the default vault for new items, then create the new document, then change it back.
It would be less of an issue if we could choose which vault to create the item in at the time we created it - but the fact of the matter is that moving documents between accounts is a perfectly reasonable thing to do and it is currently causing data loss.
0 -
Thanks so much for the clarity, @SimonHampel! Indeed, I am able to reproduce this with your steps. Moving is actually a copy action followed by a delete action. Both steps should be skipped when moving Documents and it appears we're not skipping either at the moment even though the Document file can't be copied. My apologies for the misunderstanding – I just did some testing a short while back with moving items with linked Documents and noticed that the Document still shows up as linked even though it's not and your description sounded so much like my experience, I thought it was the same thing. I'll make sure this gets filed and fixed up. That is pretty yucky, to say the least.
A few things for now. First, that item will be in your trash and you can restore it directly from there – we are rather paranoid about deleting data and make you jump through some hoops to fully get rid of things. Even if you happen to empty the trash, you can always restore an item from item history. On the vault for saving front, this is where items will be saved if you create a new item from All Vaults, but you absolutely can create a new item in a particular vault that isn't your default vault for saving. Press Ctrl + D, select the vault you want the new item to be created in, then create the item and it will save to the vault you selected. :+1:
0 -
I'll make sure this gets filed and fixed up.
Excellent - thanks.
Moving is actually a copy action followed by a delete action. Both steps should be skipped when moving Documents and it appears we're not skipping either at the moment even though the Document file can't be copied.
Curious as to why you say the document file can't be copied? Is this related to the decryption/encryption process you mentioned and how it relates to files (as opposed to normal items)?
If this is the case, why does moving a document between accounts work on Android?
0 -
Hi @SimonHampel,
Curious as to why you say the document file can't be copied? Is this related to the decryption/encryption process you mentioned and how it relates to files (as opposed to normal items)?
Yes, the way files are encrypted and stored is separate from the items, which is stored as a row in your 1Password's database. For files, we upload it via a dedicated Files API and link that file to your item.
When you move or copy between accounts, it must be re-encrypted with the other account's keysets. However, the problem is that 1Password doesn't download all of your encrypted files in your account at once, it only download the file at user's request within the Document itself. So, when you move the Document item, there is no file attached to it yet. The proper resolution is that it has to download the file first, re-encrypt the file with the other account's keyset and then re-upload it via the Files API and then finally re-link to that moved item in the other account. This is not implemented yet, so we had code to exclude Document items and warn users but unfortunately, you found a bug in the logic there, it was not excluded properly.
We're actually working on this at we speak; 1Password will not only download the files automatically before the move is done but also support the ability to download all files as per user's request. However, we don't have a timeframe on this. We'll look at fixing the exclusion bug first.
0
