Add command for retrieving the current TOTP (#5278)

src/browser/BrowserAction.cpp

@@ -107,6 +107,8 @@ QJsonObject BrowserAction::handleAction(const QJsonObject& json)
         return handleGetDatabaseGroups(json, action);
     } else if (action.compare("create-new-group", Qt::CaseSensitive) == 0) {
         return handleCreateNewGroup(json, action);
+    } else if (action.compare("get-totp", Qt::CaseSensitive) == 0) {
+        return handleGetTotp(json, action);
     }
 
     // Action was not recognized
@@ -465,6 +467,37 @@ QJsonObject BrowserAction::handleCreateNewGroup(const QJsonObject& json, const Q
     return buildResponse(action, message, newNonce);
 }
 
+QJsonObject BrowserAction::handleGetTotp(const QJsonObject& json, const QString& action)
+{
+    const QString nonce = json.value("nonce").toString();
+    const QString encrypted = json.value("message").toString();
+
+    if (!m_associated) {
+        return getErrorReply(action, ERROR_KEEPASS_ASSOCIATION_FAILED);
+    }
+
+    const QJsonObject decrypted = decryptMessage(encrypted, nonce);
+    if (decrypted.isEmpty()) {
+        return getErrorReply(action, ERROR_KEEPASS_CANNOT_DECRYPT_MESSAGE);
+    }
+
+    QString command = decrypted.value("action").toString();
+    if (command.isEmpty() || command.compare("get-totp", Qt::CaseSensitive) != 0) {
+        return getErrorReply(action, ERROR_KEEPASS_INCORRECT_ACTION);
+    }
+
+    const QString uuid = decrypted.value("uuid").toString();
+
+    // Get the current TOTP
+    const auto totp = browserService()->getCurrentTotp(uuid);
+    const QString newNonce = incrementNonce(nonce);
+
+    QJsonObject message = buildMessage(newNonce);
+    message["totp"] = totp;
+
+    return buildResponse(action, message, newNonce);
+}
+
 QJsonObject BrowserAction::getErrorReply(const QString& action, const int errorCode) const
 {
     QJsonObject response;

src/browser/BrowserAction.h

@@ -41,6 +41,7 @@ private:
     QJsonObject handleLockDatabase(const QJsonObject& json, const QString& action);
     QJsonObject handleGetDatabaseGroups(const QJsonObject& json, const QString& action);
     QJsonObject handleCreateNewGroup(const QJsonObject& json, const QString& action);
+    QJsonObject handleGetTotp(const QJsonObject& json, const QString& action);
 
     QJsonObject buildMessage(const QString& nonce) const;
     QJsonObject buildResponse(const QString& action, const QJsonObject& message, const QString& nonce);

src/browser/BrowserService.cpp

@@ -215,7 +215,6 @@ QJsonObject BrowserService::getDatabaseGroups()
 
 QJsonObject BrowserService::createNewGroup(const QString& groupName)
 {
-
     auto db = getDatabase();
     if (!db) {
         return {};
@@ -284,6 +283,31 @@ QJsonObject BrowserService::createNewGroup(const QString& groupName)
     return result;
 }
 
+QString BrowserService::getCurrentTotp(const QString& uuid)
+{
+    QList<QSharedPointer<Database>> databases;
+    if (browserSettings()->searchInAllDatabases()) {
+        for (auto dbWidget : getMainWindow()->getOpenDatabases()) {
+            auto db = dbWidget->database();
+            if (db) {
+                databases << db;
+            }
+        }
+    } else {
+        databases << getDatabase();
+    }
+
+    auto entryUuid = Tools::hexToUuid(uuid);
+    for (const auto& db : databases) {
+        auto entry = db->rootGroup()->findEntryByUuid(entryUuid, true);
+        if (entry) {
+            return entry->totp();
+        }
+    }
+
+    return {};
+}
+
 QString BrowserService::storeKey(const QString& key)
 {
     auto db = getDatabase();

src/browser/BrowserService.h

@@ -58,6 +58,7 @@ public:
 
     QJsonObject getDatabaseGroups();
     QJsonObject createNewGroup(const QString& groupName);
+    QString getCurrentTotp(const QString& uuid);
 
     void addEntry(const QString& dbid,
                   const QString& login,