Revert async Access Confirm Dialog

2024-10-01 01:26:01 -04:00 · 2022-10-26 10:24:49 +03:00 · 2022-10-26 10:24:49 +03:00 · 37baa6fd25
commit 37baa6fd25
parent 69f05d4c26
6 changed files with 102 additions and 286 deletions
--- a/src/browser/BrowserAccessControlDialog.cpp
+++ b/src/browser/BrowserAccessControlDialog.cpp
@ -32,30 +32,16 @@ BrowserAccessControlDialog::BrowserAccessControlDialog(QWidget* parent)

    m_ui->setupUi(this);

-    connect(m_ui->allowButton, SIGNAL(clicked()), SLOT(acceptSelections()));
-    connect(m_ui->denyButton, SIGNAL(clicked()), SLOT(rejectSelections()));
-    connect(this, SIGNAL(rejected()), this, SIGNAL(closed()));
+    connect(m_ui->allowButton, SIGNAL(clicked()), SLOT(accept()));
+    connect(m_ui->denyButton, SIGNAL(clicked()), SLOT(reject()));
 }

 BrowserAccessControlDialog::~BrowserAccessControlDialog()
 {
 }

-void BrowserAccessControlDialog::closeEvent(QCloseEvent* event)
+void BrowserAccessControlDialog::setItems(const QList<Entry*>& items, const QString& urlString, bool httpAuth)
 {
-    // Emits closed signal when clicking X from title bar
-    emit closed();
-    event->accept();
-}
-
-void BrowserAccessControlDialog::setItems(const QList<Entry*>& entriesToConfirm,
-                                          const QList<Entry*>& allowedEntries,
-                                          const QString& urlString,
-                                          bool httpAuth)
-{
-    m_entriesToConfirm = entriesToConfirm;
-    m_allowedEntries = allowedEntries;
-
    QUrl url(urlString);
    m_ui->siteLabel->setText(m_ui->siteLabel->text().arg(
        url.toDisplayString(QUrl::RemoveUserInfo | QUrl::RemovePath | QUrl::RemoveQuery | QUrl::RemoveFragment)));
@ -63,11 +49,11 @@ void BrowserAccessControlDialog::setItems(const QList<Entry*>& entriesToConfirm,
    m_ui->rememberDecisionCheckBox->setVisible(!httpAuth);
    m_ui->rememberDecisionCheckBox->setChecked(false);

-    m_ui->itemsTable->setRowCount(entriesToConfirm.count());
+    m_ui->itemsTable->setRowCount(items.count());
    m_ui->itemsTable->setColumnCount(2);

    int row = 0;
-    for (const auto& entry : entriesToConfirm) {
+    for (const auto& entry : items) {
        auto item = new QTableWidgetItem();
        item->setText(entry->title() + " - " + entry->username());
        item->setData(Qt::UserRole, row);
@ -77,23 +63,18 @@ void BrowserAccessControlDialog::setItems(const QList<Entry*>& entriesToConfirm,

        auto disableButton = new QPushButton(tr("Disable for this site"));
        disableButton->setAutoDefault(false);
-
        connect(disableButton, &QAbstractButton::pressed, [&, item] {
            emit disableAccess(item);
            m_ui->itemsTable->removeRow(item->row());
-
            if (m_ui->itemsTable->rowCount() == 0) {
-                emit closed();
+                reject();
            }
        });
        m_ui->itemsTable->setCellWidget(row, 1, disableButton);
-
        ++row;
    }
-
    m_ui->itemsTable->resizeColumnsToContents();
    m_ui->itemsTable->horizontalHeader()->setSectionResizeMode(0, QHeaderView::Stretch);
-
    m_ui->allowButton->setFocus();
 }

@ -102,11 +83,6 @@ bool BrowserAccessControlDialog::remember() const
    return m_ui->rememberDecisionCheckBox->isChecked();
 }

-bool BrowserAccessControlDialog::entriesAccepted() const
-{
-    return m_entriesAccepted;
-}
-
 QList<QTableWidgetItem*> BrowserAccessControlDialog::getSelectedEntries() const
 {
    QList<QTableWidgetItem*> selected;
@ -130,19 +106,3 @@ QList<QTableWidgetItem*> BrowserAccessControlDialog::getNonSelectedEntries() con
    }
    return notSelected;
 }
-
-void BrowserAccessControlDialog::acceptSelections()
-{
-    auto selectedEntries = getSelectedEntries();
-
-    m_entriesAccepted = true;
-    emit acceptEntries(selectedEntries, m_entriesToConfirm, m_allowedEntries);
-    emit closed();
-}
-
-void BrowserAccessControlDialog::rejectSelections()
-{
-    auto rejectedEntries = getNonSelectedEntries();
-    emit rejectEntries(rejectedEntries, m_entriesToConfirm);
-    emit closed();
-}
--- a/src/browser/BrowserAccessControlDialog.h
+++ b/src/browser/BrowserAccessControlDialog.h
@ -37,28 +37,14 @@ public:
    explicit BrowserAccessControlDialog(QWidget* parent = nullptr);
    ~BrowserAccessControlDialog() override;

-    void setItems(const QList<Entry*>& entriesToConfirm,
-                  const QList<Entry*>& allowedEntries,
-                  const QString& urlString,
-                  bool httpAuth);
+    void setItems(const QList<Entry*>& items, const QString& urlString, bool httpAuth);
    bool remember() const;
-    bool entriesAccepted() const;

    QList<QTableWidgetItem*> getSelectedEntries() const;
    QList<QTableWidgetItem*> getNonSelectedEntries() const;

 signals:
    void disableAccess(QTableWidgetItem* item);
-    void acceptEntries(QList<QTableWidgetItem*> items, QList<Entry*> entriesToConfirm, QList<Entry*> allowedEntries);
-    void rejectEntries(QList<QTableWidgetItem*> items, QList<Entry*> entriesToConfirm);
-    void closed();
-
-public slots:
-    void acceptSelections();
-    void rejectSelections();
-
-private:
-    void closeEvent(QCloseEvent* event) override;

 private:
    QScopedPointer<Ui::BrowserAccessControlDialog> m_ui;
--- a/src/browser/BrowserAction.cpp
+++ b/src/browser/BrowserAction.cpp
@ -76,7 +76,7 @@ QJsonObject BrowserAction::handleAction(QLocalSocket* socket, const QJsonObject&
    } else if (action.compare("test-associate") == 0) {
        return handleTestAssociate(json, action);
    } else if (action.compare("get-logins") == 0) {
-        return handleGetLogins(socket, json, action);
+        return handleGetLogins(json, action);
    } else if (action.compare("generate-password") == 0) {
        return handleGeneratePassword(socket, json, action);
    } else if (action.compare("set-login") == 0) {
@ -231,7 +231,7 @@ QJsonObject BrowserAction::handleTestAssociate(const QJsonObject& json, const QS
    return buildResponse(action, message, newNonce);
 }

-QJsonObject BrowserAction::handleGetLogins(QLocalSocket* socket, const QJsonObject& json, const QString& action)
+QJsonObject BrowserAction::handleGetLogins(const QJsonObject& json, const QString& action)
 {
    const QString hash = browserService()->getDatabaseHash();
    const QString nonce = json.value("nonce").toString();
@ -264,31 +264,19 @@ QJsonObject BrowserAction::handleGetLogins(QLocalSocket* socket, const QJsonObje
    const QString formUrl = decrypted.value("submitUrl").toString();
    const QString auth = decrypted.value("httpAuth").toString();
    const bool httpAuth = auth.compare(TRUE_STR) == 0;
-    auto requestId = decrypted.value("requestID").toString();

-    if (browserService()->isAccessConfirmRequested()) {
-        auto errorReply = getErrorReply(action, ERROR_KEEPASS_ACTION_CANCELLED_OR_DENIED);
-
-        if (!requestId.isEmpty()) {
-            errorReply["requestID"] = requestId;
-        }
-
-        return errorReply;
+    const QJsonArray users = browserService()->findMatchingEntries(id, siteUrl, formUrl, "", keyList, httpAuth);
+    if (users.isEmpty()) {
+        return getErrorReply(action, ERROR_KEEPASS_NO_LOGINS_FOUND);
    }

-    browserService()->findEntries(socket,
-                                  incrementedNonce,
-                                  m_clientPublicKey,
-                                  m_secretKey,
-                                  id,
-                                  hash,
-                                  requestId,
-                                  siteUrl,
-                                  formUrl,
-                                  "",
-                                  keyList,
-                                  httpAuth);
-    return QJsonObject();
+    QJsonObject message = browserMessageBuilder()->buildMessage(incrementedNonce);
+    message["count"] = users.count();
+    message["entries"] = users;
+    message["hash"] = hash;
+    message["id"] = id;
+
+    return buildResponse(action, message, incrementedNonce);
 }

 QJsonObject BrowserAction::handleGeneratePassword(QLocalSocket* socket, const QJsonObject& json, const QString& action)
--- a/src/browser/BrowserAction.h
+++ b/src/browser/BrowserAction.h
@ -37,7 +37,7 @@ private:
    QJsonObject handleGetDatabaseHash(const QJsonObject& json, const QString& action);
    QJsonObject handleAssociate(const QJsonObject& json, const QString& action);
    QJsonObject handleTestAssociate(const QJsonObject& json, const QString& action);
-    QJsonObject handleGetLogins(QLocalSocket* socket, const QJsonObject& json, const QString& action);
+    QJsonObject handleGetLogins(const QJsonObject& json, const QString& action);
    QJsonObject handleGeneratePassword(QLocalSocket* socket, const QJsonObject& json, const QString& action);
    QJsonObject handleSetLogin(const QJsonObject& json, const QString& action);
    QJsonObject handleLockDatabase(const QJsonObject& json, const QString& action);
--- a/src/browser/BrowserService.cpp
+++ b/src/browser/BrowserService.cpp
@ -1,6 +1,5 @@
 /*
 *  Copyright (C) 2013 Francois Ferrand
- *  Copyright (C) 2017 Sami Vänttinen <sami.vanttinen@protonmail.com>
 *  Copyright (C) 2022 KeePassXC Team <team@keepassxc.org>
 *
 *  This program is free software: you can redistribute it and/or modify
@ -64,9 +63,9 @@ Q_GLOBAL_STATIC(BrowserService, s_browserService);
 BrowserService::BrowserService()
    : QObject()
    , m_browserHost(new BrowserHost)
+    , m_dialogActive(false)
    , m_bringToFrontRequested(false)
    , m_passwordGeneratorRequested(false)
-    , m_accessConfirmRequested(false)
    , m_prevWindowState(WindowState::Normal)
    , m_keepassBrowserUUID(Tools::hexToUuid("de887cc3036343b8974b5911b8816224"))
 {
@ -314,18 +313,12 @@ QString BrowserService::getCurrentTotp(const QString& uuid)
    return {};
 }

-void BrowserService::findEntries(QLocalSocket* socket,
-                                 const QString& nonce,
-                                 const QString& publicKey,
-                                 const QString& secretKey,
-                                 const QString& dbid,
-                                 const QString& hash,
-                                 const QString& requestId,
-                                 const QString& siteUrl,
-                                 const QString& formUrl,
-                                 const QString& realm,
-                                 const StringPairList& keyList,
-                                 const bool httpAuth)
+QJsonArray BrowserService::findMatchingEntries(const QString& dbid,
+                                               const QString& siteUrl,
+                                               const QString& formUrl,
+                                               const QString& realm,
+                                               const StringPairList& keyList,
+                                               const bool httpAuth)
 {
    Q_UNUSED(dbid);
    const bool alwaysAllowAccess = browserSettings()->alwaysAllowAccess();
@ -334,8 +327,8 @@ void BrowserService::findEntries(QLocalSocket* socket,
    const QString formHost = QUrl(formUrl).host();

    // Check entries for authorization
-    QList<Entry*> entriesToConfirm;
-    QList<Entry*> allowedEntries;
+    QList<Entry*> pwEntriesToConfirm;
+    QList<Entry*> pwEntries;
    for (auto* entry : searchEntries(siteUrl, formUrl, keyList)) {
        auto entryCustomData = entry->customData();

@ -355,7 +348,7 @@ void BrowserService::findEntries(QLocalSocket* socket,

        // HTTP Basic Auth always needs a confirmation
        if (!ignoreHttpAuth && httpAuth) {
-            entriesToConfirm.append(entry);
+            pwEntriesToConfirm.append(entry);
            continue;
        }

@ -365,166 +358,87 @@ void BrowserService::findEntries(QLocalSocket* socket,

        case Unknown:
            if (alwaysAllowAccess) {
-                allowedEntries.append(entry);
+                pwEntries.append(entry);
            } else {
-                entriesToConfirm.append(entry);
+                pwEntriesToConfirm.append(entry);
            }
            break;

        case Allowed:
-            allowedEntries.append(entry);
+            pwEntries.append(entry);
            break;
        }
    }

-    if (entriesToConfirm.isEmpty()) {
-        sendCredentialsToClient(allowedEntries, socket, nonce, publicKey, secretKey, hash, dbid, siteUrl, formUrl);
-        return;
+    // Confirm entries
+    QList<Entry*> selectedEntriesToConfirm =
+        confirmEntries(pwEntriesToConfirm, siteUrl, siteHost, formHost, realm, httpAuth);
+    if (!selectedEntriesToConfirm.isEmpty()) {
+        pwEntries.append(selectedEntriesToConfirm);
    }

-    confirmEntries(socket,
-                   nonce,
-                   publicKey,
-                   secretKey,
-                   dbid,
-                   hash,
-                   requestId,
-                   allowedEntries,
-                   entriesToConfirm,
-                   siteUrl,
-                   siteHost,
-                   formHost,
-                   realm,
-                   httpAuth);
-}
-
-void BrowserService::confirmEntries(QLocalSocket* socket,
-                                    const QString& incrementedNonce,
-                                    const QString& publicKey,
-                                    const QString& secretKey,
-                                    const QString& id,
-                                    const QString& hash,
-                                    const QString& requestId,
-                                    QList<Entry*>& allowedEntries,
-                                    QList<Entry*>& entriesToConfirm,
-                                    const QString& siteUrl,
-                                    const QString& siteHost,
-                                    const QString& formUrl,
-                                    const QString& realm,
-                                    const bool httpAuth)
-{
-    if (entriesToConfirm.isEmpty() || m_accessConfirmRequested) {
-        return;
+    if (pwEntries.isEmpty()) {
+        return {};
    }

-    if (!m_accessControlDialog) {
-
-        m_accessControlDialog.reset(new BrowserAccessControlDialog());
-
-        connect(
-            m_currentDatabaseWidget, SIGNAL(databaseLockRequested()), m_accessControlDialog.data(), SIGNAL(closed()));
-
-        connect(m_accessControlDialog.data(),
-                &BrowserAccessControlDialog::disableAccess,
-                m_accessControlDialog.data(),
-                [=](QTableWidgetItem* item) {
-                    auto entry = entriesToConfirm[item->row()];
-                    denyEntry(entry, siteHost, formUrl, realm);
-                });
-
-        connect(m_accessControlDialog.data(), &BrowserAccessControlDialog::closed, m_accessControlDialog.data(), [=] {
-            if (!m_accessControlDialog->entriesAccepted()) {
-                auto errorMessage =
-                    browserMessageBuilder()->getErrorReply("get-logins", ERROR_KEEPASS_ACTION_CANCELLED_OR_DENIED);
-                errorMessage["requestID"] = requestId;
-                m_browserHost->sendClientMessage(socket, errorMessage);
-            }
-
-            m_accessControlDialog.reset();
-            hideWindow();
-            m_accessConfirmRequested = false;
-        });
-
-        connect(m_accessControlDialog.data(),
-                &BrowserAccessControlDialog::acceptEntries,
-                m_accessControlDialog.data(),
-                [=](QList<QTableWidgetItem*> items, QList<Entry*> entries, QList<Entry*> allowed) {
-                    QList<Entry*> selectedEntries;
-
-                    for (auto item : items) {
-                        auto entry = entries[item->row()];
-                        if (m_accessControlDialog->remember()) {
-                            allowEntry(entry, siteHost, formUrl, realm);
-                        }
-
-                        selectedEntries.append(entry);
-                    }
-
-                    hideWindow();
-
-                    if (!selectedEntries.isEmpty()) {
-                        allowed.append(selectedEntries);
-                    }
-
-                    if (allowed.isEmpty()) {
-                        return;
-                    }
-
-                    // Ensure that database is not locked when the popup was visible
-                    if (!isDatabaseOpened()) {
-                        return;
-                    }
-
-                    sendCredentialsToClient(
-                        allowed, socket, incrementedNonce, publicKey, secretKey, hash, id, siteUrl, formUrl);
-                });
-
-        connect(m_accessControlDialog.data(),
-                &BrowserAccessControlDialog::rejectEntries,
-                m_accessControlDialog.data(),
-                [=](QList<QTableWidgetItem*> items, QList<Entry*> entries) {
-                    Q_UNUSED(items); // We might need this later if single entries can be denied from the list
-                    for (auto entry : entries) {
-                        if (m_accessControlDialog->remember()) {
-                            denyEntry(entry, siteHost, formUrl, realm);
-                        }
-                    }
-                });
-
-        m_accessControlDialog->setItems(entriesToConfirm, allowedEntries, siteUrl, httpAuth);
-        m_accessControlDialog->show();
+    // Ensure that database is not locked when the popup was visible
+    if (!isDatabaseOpened()) {
+        return {};
    }

-    m_accessConfirmRequested = true;
-    updateWindowState();
-}
-
-void BrowserService::sendCredentialsToClient(QList<Entry*>& allowedEntries,
-                                             QLocalSocket* socket,
-                                             const QString& incrementedNonce,
-                                             const QString& publicKey,
-                                             const QString& secretKey,
-                                             const QString& hash,
-                                             const QString& id,
-                                             const QString siteUrl,
-                                             const QString& formUrl)
-{
-    allowedEntries = sortEntries(allowedEntries, siteUrl, formUrl);
+    // Sort results
+    pwEntries = sortEntries(pwEntries, siteUrl, formUrl);

+    // Fill the list
    QJsonArray result;
-    for (auto* entry : allowedEntries) {
+    for (auto* entry : pwEntries) {
        result.append(prepareEntry(entry));
    }

-    QJsonObject message = browserMessageBuilder()->buildMessage(incrementedNonce);
-    message["count"] = result.count();
-    message["entries"] = result;
-    message["hash"] = hash;
-    message["id"] = id;
+    return result;
+}

-    m_browserHost->sendClientMessage(
-        socket, browserMessageBuilder()->buildResponse("get-logins", message, incrementedNonce, publicKey, secretKey));
+QList<Entry*> BrowserService::confirmEntries(QList<Entry*>& pwEntriesToConfirm,
+                                             const QString& siteUrl,
+                                             const QString& siteHost,
+                                             const QString& formUrl,
+                                             const QString& realm,
+                                             const bool httpAuth)
+{
+    if (pwEntriesToConfirm.isEmpty() || m_dialogActive) {
+        return {};
+    }
+
+    m_dialogActive = true;
+    updateWindowState();
+    BrowserAccessControlDialog accessControlDialog;
+
+    connect(m_currentDatabaseWidget, SIGNAL(databaseLockRequested()), &accessControlDialog, SLOT(reject()));
+
+    connect(&accessControlDialog, &BrowserAccessControlDialog::disableAccess, [&](QTableWidgetItem* item) {
+        auto entry = pwEntriesToConfirm[item->row()];
+        denyEntry(entry, siteHost, formUrl, realm);
+    });
+
+    accessControlDialog.setItems(pwEntriesToConfirm, siteUrl, httpAuth);
+
+    QList<Entry*> allowedEntries;
+    auto ret = accessControlDialog.exec();
+    if (ret == QDialog::Accepted) {
+        for (auto item : accessControlDialog.getSelectedEntries()) {
+            auto entry = pwEntriesToConfirm[item->row()];
+            if (accessControlDialog.remember()) {
+                allowEntry(entry, siteHost, formUrl, realm);
+            }
+            allowedEntries.append(entry);
+        }
+    }
+
+    // Re-hide the application if it wasn't visible before
    hideWindow();
+    m_dialogActive = false;
+
+    return allowedEntries;
 }

 void BrowserService::showPasswordGenerator(QLocalSocket* socket,
@ -572,11 +486,6 @@ bool BrowserService::isPasswordGeneratorRequested() const
    return m_passwordGeneratorRequested;
 }

-bool BrowserService::isAccessConfirmRequested() const
-{
-    return m_accessConfirmRequested;
-}
-
 QString BrowserService::storeKey(const QString& key)
 {
    auto db = getDatabase();
--- a/src/browser/BrowserService.h
+++ b/src/browser/BrowserService.h
@ -1,6 +1,5 @@
 /*
 *  Copyright (C) 2013 Francois Ferrand
- *  Copyright (C) 2017 Sami Vänttinen <sami.vanttinen@protonmail.com>
 *  Copyright (C) 2022 KeePassXC Team <team@keepassxc.org>
 *
 *  This program is free software: you can redistribute it and/or modify
@ -63,9 +62,7 @@ public:
                               const QString& nonce,
                               const QString& publicKey,
                               const QString& secretKey);
-    void sendPassword(QLocalSocket* socket, const QJsonObject& message);
    bool isPasswordGeneratorRequested() const;
-    bool isAccessConfirmRequested() const;

    void addEntry(const QString& dbid,
                  const QString& login,
@ -84,18 +81,12 @@ public:
                     const QString& siteUrl,
                     const QString& formUrl);
    bool deleteEntry(const QString& uuid);
-    void findEntries(QLocalSocket* socket,
-                     const QString& nonce,
-                     const QString& publicKey,
-                     const QString& secretKey,
-                     const QString& dbid,
-                     const QString& hash,
-                     const QString& requestId,
-                     const QString& siteUrl,
-                     const QString& formUrl,
-                     const QString& realm,
-                     const StringPairList& keyList,
-                     const bool httpAuth = false);
+    QJsonArray findMatchingEntries(const QString& dbid,
+                                   const QString& siteUrlStr,
+                                   const QString& formUrlStr,
+                                   const QString& realm,
+                                   const StringPairList& keyList,
+                                   const bool httpAuth = false);
    void requestGlobalAutoType(const QString& search);
    static void convertAttributesToCustomData(QSharedPointer<Database> db);

@ -138,29 +129,12 @@ private:
    QList<Entry*> searchEntries(const QSharedPointer<Database>& db, const QString& siteUrl, const QString& formUrl);
    QList<Entry*> searchEntries(const QString& siteUrl, const QString& formUrl, const StringPairList& keyList);
    QList<Entry*> sortEntries(QList<Entry*>& pwEntries, const QString& siteUrl, const QString& formUrl);
-    void confirmEntries(QLocalSocket* socket,
-                        const QString& incrementedNonce,
-                        const QString& publicKey,
-                        const QString& secretKey,
-                        const QString& id,
-                        const QString& hash,
-                        const QString& requestId,
-                        QList<Entry*>& allowedEntries,
-                        QList<Entry*>& entriesToConfirm,
-                        const QString& siteUrl,
-                        const QString& siteHost,
-                        const QString& formUrl,
-                        const QString& realm,
-                        const bool httpAuth);
-    void sendCredentialsToClient(QList<Entry*>& allowedEntries,
-                                 QLocalSocket* socket,
-                                 const QString& incrementedNonce,
-                                 const QString& publicKey,
-                                 const QString& secretKey,
-                                 const QString& hash,
-                                 const QString& id,
-                                 const QString siteUrl,
-                                 const QString& formUrl);
+    QList<Entry*> confirmEntries(QList<Entry*>& pwEntriesToConfirm,
+                                 const QString& siteUrl,
+                                 const QString& siteHost,
+                                 const QString& formUrl,
+                                 const QString& realm,
+                                 const bool httpAuth);
    QJsonObject prepareEntry(const Entry* entry);
    void allowEntry(Entry* entry, const QString& siteHost, const QString& formUrl, const QString& realm);
    void denyEntry(Entry* entry, const QString& siteHost, const QString& formUrl, const QString& realm);
@ -196,15 +170,14 @@ private:
    QPointer<BrowserHost> m_browserHost;
    QHash<QString, QSharedPointer<BrowserAction>> m_browserClients;

+    bool m_dialogActive;
    bool m_bringToFrontRequested;
    bool m_passwordGeneratorRequested;
-    bool m_accessConfirmRequested;
    WindowState m_prevWindowState;
    QUuid m_keepassBrowserUUID;

    QPointer<DatabaseWidget> m_currentDatabaseWidget;
    QScopedPointer<PasswordGeneratorWidget> m_passwordGenerator;
-    QScopedPointer<BrowserAccessControlDialog> m_accessControlDialog;

    Q_DISABLE_COPY(BrowserService);