Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-01-11 23:39:50 -05:00
Code Issues Packages Projects Releases Wiki Activity

Move access related browser settings to database custom data

Browse Source
This commit is contained in:
varjolintu 2023-05-08 18:32:07 +03:00 committed by Jonathan White
parent fbdd97b1be
commit 7df7ed52ea
No known key found for this signature in database
GPG Key ID: 440FC65F2E0C6E01
21 changed files with 265 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
share/translations/keepassxc_en.ts
View File

@ -1093,11 +1093,6 @@ Do you want to overwrite the passkey in %1 - %2?</source>
<source>Advanced</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Never ask before accessing credentials</source>
<extracomment>Credentials mean login data requested via browser extension</extracomment>
<translation type="unfinished"></translation>
</message>
<message>
<source>Never ask before updating credentials</source>
<extracomment>Credentials mean login data requested via browser extension</extracomment>
@ -1202,14 +1197,6 @@ Do you want to overwrite the passkey in %1 - %2?</source>
<source>Select native messaging host folder location</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow keepassxc-proxy to list all entries with their title, URL and UUID in connected databases.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow limited access to all entries in connected databases (ignores site access restrictions)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>&lt;b&gt;Warning:&lt;/b&gt; Only adjust these settings if necessary.</source>
<translation type="unfinished"></translation>
@ -1222,10 +1209,6 @@ Do you want to overwrite the passkey in %1 - %2?</source>
<source>&lt;b&gt;Error:&lt;/b&gt; The custom proxy location does not exist. Correct this in the advanced settings tab.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>&lt;b&gt;Error:&lt;/b&gt; The installed proxy executable is missing from the expected location: %1&lt;br/&gt;Please set a custom proxy location in the advanced settings or reinstall the application.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allows using insecure http://localhost with passkeys for testing purposes.</source>
<translation type="unfinished"></translation>
@ -1238,6 +1221,10 @@ Do you want to overwrite the passkey in %1 - %2?</source>
<source>KeePassXC-Browser is needed for the browser integration to work. &lt;br /&gt;Download it for %1 and %2 and %3.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>&lt;b&gt;Error:&lt;/b&gt; The installed proxy executable is missing from the expected location: %1&lt;br/&gt;Please set a custom proxy location in the advanced settings or reinstall the application.</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CloneDialog</name>
@ -1814,6 +1801,19 @@ This is only necessary if your database is a copy of another and the browser ext
<source>No entry with permissions found!</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Never confirm before sending credentials to the extension</source>
<extracomment>Credentials mean login data requested via browser extension</extracomment>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow a connected program to list all entries with their title, URL and UUID regardless of individual access restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow limited access to all entries (may be used by third-party solutions)</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>DatabaseSettingsWidgetDatabaseKey</name>

1
src/CMakeLists.txt
View File

@ -25,6 +25,7 @@ set(keepassx_SOURCES
core/Config.cpp
core/CustomData.cpp
core/Database.cpp
core/DatabaseSettings.cpp
core/DatabaseStats.cpp
core/Entry.cpp
core/EntryAttachments.cpp

10
src/browser/BrowserAction.cpp
View File

@ -405,17 +405,15 @@ QJsonObject BrowserAction::handleGetDatabaseEntries(const QJsonObject& json, con
return getErrorReply(action, ERROR_KEEPASS_INCORRECT_ACTION);
}
if (!browserSettings()->allowGetDatabaseEntriesRequest()) {
bool accessDenied = true;
const auto entries = browserService()->getDatabaseEntries(&accessDenied);
if (accessDenied) {
return getErrorReply(action, ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED);
}
const QJsonArray entries = browserService()->getDatabaseEntries();
if (entries.isEmpty()) {
} else if (entries.isEmpty()) {
return getErrorReply(action, ERROR_KEEPASS_NO_GROUPS_FOUND);
}
const Parameters params{{"entries", entries}};
return buildResponse(action, browserRequest.incrementedNonce, params);
}

60
src/browser/BrowserService.cpp
View File

@ -24,6 +24,7 @@
#include "BrowserHost.h"
#include "BrowserMessageBuilder.h"
#include "BrowserSettings.h"
#include "core/DatabaseSettings.h"
#include "core/Tools.h"
#include "core/UrlTools.h"
#include "gui/MainWindow.h"
@ -109,10 +110,7 @@ void BrowserService::setEnabled(bool enabled)
bool BrowserService::isDatabaseOpened() const
{
if (m_currentDatabaseWidget) {
return !m_currentDatabaseWidget->isLocked();
}
return false;
return m_currentDatabaseWidget && !m_currentDatabaseWidget->isLocked();
}
bool BrowserService::openDatabase(bool triggerUnlock)
@ -121,7 +119,7 @@ bool BrowserService::openDatabase(bool triggerUnlock)
return false;
}
if (m_currentDatabaseWidget && !m_currentDatabaseWidget->isLocked()) {
if (isDatabaseOpened()) {
return true;
}
@ -229,14 +227,26 @@ QJsonObject BrowserService::getDatabaseGroups()
return result;
}
QJsonArray BrowserService::getDatabaseEntries()
QJsonArray BrowserService::getDatabaseEntries(bool* accessDenied, const QSharedPointer<Database>& selectedDb)
{
auto db = getDatabase();
if (accessDenied) {
*accessDenied = true;
}
auto db = selectedDb ? selectedDb : getDatabase();
if (!db) {
return {};
}
Group* rootGroup = db->rootGroup();
if (!databaseSettings()->getAllowGetDatabaseEntriesRequest(db)) {
return {};
}
if (accessDenied != nullptr) {
*accessDenied = false;
}
auto* rootGroup = db->rootGroup();
if (!rootGroup) {
return {};
}
@ -360,7 +370,6 @@ BrowserService::findEntries(const EntryParameters& entryParameters, const String
*entriesFound = false;
}
const bool alwaysAllowAccess = browserSettings()->alwaysAllowAccess();
const bool ignoreHttpAuth = browserSettings()->httpAuthPermission();
const QString siteHost = QUrl(entryParameters.siteUrl).host();
const QString formHost = QUrl(entryParameters.formUrl).host();
@ -396,11 +405,7 @@ BrowserService::findEntries(const EntryParameters& entryParameters, const String
continue;
case Unknown:
if (alwaysAllowAccess) {
allowedEntries.append(entry);
} else {
entriesToConfirm.append(entry);
}
entriesToConfirm.append(entry);
break;
case Allowed:
@ -554,6 +559,26 @@ bool BrowserService::isPasswordGeneratorRequested() const
return m_passwordGenerator && m_passwordGenerator->isVisible();
}
bool BrowserService::getAlwaysAllowAccess()
{
return databaseSettings()->getAlwaysAllowAccess(getDatabase());
}
void BrowserService::setAlwaysAllowAccess(bool enabled)
{
databaseSettings()->setAlwaysAllowAccess(getDatabase(), enabled);
}
bool BrowserService::getAllowGetDatabaseEntriesRequest()
{
return databaseSettings()->getAllowGetDatabaseEntriesRequest(getDatabase());
}
void BrowserService::setAllowGetDatabaseEntriesRequest(bool enabled)
{
databaseSettings()->setAllowGetDatabaseEntriesRequest(getDatabase(), enabled);
}
QString BrowserService::storeKey(const QString& key)
{
auto db = getDatabase();
@ -1197,6 +1222,13 @@ BrowserService::checkAccess(const Entry* entry, const QString& siteHost, const Q
return Denied;
}
const auto db = entry->database();
if (db
&& db->metadata()->customData()->value(CustomData::OptionPrefix + DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS)
== TRUE_STR) {
return Allowed;
}
BrowserEntryConfig config;
if (!config.load(entry)) {
return Unknown;

8
src/browser/BrowserService.h
View File

@ -79,7 +79,7 @@ public:
void lockDatabase();
QJsonObject getDatabaseGroups();
QJsonArray getDatabaseEntries();
QJsonArray getDatabaseEntries(bool* accessDenied, const QSharedPointer<Database>& selectedDb = {});
QJsonObject createNewGroup(const QString& groupName);
QString getCurrentTotp(const QString& uuid);
void showPasswordGenerator(const KeyPairMessage& keyPairMessage);
@ -111,6 +111,12 @@ public:
const QString& userHandle,
const QString& privateKey);
#endif
bool getAlwaysAllowAccess();
void setAlwaysAllowAccess(bool enabled);
bool getAllowGetDatabaseEntriesRequest();
void setAllowGetDatabaseEntriesRequest(bool enabled);
void addEntry(const EntryParameters& entryParameters,
const QString& group,
const QString& groupUuid,

20
src/browser/BrowserSettings.cpp
View File

@ -85,16 +85,6 @@ void BrowserSettings::setMatchUrlScheme(bool matchUrlScheme)
config()->set(Config::Browser_MatchUrlScheme, matchUrlScheme);
}
bool BrowserSettings::alwaysAllowAccess()
{
return config()->get(Config::Browser_AlwaysAllowAccess).toBool();
}
void BrowserSettings::setAlwaysAllowAccess(bool alwaysAllowAccess)
{
config()->set(Config::Browser_AlwaysAllowAccess, alwaysAllowAccess);
}
bool BrowserSettings::alwaysAllowUpdate()
{
return config()->get(Config::Browser_AlwaysAllowUpdate).toBool();
@ -237,16 +227,6 @@ void BrowserSettings::setUpdateBinaryPath(bool enabled)
config()->set(Config::Browser_UpdateBinaryPath, enabled);
}
bool BrowserSettings::allowGetDatabaseEntriesRequest()
{
return config()->get(Config::Browser_AllowGetDatabaseEntriesRequest).toBool();
}
void BrowserSettings::setAllowGetDatabaseEntriesRequest(bool enabled)
{
config()->set(Config::Browser_AllowGetDatabaseEntriesRequest, enabled);
}
bool BrowserSettings::allowExpiredCredentials()
{
return config()->get(Config::Browser_AllowExpiredCredentials).toBool();

4
src/browser/BrowserSettings.h
View File

@ -39,8 +39,6 @@ public:
void setUnlockDatabase(bool unlockDatabase);
bool matchUrlScheme();
void setMatchUrlScheme(bool matchUrlScheme);
bool alwaysAllowAccess();
void setAlwaysAllowAccess(bool alwaysAllowAccess);
bool alwaysAllowUpdate();
void setAlwaysAllowUpdate(bool alwaysAllowUpdate);
bool searchInAllDatabases();
@ -66,8 +64,6 @@ public:
#endif
bool updateBinaryPath();
void setUpdateBinaryPath(bool enabled);
bool allowGetDatabaseEntriesRequest();
void setAllowGetDatabaseEntriesRequest(bool enabled);
bool allowExpiredCredentials();
void setAllowExpiredCredentials(bool enabled);

4
src/browser/BrowserSettingsWidget.cpp
View File

@ -108,7 +108,6 @@ void BrowserSettingsWidget::loadSettings()
// TODO: fix this
m_ui->showNotification->hide();
m_ui->alwaysAllowAccess->setChecked(settings->alwaysAllowAccess());
m_ui->alwaysAllowUpdate->setChecked(settings->alwaysAllowUpdate());
m_ui->httpAuthPermission->setChecked(settings->httpAuthPermission());
m_ui->searchInAllDatabases->setChecked(settings->searchInAllDatabases());
@ -118,7 +117,6 @@ void BrowserSettingsWidget::loadSettings()
m_ui->useCustomProxy->setChecked(settings->useCustomProxy());
m_ui->customProxyLocation->setText(settings->replaceHomePath(settings->customProxyLocation()));
m_ui->updateBinaryPath->setChecked(settings->updateBinaryPath());
m_ui->allowGetDatabaseEntriesRequest->setChecked(settings->allowGetDatabaseEntriesRequest());
m_ui->allowExpiredCredentials->setChecked(settings->allowExpiredCredentials());
m_ui->chromeSupport->setChecked(settings->browserSupport(BrowserShared::CHROME));
m_ui->chromiumSupport->setChecked(settings->browserSupport(BrowserShared::CHROMIUM));
@ -232,9 +230,7 @@ void BrowserSettingsWidget::saveSettings()
settings->setCustomProxyLocation(resolveCustomProxyLocation());
settings->setUpdateBinaryPath(m_ui->updateBinaryPath->isChecked());
settings->setAllowGetDatabaseEntriesRequest(m_ui->allowGetDatabaseEntriesRequest->isChecked());
settings->setAllowExpiredCredentials(m_ui->allowExpiredCredentials->isChecked());
settings->setAlwaysAllowAccess(m_ui->alwaysAllowAccess->isChecked());
settings->setAlwaysAllowUpdate(m_ui->alwaysAllowUpdate->isChecked());
settings->setHttpAuthPermission(m_ui->httpAuthPermission->isChecked());
settings->setSearchInAllDatabases(m_ui->searchInAllDatabases->isChecked());

17
src/browser/BrowserSettingsWidget.ui
View File

@ -279,13 +279,6 @@
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="alwaysAllowAccess">
<property name="text">
<string extracomment="Credentials mean login data requested via browser extension">Never ask before accessing credentials</string>
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="alwaysAllowUpdate">
<property name="text">
@ -340,16 +333,6 @@
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="allowGetDatabaseEntriesRequest">
<property name="toolTip">
<string>Allow keepassxc-proxy to list all entries with their title, URL and UUID in connected databases.</string>
</property>
<property name="text">
<string>Allow limited access to all entries in connected databases (ignores site access restrictions)</string>
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="useCustomProxy">
<property name="toolTip">

7
src/browser/CMakeLists.txt
View File

@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
if(WITH_XC_BROWSER)
if (WITH_XC_BROWSER)
include_directories(${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
set(keepassxcbrowser_SOURCES
@ -41,5 +41,6 @@ if(WITH_XC_BROWSER)
endif()
add_library(keepassxcbrowser STATIC ${keepassxcbrowser_SOURCES})
target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network ${BOTAN_LIBRARIES})
endif()
target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network ${BOTAN_LIBRARIES}
keepassx_core)
endif ()

2
src/core/Config.cpp
View File

@ -157,9 +157,7 @@ static const QHash<Config::ConfigKey, ConfigDirective> configStrings = {
{Config::Browser_UseCustomProxy, {QS("Browser/UseCustomProxy"), Roaming, false}},
{Config::Browser_CustomProxyLocation, {QS("Browser/CustomProxyLocation"), Roaming, {}}},
{Config::Browser_UpdateBinaryPath, {QS("Browser/UpdateBinaryPath"), Roaming, true}},
{Config::Browser_AllowGetDatabaseEntriesRequest, {QS("Browser/AllowGetDatabaseEntriesRequest"), Roaming, false}},
{Config::Browser_AllowExpiredCredentials, {QS("Browser/AllowExpiredCredentials"), Roaming, false}},
{Config::Browser_AlwaysAllowAccess, {QS("Browser/AlwaysAllowAccess"), Roaming, false}},
{Config::Browser_AlwaysAllowUpdate, {QS("Browser/AlwaysAllowUpdate"), Roaming, false}},
{Config::Browser_HttpAuthPermission, {QS("Browser/HttpAuthPermission"), Roaming, false}},
{Config::Browser_SearchInAllDatabases, {QS("Browser/SearchInAllDatabases"), Roaming, false}},

2
src/core/Config.h
View File

@ -137,9 +137,7 @@ public:
Browser_UseCustomProxy,
Browser_CustomProxyLocation,
Browser_UpdateBinaryPath,
Browser_AllowGetDatabaseEntriesRequest,
Browser_AllowExpiredCredentials,
Browser_AlwaysAllowAccess,
Browser_AlwaysAllowUpdate,
Browser_HttpAuthPermission,
Browser_SearchInAllDatabases,

3
src/core/CustomData.cpp
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2018 KeePassXC Team <team@keepassxc.org>
* Copyright (C) 2023 KeePassXC Team <team@keepassxc.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -24,6 +24,7 @@ const QString CustomData::LastModified = QStringLiteral("_LAST_MODIFIED");
const QString CustomData::Created = QStringLiteral("_CREATED");
const QString CustomData::BrowserKeyPrefix = QStringLiteral("KPXC_BROWSER_");
const QString CustomData::BrowserLegacyKeyPrefix = QStringLiteral("Public Key: ");
const QString CustomData::OptionPrefix = QStringLiteral("KPXC_OPTION_");
const QString CustomData::ExcludeFromReportsLegacy = QStringLiteral("KnownBad");
const QString CustomData::FdoSecretsExposedGroup = QStringLiteral("FDO_SECRETS_EXPOSED_GROUP");
const QString CustomData::RandomSlug = QStringLiteral("KPXC_RANDOM_SLUG");

3
src/core/CustomData.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2018 KeePassXC Team <team@keepassxc.org>
* Copyright (C) 2023 KeePassXC Team <team@keepassxc.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -72,6 +72,7 @@ public:
static const QString FdoSecretsExposedGroup;
static const QString RandomSlug;
static const QString RemoteProgramSettings;
static const QString OptionPrefix;
// Pre-KDBX 4.1
static const QString ExcludeFromReportsLegacy;

73
src/core/DatabaseSettings.cpp Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright (C) 2023 KeePassXC Team <team@keepassxc.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "DatabaseSettings.h"
#include "core/CustomData.h"
#include "core/Global.h"
#include "core/Metadata.h"
Q_GLOBAL_STATIC(DatabaseSettings, s_databaseSettings);
DatabaseSettings* DatabaseSettings::instance()
{
return s_databaseSettings;
}
const QString DatabaseSettings::OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST =
QStringLiteral("BrowserAllowGetDatabaseEntriesRequest");
const QString DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS = QStringLiteral("BrowserAlwaysAllowAccess");
bool DatabaseSettings::getAlwaysAllowAccess(const QSharedPointer<Database>& db)
{
return getCustomDataOption(db, DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS) == TRUE_STR;
}
void DatabaseSettings::setAlwaysAllowAccess(const QSharedPointer<Database>& db, bool enabled)
{
setCustomDataOption(db, DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS, enabled ? TRUE_STR : FALSE_STR);
}
bool DatabaseSettings::getAllowGetDatabaseEntriesRequest(const QSharedPointer<Database>& db)
{
return getCustomDataOption(db, DatabaseSettings::OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST) == TRUE_STR;
}
void DatabaseSettings::setAllowGetDatabaseEntriesRequest(const QSharedPointer<Database>& db, bool enabled)
{
setCustomDataOption(
db, DatabaseSettings::OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST, enabled ? TRUE_STR : FALSE_STR);
}
QString DatabaseSettings::getCustomDataOption(const QSharedPointer<Database>& db, const QString& key) const
{
if (!db) {
return {};
}
return db->metadata()->customData()->value(CustomData::OptionPrefix + key);
}
void DatabaseSettings::setCustomDataOption(const QSharedPointer<Database>& db,
const QString& key,
const QString& value) const
{
if (!db) {
return;
}
db->metadata()->customData()->set(CustomData::OptionPrefix + key, value);
}

53
src/core/DatabaseSettings.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (C) 2023 KeePassXC Team <team@keepassxc.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DATABASESETTINGS_H
#define DATABASESETTINGS_H
#include "core/Database.h"
#include <QObject>
class DatabaseSettings : public QObject
{
Q_OBJECT
public:
Q_DISABLE_COPY(DatabaseSettings)
explicit DatabaseSettings() = default;
;
static DatabaseSettings* instance();
bool getAlwaysAllowAccess(const QSharedPointer<Database>& db);
void setAlwaysAllowAccess(const QSharedPointer<Database>& db, bool enabled);
bool getAllowGetDatabaseEntriesRequest(const QSharedPointer<Database>& db);
void setAllowGetDatabaseEntriesRequest(const QSharedPointer<Database>& db, bool enabled);
static const QString OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST;
static const QString OPTION_ALWAYS_ALLOW_ACCESS;
private:
QString getCustomDataOption(const QSharedPointer<Database>& db, const QString& key) const;
void setCustomDataOption(const QSharedPointer<Database>& db, const QString& key, const QString& value) const;
};
static inline DatabaseSettings* databaseSettings()
{
return DatabaseSettings::instance();
}
#endif // DATABASESETTINGS_H

4
src/gui/dbsettings/DatabaseSettingsDialog.cpp
View File

@ -155,7 +155,9 @@ void DatabaseSettingsDialog::save()
return;
}
// Browser settings don't have anything to save
#ifdef WITH_XC_BROWSER
m_browserWidget->saveSettings();
#endif
#ifdef WITH_XC_KEESHARE
m_keeShareWidget->saveSettings();

7
src/gui/dbsettings/DatabaseSettingsWidgetBrowser.cpp
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2022 KeePassXC Team <team@keepassxc.org>
* Copyright (C) 2023 KeePassXC Team <team@keepassxc.org>
* Copyright (C) 2018 Sami Vänttinen <sami.vanttinen@protonmail.com>
*
* This program is free software: you can redistribute it and/or modify
@ -69,6 +69,9 @@ CustomData* DatabaseSettingsWidgetBrowser::customData() const
void DatabaseSettingsWidgetBrowser::initialize()
{
m_ui->alwaysAllowAccess->setChecked(browserService()->getAlwaysAllowAccess());
m_ui->allowGetDatabaseEntriesRequest->setChecked(browserService()->getAllowGetDatabaseEntriesRequest());
updateModel();
settingsWarning();
}
@ -84,6 +87,8 @@ void DatabaseSettingsWidgetBrowser::showEvent(QShowEvent* event)
bool DatabaseSettingsWidgetBrowser::saveSettings()
{
browserService()->setAlwaysAllowAccess(m_ui->alwaysAllowAccess->isChecked());
browserService()->setAllowGetDatabaseEntriesRequest(m_ui->allowGetDatabaseEntriesRequest->isChecked());
return true;
}

29
src/gui/dbsettings/DatabaseSettingsWidgetBrowser.ui
View File

@ -54,8 +54,8 @@
<string>KeePassXC-Browser settings</string>
</property>
<layout class="QGridLayout" name="gridLayout">
<item row="0" column="0">
<widget class="QPushButton" name="removeSharedEncryptionKeys">
<item row="1" column="0">
<widget class="QPushButton" name="refreshDatabaseID">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
@ -66,7 +66,7 @@
<string>Convert legacy KeePassHTTP attributes to KeePassXC-Browser compatible custom data</string>
</property>
<property name="text">
<string>Disconnect all browsers</string>
<string>Refresh database root group ID</string>
</property>
</widget>
</item>
@ -83,8 +83,8 @@
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QPushButton" name="refreshDatabaseID">
<item row="0" column="0">
<widget class="QPushButton" name="removeSharedEncryptionKeys">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
@ -92,7 +92,24 @@
</sizepolicy>
</property>
<property name="text">
<string>Refresh database root group ID</string>
<string>Disconnect all browsers</string>
</property>
</widget>
</item>
<item row="2" column="0" colspan="2">
<widget class="QCheckBox" name="alwaysAllowAccess">
<property name="text">
<string extracomment="Credentials mean login data requested via browser extension">Never confirm before sending credentials to the extension</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QCheckBox" name="allowGetDatabaseEntriesRequest">
<property name="toolTip">
<string>Allow a connected program to list all entries with their title, URL and UUID regardless of individual access restrictions</string>
</property>
<property name="text">
<string>Allow limited access to all entries (may be used by third-party solutions)</string>
</property>
</widget>
</item>

23
tests/TestBrowser.cpp
View File

@ -19,6 +19,7 @@
#include "browser/BrowserMessageBuilder.h"
#include "browser/BrowserSettings.h"
#include "core/DatabaseSettings.h"
#include "core/Group.h"
#include "core/Tools.h"
#include "crypto/Crypto.h"
@ -740,3 +741,25 @@ void TestBrowser::testRestrictBrowserKey()
QCOMPARE(sorted[2]->url(), QString("https://example.com/2"));
QCOMPARE(sorted[3]->url(), QString("https://example.com/0"));
}
void TestBrowser::testGetDatabaseEntries()
{
auto db = QSharedPointer<Database>::create();
auto* root = db->rootGroup();
QStringList urls = {"https://github.com/loginpage", "https://test.github.com/", "https://github.com/"};
auto entries = createEntries(urls, root);
Q_UNUSED(entries)
bool accessDenied = true;
databaseSettings()->setAllowGetDatabaseEntriesRequest(db, false);
auto result = browserService()->getDatabaseEntries(&accessDenied, db);
QCOMPARE(accessDenied, true);
QCOMPARE(result.isEmpty(), true);
databaseSettings()->setAllowGetDatabaseEntriesRequest(db, true);
result = browserService()->getDatabaseEntries(&accessDenied, db);
QCOMPARE(accessDenied, false);
QCOMPARE(result.isEmpty(), false);
}

1
tests/TestBrowser.h
View File

@ -50,6 +50,7 @@ private slots:
void testBestMatchingCredentials();
void testBestMatchingWithAdditionalURLs();
void testRestrictBrowserKey();
void testGetDatabaseEntries();
private:
QList<Entry*> createEntries(QStringList& urls, Group* root) const;