diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts
index a2cc594a5..e49c6c84f 100644
--- a/share/translations/keepassxc_en.ts
+++ b/share/translations/keepassxc_en.ts
@@ -1093,11 +1093,6 @@ Do you want to overwrite the passkey in %1 - %2?
Advanced
-
- Never ask before accessing credentials
- Credentials mean login data requested via browser extension
-
-
Never ask before updating credentials
Credentials mean login data requested via browser extension
@@ -1202,14 +1197,6 @@ Do you want to overwrite the passkey in %1 - %2?
Select native messaging host folder location
-
- Allow keepassxc-proxy to list all entries with their title, URL and UUID in connected databases.
-
-
-
- Allow limited access to all entries in connected databases (ignores site access restrictions)
-
-
<b>Warning:</b> Only adjust these settings if necessary.
@@ -1222,10 +1209,6 @@ Do you want to overwrite the passkey in %1 - %2?
<b>Error:</b> The custom proxy location does not exist. Correct this in the advanced settings tab.
-
- <b>Error:</b> The installed proxy executable is missing from the expected location: %1<br/>Please set a custom proxy location in the advanced settings or reinstall the application.
-
-
Allows using insecure http://localhost with passkeys for testing purposes.
@@ -1238,6 +1221,10 @@ Do you want to overwrite the passkey in %1 - %2?
KeePassXC-Browser is needed for the browser integration to work. <br />Download it for %1 and %2 and %3.
+
+ <b>Error:</b> The installed proxy executable is missing from the expected location: %1<br/>Please set a custom proxy location in the advanced settings or reinstall the application.
+
+
CloneDialog
@@ -1814,6 +1801,19 @@ This is only necessary if your database is a copy of another and the browser ext
No entry with permissions found!
+
+ Never confirm before sending credentials to the extension
+ Credentials mean login data requested via browser extension
+
+
+
+ Allow a connected program to list all entries with their title, URL and UUID regardless of individual access restrictions
+
+
+
+ Allow limited access to all entries (may be used by third-party solutions)
+
+
DatabaseSettingsWidgetDatabaseKey
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index a7b2c052b..a5024fc5b 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -25,6 +25,7 @@ set(keepassx_SOURCES
core/Config.cpp
core/CustomData.cpp
core/Database.cpp
+ core/DatabaseSettings.cpp
core/DatabaseStats.cpp
core/Entry.cpp
core/EntryAttachments.cpp
diff --git a/src/browser/BrowserAction.cpp b/src/browser/BrowserAction.cpp
index 35a7acc19..88b513628 100644
--- a/src/browser/BrowserAction.cpp
+++ b/src/browser/BrowserAction.cpp
@@ -405,17 +405,15 @@ QJsonObject BrowserAction::handleGetDatabaseEntries(const QJsonObject& json, con
return getErrorReply(action, ERROR_KEEPASS_INCORRECT_ACTION);
}
- if (!browserSettings()->allowGetDatabaseEntriesRequest()) {
+ bool accessDenied = true;
+ const auto entries = browserService()->getDatabaseEntries(&accessDenied);
+ if (accessDenied) {
return getErrorReply(action, ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED);
- }
-
- const QJsonArray entries = browserService()->getDatabaseEntries();
- if (entries.isEmpty()) {
+ } else if (entries.isEmpty()) {
return getErrorReply(action, ERROR_KEEPASS_NO_GROUPS_FOUND);
}
const Parameters params{{"entries", entries}};
-
return buildResponse(action, browserRequest.incrementedNonce, params);
}
diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp
index cbdf2e201..c479aeab1 100644
--- a/src/browser/BrowserService.cpp
+++ b/src/browser/BrowserService.cpp
@@ -24,6 +24,7 @@
#include "BrowserHost.h"
#include "BrowserMessageBuilder.h"
#include "BrowserSettings.h"
+#include "core/DatabaseSettings.h"
#include "core/Tools.h"
#include "core/UrlTools.h"
#include "gui/MainWindow.h"
@@ -109,10 +110,7 @@ void BrowserService::setEnabled(bool enabled)
bool BrowserService::isDatabaseOpened() const
{
- if (m_currentDatabaseWidget) {
- return !m_currentDatabaseWidget->isLocked();
- }
- return false;
+ return m_currentDatabaseWidget && !m_currentDatabaseWidget->isLocked();
}
bool BrowserService::openDatabase(bool triggerUnlock)
@@ -121,7 +119,7 @@ bool BrowserService::openDatabase(bool triggerUnlock)
return false;
}
- if (m_currentDatabaseWidget && !m_currentDatabaseWidget->isLocked()) {
+ if (isDatabaseOpened()) {
return true;
}
@@ -229,14 +227,26 @@ QJsonObject BrowserService::getDatabaseGroups()
return result;
}
-QJsonArray BrowserService::getDatabaseEntries()
+QJsonArray BrowserService::getDatabaseEntries(bool* accessDenied, const QSharedPointer& selectedDb)
{
- auto db = getDatabase();
+ if (accessDenied) {
+ *accessDenied = true;
+ }
+
+ auto db = selectedDb ? selectedDb : getDatabase();
if (!db) {
return {};
}
- Group* rootGroup = db->rootGroup();
+ if (!databaseSettings()->getAllowGetDatabaseEntriesRequest(db)) {
+ return {};
+ }
+
+ if (accessDenied != nullptr) {
+ *accessDenied = false;
+ }
+
+ auto* rootGroup = db->rootGroup();
if (!rootGroup) {
return {};
}
@@ -360,7 +370,6 @@ BrowserService::findEntries(const EntryParameters& entryParameters, const String
*entriesFound = false;
}
- const bool alwaysAllowAccess = browserSettings()->alwaysAllowAccess();
const bool ignoreHttpAuth = browserSettings()->httpAuthPermission();
const QString siteHost = QUrl(entryParameters.siteUrl).host();
const QString formHost = QUrl(entryParameters.formUrl).host();
@@ -396,11 +405,7 @@ BrowserService::findEntries(const EntryParameters& entryParameters, const String
continue;
case Unknown:
- if (alwaysAllowAccess) {
- allowedEntries.append(entry);
- } else {
- entriesToConfirm.append(entry);
- }
+ entriesToConfirm.append(entry);
break;
case Allowed:
@@ -554,6 +559,26 @@ bool BrowserService::isPasswordGeneratorRequested() const
return m_passwordGenerator && m_passwordGenerator->isVisible();
}
+bool BrowserService::getAlwaysAllowAccess()
+{
+ return databaseSettings()->getAlwaysAllowAccess(getDatabase());
+}
+
+void BrowserService::setAlwaysAllowAccess(bool enabled)
+{
+ databaseSettings()->setAlwaysAllowAccess(getDatabase(), enabled);
+}
+
+bool BrowserService::getAllowGetDatabaseEntriesRequest()
+{
+ return databaseSettings()->getAllowGetDatabaseEntriesRequest(getDatabase());
+}
+
+void BrowserService::setAllowGetDatabaseEntriesRequest(bool enabled)
+{
+ databaseSettings()->setAllowGetDatabaseEntriesRequest(getDatabase(), enabled);
+}
+
QString BrowserService::storeKey(const QString& key)
{
auto db = getDatabase();
@@ -1197,6 +1222,13 @@ BrowserService::checkAccess(const Entry* entry, const QString& siteHost, const Q
return Denied;
}
+ const auto db = entry->database();
+ if (db
+ && db->metadata()->customData()->value(CustomData::OptionPrefix + DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS)
+ == TRUE_STR) {
+ return Allowed;
+ }
+
BrowserEntryConfig config;
if (!config.load(entry)) {
return Unknown;
diff --git a/src/browser/BrowserService.h b/src/browser/BrowserService.h
index 943e8bac1..4fe0d1be5 100644
--- a/src/browser/BrowserService.h
+++ b/src/browser/BrowserService.h
@@ -79,7 +79,7 @@ public:
void lockDatabase();
QJsonObject getDatabaseGroups();
- QJsonArray getDatabaseEntries();
+ QJsonArray getDatabaseEntries(bool* accessDenied, const QSharedPointer& selectedDb = {});
QJsonObject createNewGroup(const QString& groupName);
QString getCurrentTotp(const QString& uuid);
void showPasswordGenerator(const KeyPairMessage& keyPairMessage);
@@ -111,6 +111,12 @@ public:
const QString& userHandle,
const QString& privateKey);
#endif
+
+ bool getAlwaysAllowAccess();
+ void setAlwaysAllowAccess(bool enabled);
+ bool getAllowGetDatabaseEntriesRequest();
+ void setAllowGetDatabaseEntriesRequest(bool enabled);
+
void addEntry(const EntryParameters& entryParameters,
const QString& group,
const QString& groupUuid,
diff --git a/src/browser/BrowserSettings.cpp b/src/browser/BrowserSettings.cpp
index 0a8226c12..b93bc196b 100644
--- a/src/browser/BrowserSettings.cpp
+++ b/src/browser/BrowserSettings.cpp
@@ -85,16 +85,6 @@ void BrowserSettings::setMatchUrlScheme(bool matchUrlScheme)
config()->set(Config::Browser_MatchUrlScheme, matchUrlScheme);
}
-bool BrowserSettings::alwaysAllowAccess()
-{
- return config()->get(Config::Browser_AlwaysAllowAccess).toBool();
-}
-
-void BrowserSettings::setAlwaysAllowAccess(bool alwaysAllowAccess)
-{
- config()->set(Config::Browser_AlwaysAllowAccess, alwaysAllowAccess);
-}
-
bool BrowserSettings::alwaysAllowUpdate()
{
return config()->get(Config::Browser_AlwaysAllowUpdate).toBool();
@@ -237,16 +227,6 @@ void BrowserSettings::setUpdateBinaryPath(bool enabled)
config()->set(Config::Browser_UpdateBinaryPath, enabled);
}
-bool BrowserSettings::allowGetDatabaseEntriesRequest()
-{
- return config()->get(Config::Browser_AllowGetDatabaseEntriesRequest).toBool();
-}
-
-void BrowserSettings::setAllowGetDatabaseEntriesRequest(bool enabled)
-{
- config()->set(Config::Browser_AllowGetDatabaseEntriesRequest, enabled);
-}
-
bool BrowserSettings::allowExpiredCredentials()
{
return config()->get(Config::Browser_AllowExpiredCredentials).toBool();
diff --git a/src/browser/BrowserSettings.h b/src/browser/BrowserSettings.h
index 9c0b3718e..ff210522b 100644
--- a/src/browser/BrowserSettings.h
+++ b/src/browser/BrowserSettings.h
@@ -39,8 +39,6 @@ public:
void setUnlockDatabase(bool unlockDatabase);
bool matchUrlScheme();
void setMatchUrlScheme(bool matchUrlScheme);
- bool alwaysAllowAccess();
- void setAlwaysAllowAccess(bool alwaysAllowAccess);
bool alwaysAllowUpdate();
void setAlwaysAllowUpdate(bool alwaysAllowUpdate);
bool searchInAllDatabases();
@@ -66,8 +64,6 @@ public:
#endif
bool updateBinaryPath();
void setUpdateBinaryPath(bool enabled);
- bool allowGetDatabaseEntriesRequest();
- void setAllowGetDatabaseEntriesRequest(bool enabled);
bool allowExpiredCredentials();
void setAllowExpiredCredentials(bool enabled);
diff --git a/src/browser/BrowserSettingsWidget.cpp b/src/browser/BrowserSettingsWidget.cpp
index 3e2679e79..66ed778cc 100644
--- a/src/browser/BrowserSettingsWidget.cpp
+++ b/src/browser/BrowserSettingsWidget.cpp
@@ -108,7 +108,6 @@ void BrowserSettingsWidget::loadSettings()
// TODO: fix this
m_ui->showNotification->hide();
- m_ui->alwaysAllowAccess->setChecked(settings->alwaysAllowAccess());
m_ui->alwaysAllowUpdate->setChecked(settings->alwaysAllowUpdate());
m_ui->httpAuthPermission->setChecked(settings->httpAuthPermission());
m_ui->searchInAllDatabases->setChecked(settings->searchInAllDatabases());
@@ -118,7 +117,6 @@ void BrowserSettingsWidget::loadSettings()
m_ui->useCustomProxy->setChecked(settings->useCustomProxy());
m_ui->customProxyLocation->setText(settings->replaceHomePath(settings->customProxyLocation()));
m_ui->updateBinaryPath->setChecked(settings->updateBinaryPath());
- m_ui->allowGetDatabaseEntriesRequest->setChecked(settings->allowGetDatabaseEntriesRequest());
m_ui->allowExpiredCredentials->setChecked(settings->allowExpiredCredentials());
m_ui->chromeSupport->setChecked(settings->browserSupport(BrowserShared::CHROME));
m_ui->chromiumSupport->setChecked(settings->browserSupport(BrowserShared::CHROMIUM));
@@ -232,9 +230,7 @@ void BrowserSettingsWidget::saveSettings()
settings->setCustomProxyLocation(resolveCustomProxyLocation());
settings->setUpdateBinaryPath(m_ui->updateBinaryPath->isChecked());
- settings->setAllowGetDatabaseEntriesRequest(m_ui->allowGetDatabaseEntriesRequest->isChecked());
settings->setAllowExpiredCredentials(m_ui->allowExpiredCredentials->isChecked());
- settings->setAlwaysAllowAccess(m_ui->alwaysAllowAccess->isChecked());
settings->setAlwaysAllowUpdate(m_ui->alwaysAllowUpdate->isChecked());
settings->setHttpAuthPermission(m_ui->httpAuthPermission->isChecked());
settings->setSearchInAllDatabases(m_ui->searchInAllDatabases->isChecked());
diff --git a/src/browser/BrowserSettingsWidget.ui b/src/browser/BrowserSettingsWidget.ui
index 495ad36ed..2f9d627a8 100644
--- a/src/browser/BrowserSettingsWidget.ui
+++ b/src/browser/BrowserSettingsWidget.ui
@@ -279,13 +279,6 @@
- -
-
-
- Never ask before accessing credentials
-
-
-
-
@@ -340,16 +333,6 @@
- -
-
-
- Allow keepassxc-proxy to list all entries with their title, URL and UUID in connected databases.
-
-
- Allow limited access to all entries in connected databases (ignores site access restrictions)
-
-
-
-
diff --git a/src/browser/CMakeLists.txt b/src/browser/CMakeLists.txt
index 54c089d7f..22aa122c0 100644
--- a/src/browser/CMakeLists.txt
+++ b/src/browser/CMakeLists.txt
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-if(WITH_XC_BROWSER)
+if (WITH_XC_BROWSER)
include_directories(${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
set(keepassxcbrowser_SOURCES
@@ -41,5 +41,6 @@ if(WITH_XC_BROWSER)
endif()
add_library(keepassxcbrowser STATIC ${keepassxcbrowser_SOURCES})
- target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network ${BOTAN_LIBRARIES})
-endif()
+ target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network ${BOTAN_LIBRARIES}
+ keepassx_core)
+endif ()
diff --git a/src/core/Config.cpp b/src/core/Config.cpp
index 07a70210e..1dee1f73d 100644
--- a/src/core/Config.cpp
+++ b/src/core/Config.cpp
@@ -157,9 +157,7 @@ static const QHash configStrings = {
{Config::Browser_UseCustomProxy, {QS("Browser/UseCustomProxy"), Roaming, false}},
{Config::Browser_CustomProxyLocation, {QS("Browser/CustomProxyLocation"), Roaming, {}}},
{Config::Browser_UpdateBinaryPath, {QS("Browser/UpdateBinaryPath"), Roaming, true}},
- {Config::Browser_AllowGetDatabaseEntriesRequest, {QS("Browser/AllowGetDatabaseEntriesRequest"), Roaming, false}},
{Config::Browser_AllowExpiredCredentials, {QS("Browser/AllowExpiredCredentials"), Roaming, false}},
- {Config::Browser_AlwaysAllowAccess, {QS("Browser/AlwaysAllowAccess"), Roaming, false}},
{Config::Browser_AlwaysAllowUpdate, {QS("Browser/AlwaysAllowUpdate"), Roaming, false}},
{Config::Browser_HttpAuthPermission, {QS("Browser/HttpAuthPermission"), Roaming, false}},
{Config::Browser_SearchInAllDatabases, {QS("Browser/SearchInAllDatabases"), Roaming, false}},
diff --git a/src/core/Config.h b/src/core/Config.h
index ef7aa5fca..b119365a9 100644
--- a/src/core/Config.h
+++ b/src/core/Config.h
@@ -137,9 +137,7 @@ public:
Browser_UseCustomProxy,
Browser_CustomProxyLocation,
Browser_UpdateBinaryPath,
- Browser_AllowGetDatabaseEntriesRequest,
Browser_AllowExpiredCredentials,
- Browser_AlwaysAllowAccess,
Browser_AlwaysAllowUpdate,
Browser_HttpAuthPermission,
Browser_SearchInAllDatabases,
diff --git a/src/core/CustomData.cpp b/src/core/CustomData.cpp
index 1772cd62b..3c7f53678 100644
--- a/src/core/CustomData.cpp
+++ b/src/core/CustomData.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018 KeePassXC Team
+ * Copyright (C) 2023 KeePassXC Team
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -24,6 +24,7 @@ const QString CustomData::LastModified = QStringLiteral("_LAST_MODIFIED");
const QString CustomData::Created = QStringLiteral("_CREATED");
const QString CustomData::BrowserKeyPrefix = QStringLiteral("KPXC_BROWSER_");
const QString CustomData::BrowserLegacyKeyPrefix = QStringLiteral("Public Key: ");
+const QString CustomData::OptionPrefix = QStringLiteral("KPXC_OPTION_");
const QString CustomData::ExcludeFromReportsLegacy = QStringLiteral("KnownBad");
const QString CustomData::FdoSecretsExposedGroup = QStringLiteral("FDO_SECRETS_EXPOSED_GROUP");
const QString CustomData::RandomSlug = QStringLiteral("KPXC_RANDOM_SLUG");
diff --git a/src/core/CustomData.h b/src/core/CustomData.h
index 49e8a33ee..70c606bc6 100644
--- a/src/core/CustomData.h
+++ b/src/core/CustomData.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018 KeePassXC Team
+ * Copyright (C) 2023 KeePassXC Team
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -72,6 +72,7 @@ public:
static const QString FdoSecretsExposedGroup;
static const QString RandomSlug;
static const QString RemoteProgramSettings;
+ static const QString OptionPrefix;
// Pre-KDBX 4.1
static const QString ExcludeFromReportsLegacy;
diff --git a/src/core/DatabaseSettings.cpp b/src/core/DatabaseSettings.cpp
new file mode 100644
index 000000000..21de6baca
--- /dev/null
+++ b/src/core/DatabaseSettings.cpp
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2023 KeePassXC Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+#include "DatabaseSettings.h"
+#include "core/CustomData.h"
+#include "core/Global.h"
+#include "core/Metadata.h"
+
+Q_GLOBAL_STATIC(DatabaseSettings, s_databaseSettings);
+
+DatabaseSettings* DatabaseSettings::instance()
+{
+ return s_databaseSettings;
+}
+
+const QString DatabaseSettings::OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST =
+ QStringLiteral("BrowserAllowGetDatabaseEntriesRequest");
+const QString DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS = QStringLiteral("BrowserAlwaysAllowAccess");
+
+bool DatabaseSettings::getAlwaysAllowAccess(const QSharedPointer& db)
+{
+ return getCustomDataOption(db, DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS) == TRUE_STR;
+}
+
+void DatabaseSettings::setAlwaysAllowAccess(const QSharedPointer& db, bool enabled)
+{
+ setCustomDataOption(db, DatabaseSettings::OPTION_ALWAYS_ALLOW_ACCESS, enabled ? TRUE_STR : FALSE_STR);
+}
+
+bool DatabaseSettings::getAllowGetDatabaseEntriesRequest(const QSharedPointer& db)
+{
+ return getCustomDataOption(db, DatabaseSettings::OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST) == TRUE_STR;
+}
+
+void DatabaseSettings::setAllowGetDatabaseEntriesRequest(const QSharedPointer& db, bool enabled)
+{
+ setCustomDataOption(
+ db, DatabaseSettings::OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST, enabled ? TRUE_STR : FALSE_STR);
+}
+
+QString DatabaseSettings::getCustomDataOption(const QSharedPointer& db, const QString& key) const
+{
+ if (!db) {
+ return {};
+ }
+
+ return db->metadata()->customData()->value(CustomData::OptionPrefix + key);
+}
+
+void DatabaseSettings::setCustomDataOption(const QSharedPointer& db,
+ const QString& key,
+ const QString& value) const
+{
+ if (!db) {
+ return;
+ }
+
+ db->metadata()->customData()->set(CustomData::OptionPrefix + key, value);
+}
diff --git a/src/core/DatabaseSettings.h b/src/core/DatabaseSettings.h
new file mode 100644
index 000000000..3129e3671
--- /dev/null
+++ b/src/core/DatabaseSettings.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2023 KeePassXC Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+#ifndef DATABASESETTINGS_H
+#define DATABASESETTINGS_H
+
+#include "core/Database.h"
+#include
+
+class DatabaseSettings : public QObject
+{
+ Q_OBJECT
+
+public:
+ Q_DISABLE_COPY(DatabaseSettings)
+
+ explicit DatabaseSettings() = default;
+ ;
+ static DatabaseSettings* instance();
+
+ bool getAlwaysAllowAccess(const QSharedPointer& db);
+ void setAlwaysAllowAccess(const QSharedPointer& db, bool enabled);
+ bool getAllowGetDatabaseEntriesRequest(const QSharedPointer& db);
+ void setAllowGetDatabaseEntriesRequest(const QSharedPointer& db, bool enabled);
+
+ static const QString OPTION_ALLOW_GET_DATABASE_ENTRIES_REQUEST;
+ static const QString OPTION_ALWAYS_ALLOW_ACCESS;
+
+private:
+ QString getCustomDataOption(const QSharedPointer& db, const QString& key) const;
+ void setCustomDataOption(const QSharedPointer& db, const QString& key, const QString& value) const;
+};
+
+static inline DatabaseSettings* databaseSettings()
+{
+ return DatabaseSettings::instance();
+}
+
+#endif // DATABASESETTINGS_H
diff --git a/src/gui/dbsettings/DatabaseSettingsDialog.cpp b/src/gui/dbsettings/DatabaseSettingsDialog.cpp
index f309e56bd..7acc5bdc2 100644
--- a/src/gui/dbsettings/DatabaseSettingsDialog.cpp
+++ b/src/gui/dbsettings/DatabaseSettingsDialog.cpp
@@ -155,7 +155,9 @@ void DatabaseSettingsDialog::save()
return;
}
- // Browser settings don't have anything to save
+#ifdef WITH_XC_BROWSER
+ m_browserWidget->saveSettings();
+#endif
#ifdef WITH_XC_KEESHARE
m_keeShareWidget->saveSettings();
diff --git a/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.cpp b/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.cpp
index 7be217710..7f8d44bc7 100644
--- a/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.cpp
+++ b/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 KeePassXC Team
+ * Copyright (C) 2023 KeePassXC Team
* Copyright (C) 2018 Sami Vänttinen
*
* This program is free software: you can redistribute it and/or modify
@@ -69,6 +69,9 @@ CustomData* DatabaseSettingsWidgetBrowser::customData() const
void DatabaseSettingsWidgetBrowser::initialize()
{
+ m_ui->alwaysAllowAccess->setChecked(browserService()->getAlwaysAllowAccess());
+ m_ui->allowGetDatabaseEntriesRequest->setChecked(browserService()->getAllowGetDatabaseEntriesRequest());
+
updateModel();
settingsWarning();
}
@@ -84,6 +87,8 @@ void DatabaseSettingsWidgetBrowser::showEvent(QShowEvent* event)
bool DatabaseSettingsWidgetBrowser::saveSettings()
{
+ browserService()->setAlwaysAllowAccess(m_ui->alwaysAllowAccess->isChecked());
+ browserService()->setAllowGetDatabaseEntriesRequest(m_ui->allowGetDatabaseEntriesRequest->isChecked());
return true;
}
diff --git a/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.ui b/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.ui
index d323e2b47..44359e2fe 100644
--- a/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.ui
+++ b/src/gui/dbsettings/DatabaseSettingsWidgetBrowser.ui
@@ -54,8 +54,8 @@
KeePassXC-Browser settings
-
-
-
+
-
+
0
@@ -66,7 +66,7 @@
Convert legacy KeePassHTTP attributes to KeePassXC-Browser compatible custom data
- Disconnect all browsers
+ Refresh database root group ID
@@ -83,8 +83,8 @@
- -
-
+
-
+
0
@@ -92,7 +92,24 @@
- Refresh database root group ID
+ Disconnect all browsers
+
+
+
+ -
+
+
+ Never confirm before sending credentials to the extension
+
+
+
+ -
+
+
+ Allow a connected program to list all entries with their title, URL and UUID regardless of individual access restrictions
+
+
+ Allow limited access to all entries (may be used by third-party solutions)
diff --git a/tests/TestBrowser.cpp b/tests/TestBrowser.cpp
index 09bd94cfe..d8a94d6c0 100644
--- a/tests/TestBrowser.cpp
+++ b/tests/TestBrowser.cpp
@@ -19,6 +19,7 @@
#include "browser/BrowserMessageBuilder.h"
#include "browser/BrowserSettings.h"
+#include "core/DatabaseSettings.h"
#include "core/Group.h"
#include "core/Tools.h"
#include "crypto/Crypto.h"
@@ -740,3 +741,25 @@ void TestBrowser::testRestrictBrowserKey()
QCOMPARE(sorted[2]->url(), QString("https://example.com/2"));
QCOMPARE(sorted[3]->url(), QString("https://example.com/0"));
}
+
+void TestBrowser::testGetDatabaseEntries()
+{
+ auto db = QSharedPointer::create();
+ auto* root = db->rootGroup();
+
+ QStringList urls = {"https://github.com/loginpage", "https://test.github.com/", "https://github.com/"};
+ auto entries = createEntries(urls, root);
+ Q_UNUSED(entries)
+
+ bool accessDenied = true;
+
+ databaseSettings()->setAllowGetDatabaseEntriesRequest(db, false);
+ auto result = browserService()->getDatabaseEntries(&accessDenied, db);
+ QCOMPARE(accessDenied, true);
+ QCOMPARE(result.isEmpty(), true);
+
+ databaseSettings()->setAllowGetDatabaseEntriesRequest(db, true);
+ result = browserService()->getDatabaseEntries(&accessDenied, db);
+ QCOMPARE(accessDenied, false);
+ QCOMPARE(result.isEmpty(), false);
+}
diff --git a/tests/TestBrowser.h b/tests/TestBrowser.h
index 6b53a577d..59d47a3fa 100644
--- a/tests/TestBrowser.h
+++ b/tests/TestBrowser.h
@@ -50,6 +50,7 @@ private slots:
void testBestMatchingCredentials();
void testBestMatchingWithAdditionalURLs();
void testRestrictBrowserKey();
+ void testGetDatabaseEntries();
private:
QList createEntries(QStringList& urls, Group* root) const;