From a070f1bce7efcc5ce89aea533b181b0fa8c6dea0 Mon Sep 17 00:00:00 2001 From: varjolintu Date: Sat, 8 Dec 2018 12:12:52 +0200 Subject: [PATCH] Handle retrieving credentials from HTTP Basic Auth --- src/browser/BrowserAction.cpp | 4 +++- src/browser/BrowserOptionDialog.cpp | 2 ++ src/browser/BrowserOptionDialog.ui | 7 +++++++ src/browser/BrowserService.cpp | 18 +++++++++++++++--- src/browser/BrowserService.h | 8 ++++++-- src/browser/BrowserSettings.cpp | 10 ++++++++++ src/browser/BrowserSettings.h | 2 ++ 7 files changed, 45 insertions(+), 6 deletions(-) diff --git a/src/browser/BrowserAction.cpp b/src/browser/BrowserAction.cpp index 97ead6a34..4357718b3 100644 --- a/src/browser/BrowserAction.cpp +++ b/src/browser/BrowserAction.cpp @@ -251,7 +251,9 @@ QJsonObject BrowserAction::handleGetLogins(const QJsonObject& json, const QStrin const QString id = decrypted.value("id").toString(); const QString submit = decrypted.value("submitUrl").toString(); - const QJsonArray users = m_browserService.findMatchingEntries(id, url, submit, "", keyList); + const QString auth = decrypted.value("httpAuth").toString(); + const bool httpAuth = auth.compare("true", Qt::CaseSensitive) == 0 ? true : false; + const QJsonArray users = m_browserService.findMatchingEntries(id, url, submit, "", keyList, httpAuth); if (users.isEmpty()) { return getErrorReply(action, ERROR_KEEPASS_NO_LOGINS_FOUND); diff --git a/src/browser/BrowserOptionDialog.cpp b/src/browser/BrowserOptionDialog.cpp index 27dce7994..78a51d2aa 100644 --- a/src/browser/BrowserOptionDialog.cpp +++ b/src/browser/BrowserOptionDialog.cpp @@ -100,6 +100,7 @@ void BrowserOptionDialog::loadSettings() m_ui->alwaysAllowAccess->setChecked(settings->alwaysAllowAccess()); m_ui->alwaysAllowUpdate->setChecked(settings->alwaysAllowUpdate()); + m_ui->httpAuthPermission->setChecked(settings->httpAuthPermission()); m_ui->searchInAllDatabases->setChecked(settings->searchInAllDatabases()); m_ui->supportKphFields->setChecked(settings->supportKphFields()); m_ui->supportBrowserProxy->setChecked(settings->supportBrowserProxy()); @@ -156,6 +157,7 @@ void BrowserOptionDialog::saveSettings() settings->setUpdateBinaryPath(m_ui->updateBinaryPath->isChecked()); settings->setAlwaysAllowAccess(m_ui->alwaysAllowAccess->isChecked()); settings->setAlwaysAllowUpdate(m_ui->alwaysAllowUpdate->isChecked()); + settings->setHttpAuthPermission(m_ui->httpAuthPermission->isChecked()); settings->setSearchInAllDatabases(m_ui->searchInAllDatabases->isChecked()); settings->setSupportKphFields(m_ui->supportKphFields->isChecked()); diff --git a/src/browser/BrowserOptionDialog.ui b/src/browser/BrowserOptionDialog.ui index c01be920b..2b32bb9e8 100755 --- a/src/browser/BrowserOptionDialog.ui +++ b/src/browser/BrowserOptionDialog.ui @@ -267,6 +267,13 @@ + + + + Do not ask permission for HTTP &Basic Auth + + + diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp index 945f1303a..6b85c7864 100644 --- a/src/browser/BrowserService.cpp +++ b/src/browser/BrowserService.cpp @@ -207,7 +207,8 @@ QJsonArray BrowserService::findMatchingEntries(const QString& id, const QString& url, const QString& submitUrl, const QString& realm, - const StringPairList& keyList) + const StringPairList& keyList, + const bool httpAuth) { QJsonArray result; if (thread() != QThread::currentThread()) { @@ -219,11 +220,13 @@ QJsonArray BrowserService::findMatchingEntries(const QString& id, Q_ARG(QString, url), Q_ARG(QString, submitUrl), Q_ARG(QString, realm), - Q_ARG(StringPairList, keyList)); + Q_ARG(StringPairList, keyList), + Q_ARG(bool, httpAuth)); return result; } const bool alwaysAllowAccess = browserSettings()->alwaysAllowAccess(); + const bool ignoreHttpAuth = browserSettings()->httpAuthPermission(); const QString host = QUrl(url).host(); const QString submitHost = QUrl(submitUrl).host(); @@ -231,6 +234,12 @@ QJsonArray BrowserService::findMatchingEntries(const QString& id, QList pwEntriesToConfirm; QList pwEntries; for (Entry* entry : searchEntries(url, keyList)) { + // HTTP Basic Auth always needs a confirmation + if (!ignoreHttpAuth && httpAuth) { + pwEntriesToConfirm.append(entry); + continue; + } + switch (checkAccess(entry, host, submitHost, realm)) { case Denied: continue; @@ -642,7 +651,10 @@ QJsonObject BrowserService::prepareEntry(const Entry* entry) } BrowserService::Access -BrowserService::checkAccess(const Entry* entry, const QString& host, const QString& submitHost, const QString& realm) +BrowserService::checkAccess(const Entry* entry, + const QString& host, + const QString& submitHost, + const QString& realm) { BrowserEntryConfig config; if (!config.load(entry)) { diff --git a/src/browser/BrowserService.h b/src/browser/BrowserService.h index 6c84696f9..335f2a13b 100644 --- a/src/browser/BrowserService.h +++ b/src/browser/BrowserService.h @@ -67,7 +67,8 @@ public slots: const QString& url, const QString& submitUrl, const QString& realm, - const StringPairList& keyList); + const StringPairList& keyList, + const bool httpAuth = false); QString storeKey(const QString& key); void updateEntry(const QString& id, const QString& uuid, @@ -101,7 +102,10 @@ private: const QString& submitHost, const QString& realm); QJsonObject prepareEntry(const Entry* entry); - Access checkAccess(const Entry* entry, const QString& host, const QString& submitHost, const QString& realm); + Access checkAccess(const Entry* entry, + const QString& host, + const QString& submitHost, + const QString& realm); Group* findCreateAddEntryGroup(QSharedPointer selectedDb = {}); int sortPriority(const Entry* entry, const QString& host, const QString& submitUrl, const QString& baseSubmitUrl) const; diff --git a/src/browser/BrowserSettings.cpp b/src/browser/BrowserSettings.cpp index f1f9667f8..fe3d55527 100644 --- a/src/browser/BrowserSettings.cpp +++ b/src/browser/BrowserSettings.cpp @@ -121,6 +121,16 @@ void BrowserSettings::setAlwaysAllowUpdate(bool alwaysAllowUpdate) config()->set("Browser/AlwaysAllowUpdate", alwaysAllowUpdate); } +bool BrowserSettings::httpAuthPermission() +{ + return config()->get("Browser/HttpAuthPermission", false).toBool(); +} + +void BrowserSettings::setHttpAuthPermission(bool httpAuthPermission) +{ + config()->set("Browser/HttpAuthPermission", httpAuthPermission); +} + bool BrowserSettings::searchInAllDatabases() { return config()->get("Browser/SearchInAllDatabases", false).toBool(); diff --git a/src/browser/BrowserSettings.h b/src/browser/BrowserSettings.h index 0a9dc8261..b00c75b71 100644 --- a/src/browser/BrowserSettings.h +++ b/src/browser/BrowserSettings.h @@ -51,6 +51,8 @@ public: void setAlwaysAllowUpdate(bool alwaysAllowUpdate); bool searchInAllDatabases(); void setSearchInAllDatabases(bool searchInAllDatabases); + bool httpAuthPermission(); + void setHttpAuthPermission(bool httpAuthPermission); bool supportKphFields(); void setSupportKphFields(bool supportKphFields);