Add check for database files when selecting a key file

Reject own database file as the key file. Prompt for other kdbx files as key files. Also add a static warning message to the key file selection dialog
2024-09-20 08:05:40 +00:00 · 2019-10-16 15:11:47 +02:00 · 2019-10-16 15:11:47 +02:00 · a1e12c1b30
commit a1e12c1b30
parent 99a2d66086
5 changed files with 52 additions and 3 deletions
--- a/src/gui/dbsettings/DatabaseSettingsWidget.cpp
+++ b/src/gui/dbsettings/DatabaseSettingsWidget.cpp
@ -43,3 +43,9 @@ void DatabaseSettingsWidget::load(QSharedPointer<Database> db)
    m_db = std::move(db);
    initialize();
 }
+
+const QSharedPointer<Database> DatabaseSettingsWidget::getDatabase() const
+{
+    return m_db;
+}
+
--- a/src/gui/dbsettings/DatabaseSettingsWidget.h
+++ b/src/gui/dbsettings/DatabaseSettingsWidget.h
@ -38,6 +38,8 @@ public:

    virtual void load(QSharedPointer<Database> db);

+    const QSharedPointer<Database> getDatabase() const;
+
 signals:
    /**
     * Can be emitted to indicate size changes and allow parents widgets to adjust properly.
--- a/src/gui/masterkey/KeyFileEditWidget.cpp
+++ b/src/gui/masterkey/KeyFileEditWidget.cpp
@ -17,6 +17,7 @@

 #include "KeyFileEditWidget.h"
 #include "ui_KeyFileEditWidget.h"
+#include <gui/dbsettings/DatabaseSettingsWidget.h>

 #include "gui/FileDialog.h"
 #include "gui/MainWindow.h"
@ -24,9 +25,10 @@
 #include "keys/CompositeKey.h"
 #include "keys/FileKey.h"

-KeyFileEditWidget::KeyFileEditWidget(QWidget* parent)
+KeyFileEditWidget::KeyFileEditWidget(DatabaseSettingsWidget* parent)
    : KeyComponentWidget(parent)
    , m_compUi(new Ui::KeyFileEditWidget())
+    , m_parent(parent)
 {
    setComponentName(tr("Key File"));
    setComponentDescription(tr("<p>You can add a key file containing random bytes for additional security.</p>"
@ -120,6 +122,26 @@ void KeyFileEditWidget::browseKeyFile()
    QString filters = QString("%1 (*.key);;%2 (*)").arg(tr("Key files"), tr("All files"));
    QString fileName = fileDialog()->getOpenFileName(this, tr("Select a key file"), QString(), filters);

+    if (QFileInfo(fileName).canonicalFilePath() == m_parent->getDatabase()->canonicalFilePath()) {
+        MessageBox::critical(getMainWindow(),
+                             tr("Invalid Key File"),
+                             tr("You cannot use the current database as its own keyfile. Please choose a different "
+                                "file or generate a new key file."));
+        return;
+    } else if (fileName.endsWith(".kdbx", Qt::CaseInsensitive)) {
+        auto response =
+            MessageBox::warning(getMainWindow(),
+                                tr("Suspicious Key File"),
+                                tr("The chosen key file looks like a password database file. A key file must be a "
+                                   "static file that never changes or you will lose access to your database "
+                                   "forever.\nAre you sure you want to continue with this file?"),
+                                MessageBox::Continue | MessageBox::Cancel,
+                                MessageBox::Cancel);
+        if (response != MessageBox::Continue) {
+            return;
+        }
+    }
+
    if (!fileName.isEmpty()) {
        m_compUi->keyFileCombo->setEditText(fileName);
    }
--- a/src/gui/masterkey/KeyFileEditWidget.h
+++ b/src/gui/masterkey/KeyFileEditWidget.h
@ -26,12 +26,15 @@ namespace Ui
    class KeyFileEditWidget;
 }

+class DatabaseSettingsWidget;
+
 class KeyFileEditWidget : public KeyComponentWidget
 {
    Q_OBJECT

+
 public:
-    explicit KeyFileEditWidget(QWidget* parent = nullptr);
+    explicit KeyFileEditWidget(DatabaseSettingsWidget* parent);
    Q_DISABLE_COPY(KeyFileEditWidget);
    ~KeyFileEditWidget() override;

@ -49,6 +52,7 @@ private slots:
 private:
    const QScopedPointer<Ui::KeyFileEditWidget> m_compUi;
    QPointer<QWidget> m_compEditWidget;
+    const QPointer<DatabaseSettingsWidget> m_parent;
 };

 #endif // KEEPASSXC_KEYFILEEDITWIDGET_H
--- a/src/gui/masterkey/KeyFileEditWidget.ui
+++ b/src/gui/masterkey/KeyFileEditWidget.ui
@ -6,7 +6,7 @@
   <rect>
    <x>0</x>
    <y>0</y>
-    <width>364</width>
+    <width>370</width>
    <height>76</height>
   </rect>
  </property>
@ -72,6 +72,21 @@
     </property>
    </spacer>
   </item>
+   <item row="1" column="0">
+    <widget class="QLabel" name="label">
+     <property name="font">
+      <font>
+       <italic>true</italic>
+      </font>
+     </property>
+     <property name="text">
+      <string>Note: Do not use a file that may change as that will prevent you from unlocking your database!</string>
+     </property>
+     <property name="wordWrap">
+      <bool>true</bool>
+     </property>
+    </widget>
+   </item>
  </layout>
 </widget>
 <resources/>