* Snap: Improve Web-browser Native Messaging host functionality
This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests
This is done by making the binary aware of the snapd environment changes that currently prevent this.
Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files.
Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous)
that you must manually run `sudo snap connect keepassxc:browser-native-messaging` to grant permissions.
This will work on all distributions that expose `/snap/bin/` - such as Ubuntu, Debian, etc.
For systems which don't provide `/snap/`, such as Fedora, follow instructions for enabling "Classic" snaps.
e.g., `sudo ln -s /var/lib/snapd/snap /snap`
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Botan: use raw_private_key_bits() if available
Botan 3.x introduces raw_private_key_bits() as an alias for
get_private_key(), and deprecates the latter.
* Botan: use Cipher_Dir::Encryption
Botan 3.x introduces Cipher_Dir::Encryption as an alias for
Cipher_Dir::ENCRYPTION, and deprecates the latter. Likewise for
Decryption/DECRYPTION.
* Avoids using QDialog which breaks the standalone password generator
Revert "Fix password dialog close button"
This reverts commit 5b47190fcc4b2f51fb11849cef7f53346e8fe439.
Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification.
Notable changes:
- _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction.
- A new helper class _PasskeyUtils_ includes the actual checks and parses the objects.
- _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils.
- Fixes Ed25519 encoding in _BrowserCBOR_.
- Adds new error messages.
- User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user.
- `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it.
- Extension data is now handled correctly during Authentication.
- Allowed and excluded credentials are now handled correctly.
- `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID`
- Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers.
- Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey.
Fixes#10287.
Fix Botan 3 build (#9388)
* SymmetricCipher: Fix Botan 3 build
Botan commit 819cf8fe6278a19b8266f449228f02fc28a4f784 changed Botan::Cipher_Dir to be a scoped enumeration, so the users must be adapted.
This change causes no issues with Botan 2 because normal enumeration values can also be referred to the same way scoped enumeration values are accessed.
* Auto detect Botan3
* AsyncTask: Do not use `std::result_of`
`std::result_of` was deprecated in C++17 and then it was subsequently removed in C++20. One could use `std::invoke_result_t`, but let Qt figure out the return type instead.
* Collapse Botan2 and Botan3 find package into one
* Update COPYING
