* macOS and Windows browsers do not use `Alt+#` to change tabs. Windows uses `Ctrl` and macOS uses `Command`. Linux uses `Alt`.
* Remove shortcut for `Key+0` and assign `Key+9` as last tab selection
* Streamline tab selection code in MainWindow
The way the class is currently being used, the cache never does
anything (because evaluate is never invoked twice for the same
entry), so according to YAGNI it has to go.
Fixes#551
Introduce a password health check to the application that evaluates every entry in a database. Entries that fail various tests are listed for user review and action. Also moves the statistics panel to the new Database -> Reports widget. Recycled entries are excluded from the results.
We now have two classes, PasswordHealth to deal with a single password and HealthChecker to deal with all passwords of a database.
Tests include passwords that are expired, re-used, and weak.
* Closes#551
* Move zxcvbn usage to a centralized class (PasswordHealth) and replace its usages across the application to ensure standardized interpretation of entropy calculations.
* Add new icons for the database reports view
* Updated the demo database to show off the reports
* make Clip accept an attribute name
This allows users to copy arbitrary attributes (e.g. username, notes,
URL) to the clipboard in addition to the password and TOTP values.
* update Clip manpage
* Add findAttributes to CLI utils
* Use case-insensitive search in Show command.
* Use case-insensitive search in Clip command.
Co-authored-by: louib <L0U13@protonmail.com>
With the Material Design icons, any other icons brought in through
the system icon theme will look inconsistent.
Also remove the KEEPASSXC_IGNORE_ICON_THEME environment variable
(which was introduced during development of the new icons to
disable the system icon theme and is thus no longer needed).
Fixes#475
Added an option to set the target decryption time on database creation
for the CLI create command. This required some refactoring, in
particular the extraction of the min, max and defaut decryption times in
the `Kdf` module. Some work was done to allow changing those constant
only in the `Kdf` module, should we ever want to change them.
Removes unnecessary & from strings in settings widgets. These cause confusion and complicate translation. They are unnecessary as all dialogs allow efficient tabbing between elements.
Also add colons after several settings with input boxes and remove a hard stop.
Improve wording of strings based on translator feedback.
Fix case sensitive matching of CLI Export.
- Remove duplicate code to load a key (EditEntryWidget & SSHAgent)
- Refactor all key loading and saving to KeeAgentSettings
- Depend only on Entry to allow future CLI expansion
* Fix#4079 - proxy host would get stuck trying to read characters from stdin. Switch to "readsome" which does not block if there are not enough characters to read. Added a longer delay to slow the checking loop down.
* Prefer clearing clipboard by explicitly setting the clipboard to an empty string. Qt's QClipboard::clear() method is unreliable under X11 environment.
* Fixes#4126
* Fix#4093 - The first entry in the list is selected after deleting an entry
* Prevents crashes due to dangling pointers held by the Entry Preview Widget when entries were deleted.
* Improve GUI tests to ensure this new behavior occurs.
It's used extremely rarely, having it in such a prominent position
in the tool bar isn't justified. Also, with the Material Design
icons, its tool bar icon can easily be confused with "create new
entry".
Fixes#475
Use the following to run KeePassXC with the icons from the
source code, ignoring the operating system's Qt icon theme:
```
KEEPASSXC_IGNORE_ICON_THEME=1 keepassxc
```
The patch further adds a script `makeicons.sh` that re-creates KeePassXC
icons from the Material Design icon set and can be used for easily
updating icons in the future. Instructions are in the script.
Fixes#475
The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.
This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.
Fixes#4146
* Remove deprecation warnings when not doing a DEV_BUILD. Qt 5.14 introduced several deprecation flags on basic function calls in QList and QSet that would require several #pragma ignores. Assuming this was in preparation to Qt 6.0.
* Remove unnecessary assert in PasswordEditWidget that was hit in macOS debug builds.
- Use proper model for database and session in settings page
- Fix button text (unlock/lock) not changed according to the database locking status
- Fix button icons not present on icon themes other than Breeze
- Fix the disconnect button may got clipped when new session opens
Rename 'k' to 'f' because 'k' is already used to specify the key for the target database of the merge
* Remove short -f option from keepassxc-cli.1
* Remove -f option from keepassxc-cli merge
* Add test cases covering cli options for merge
* Add functional test for merge with keys
This commit reverts #3357.
The previous PR is for the new symbol NSEventMaskKeyDown, which is
introduced in #3347. In #3794, #3347 is reverted, so the workaround
in #3357 is no longer needed. Furthermore, it causes build failures
on 10.11 (#3932) as the header file for type NSEventMask is removed
in #3794, too.
Note that this is not a complete fix. A complete patch can be found
at [1]. In MacPorts, the OS version for building a package is the same
as the OS that installs it, so #ifdef can be used to replace @available.
The latter language feature is not available until Xcode 9.
With the patch mentioned in the previous paragraph, KeePassXC 2.5.1
can be built on Mac OS X 10.9 or newer.
Ref: #2899
[1] de1bb703ad/security/KeePassXC/files/patch-old-mac.diff
This makes most tests run successfully with asan.
The GUI tests still have a bunch of leaks, some from library code, and
some that look real but which I didn't immediately manage to figure out.
* TestOpVaultReader: use QSharedPointer
* Fix#3933 and fix#3857. Interaction with entries and groups is disabled while the database is being reloaded or saved to prevent changes from occurring. Prevent the database from being reloading if an entry or group is currently being edited.
* Fix#3941 - Only notify components when the database file actually changes (determined by checksum). This prevents spurious merge requests when the file is merely touched by another service (e.g., DropBox).
* Fix code format of ElidedLabel.cpp
* Mark the database as clean after fully completing the file save operation INSTEAD of when merely writing the database to a file.
* Stop the modified timer when marking the database as clean, this prevents latent erroneous modified signals from being emitted.
* Do not restart the modified timer after a new change is detected while it is still running.
Adding a new line after the message "Evaluating database entries against HIBP file, this will take a while..." helps
to separate a report and the comment.
Adding a new line after the message "Evaluating database entries against HIBP file, this will take a while..." helps
to separate a report and the comment.
* Fix#3701 - replace QLabel with QTextEdit to enable scrolling of notes
* Notes are plain text. They will remain as plain text and hyperlinks will not be enabled in the notes. Until the notes editor is moved to a rich text / html editor this will remain the case.
* Convert username and password fields in preview pane to QLineEdit's to allow for full copying and viewing if larger than the field width.
* Fix#3688 - hide the sequences column if all of the entry matches return the same sequence. This cleans up redundent data in the Auto-Type selection dialog introduced in 2.5.0.
The transformed secrets were stored in normal QByteArrays,
which are at risk of being swapped out. We now use secure
PasswordKey objects instead. There are still a few areas
where QByteArrays are used for storing secrets, but since
they are all temporary, they are less critical. It may be
worth hunting those down as well, though.
When we lock a database, we reset the database pointer to
free its resources. Since various other widgets besides the
DatabaseWidget hold references to the shared pointer object,
however, it cannot be guaranteed that the actual database
object will be freed right away. This patch adds a releaseData()
method which is called upon database lock to ensure all
residual data is cleared without having to rely on the actual
database object being cleaned up.
* Fix#3754 - Accept valid TOTP keys that require padding when converted to Base32.
* Allow use of spaces and lower case letters in the TOTP secret key.
* Fix#3334 - AutoOpen is now processed after the database widget is put into view mode to prevent infinite recursion of unlock attempts if two databases auto open each other.
* Fix#3735 - Don't focus on OpenDatabaseWidget fields that are not visible; ensures password field is focused after database lock.
* Fix#3487 - Password input is selected after failed unlock.
* Fix#1938 - Password input is focused after toggling visibility using the keyboard
This is just a cosmetic change. On KDE Plasma, the title of the tray icon is set by either the name of the binary, or by calling `setApplicationName()`. So having it properly stylized looks better.
* FdoSecrets: create prompt object only when necessary
* FdoSecrets: negotiationOutput should always return a valid QVariant otherwise QDBus will fail to create a reply, causing timeout in client.
* FdoSecrets: include in debug info
The new unlock dialogue seems to confuse users
as to what the purpose of the key file is. This
patch changes the generic "Select file..." affordance
to the more explicit "Select key file..." and adds
a help button to the label just like the one we
already have for the hardware key. Furthermore,
it prevents the user from using the KDBX file as its
own key file (since that would never work anyway).
The change breaks existing translations on purpose
(instead of simply adjusting the en_US locale)
in order to force translators to update this string
for their languages.
Resolves#3678
This is required to show the keepassxc icon on Wayland windows in a
Plasma Wayland session.
kwin_wayland fetches application icons from .desktop files and it
expects the desktop filename to be set on the QGuiApplication instance.
Without this, kwin sets a generic Wayland icon as fallback.
One some operating systems malloc(3) is not in malloc.h nor in
malloc_np.h, instead it is in stdlib.h.
In addition, not all systems support malloc_usable_size(3). You could
argue it's not safe.
This patch tries to be portable and it fix the build on OpenBSD.
* Fix#3699
Reduce file watch hashing of open database files from every second to every 30 seconds. Additionally, only hash the first 1024 bytes of the database file. This is valid since most of the header and the entire encrypted portion are changed significantly on every save.
* Fix#3550
* Default memory reduced to 64 MiB (from 128 MiB) and parallelism reduced to 2 threads. This allows for desktop and mobile device compatibility.
Resolves#3410.
Additionally, "fix" main window toggling behaviour when
clicking the tray icon while the window is visible, but
not in focus (e.g. hidden by other windows). On platforms
other than Windows, the window is now brought to the front
if it does not already have focus or is toggled otherwise.
Remove obsolete Windows session end handling code.
* Add a missing include in src/core/Alloc.cpp
On Mac OS X 10.11 with Xcode 8.2.1, building fails with
/opt/local/var/macports/build/_opt_bblocal_var_buildworker_ports_build_ports_security_KeePassXC/KeePassXC-devel/work/keepassxc-f726d7501ff7e8a66ae974719042f23010716595/src/core/Alloc.cpp:44:10: error: no type named 'free' in namespace 'std'
std::free(ptr);
~~~~~^
Per [1], std::free() needs #include <cstdlib>. That file is included
indirectly on newer systems.
* Avoid const Signature object in src/keeshare/ShareExport.cpp
After the above issue is resolved, building fails at
/opt/local/var/macports/build/_opt_bblocal_var_buildworker_ports_build_ports_security_KeePassXC/KeePassXC-devel/work/keepassxc-f726d7501ff7e8a66ae974719042f23010716595/src/keeshare/ShareExport.cpp:152:29: error: default initialization of an object of const type 'const Signature' without a user-provided default constructor
const Signature signer;
^
Apparently this is related to C++ defect 253 [2]. From the code,
creating a Signature is not needed as all methods in Signature are
static, so just call the method.
[1] https://en.cppreference.com/w/cpp/memory/c/free
[2] https://stackoverflow.com/a/47368753
if KeePassXC is compiled with WITH_XC_KEESHARE=OFF, the "Share" tab of
the EntryPreviewWidget for groups is removed from the GUI completely.
closes#3619.
this is a fix for an obvious regression. there was some refactoring
going on around here since the 2.4.3 release, and the return value of
ShareExport::intoContainer has since been neglected. with this change
the info banner showing errors/warnings/info/success after exporting a
database tree with KeeShare is shown again.
* Fix#3651
* Correct data loss when the database reloads due to a file change while creating a new entry. The issue occurred due to the "new parent group" pointer being invalid after the database is reloaded following merge.
* Also fix re-selecting entries following database file reload. If the entry was moved out of the current group it would result in an assert hit. This fix prevents recursively looking for the entry.
* Fixes#2813
Added special context menu for entries to move the most-used actions to the top.
Re-ordered actions in the entry menu to be more user friendly.
* Fixes#2118
Enables select entry actions when editing an entry. This allows users to copy the password of the entry, for example.
Note: unsaved changes to the entry will not be copied to the clipboard.
* Fix#3506
* Fix#2389
* Fix#2536
* Fix#2230
Every database that has been opened now watch's it's own file. This allows the database class to manage file changes and detect fail conditions during saving. Additionally, all stakeholders of the database can listen for the database file changed notification and respond accordingly.
Performed significant cleanup of the autoreload code within DatabaseWidget. Fixed several issues with handling changes due to merging, not merging, and other scenarios while reloading.
Prevent database saves to the same file if there are changes on disk that have not been merged with the open database.
Fixes#3365
Add prompt to delete the recycle bin when disabling it. If the user chooses not to delete it, the recycle bin will be suffixed with "(old)" and the icon changed to the default group icon.
Also moved recycle bin creation within the database class where it belongs.
* Fix#3142 - Warn user when entering invalid TOTP secret key.
* Fix#773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button.
* Add ability to choose hash algorithm from the TOTP setup dialog
* Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss
Ran make format
* Fix#3351
On macOS, entry specific Auto-Type (Cmd+Shift+V) now raises the last active window before lowering the KeePassXC window. This improves accuracy of the window that is actually typed into.
* Fixes#398
The new Browser Integration entry settings page has a list view with any additional URL's. These URL's are added to the entry attributes with KP2A_URL_<counter>, which means those are directly compatible with Keepass2Android.
* Fix#3609 - Request screen reader permission by faking a 1px screenshot. Thanks to MacPass for this idea.
* Fix#3578 - Remove duplicate sandbox entitlement
* Fix#3270 - Use executable path reference for libquazip
The CLI now contains an "import" command that creates a new database from the specified XML export. The new database is in kdbx 4 format, and does not currently accept a keyfile in database creation.
This change is required to create new databases from XML backups.
Fixes#2458
Added new page "Statistics" to the Database Settings dialog that shows information like number of groups and entries, number of unique and re-used passwords, average password length, etc.
Show warnings for problematic values with explainations for the user in tooltips.
Fixes#2034
Database statistics icon:
Downloaded from: https://www.flaticon.com/authors/freepik
Original source: https://www.flaticon.com/free-icon/bars-chart_265733
