Replace a QVector for the wordlist with a QSet. This removes all duplicate entries in a given wordlist.
Thus, it hinders a malicious wordlist that has the proper length (>4000 entries) but with repetitions (effectively << 4000 entries) to be used and potentially create weaker passphrases than estimated.
Example:
List with 4000 items but only 64 unique words would lead to only 48 bit of Entropy instead of ~95 bit!
It turns out that the previous implementation, based on installing an event filter in every QAction instance, does not work on macOS, likely due to a Qt bug.
Attempt to work around this by using a different implementation of the same idea, by reacting to ShortcutOverride events in the MainWindow object.
Fixes#10929.
This PR splits the GUI source files from the core source files. The immediate goal is to allow the CLI to require only a minimum number of dynamic libraries. The long term goal is to create an architectural boundary around the core module, in preparation of libkdbx.
Fix a bug in the database key settings dialog, where it was previously
always incorrectly applying an empty password if the password was not
changed but some other change was made (e.g. adding or removing a key
file).
Previously, in a pattern like "{TIME:yy} {TIME}",
substituteBackupFilePath() would greedily use the entire string
"yy} {TIME" as the format specifier for the first TIME template, instead
of just "yy". Fix this, by adjusting the regular expression.
This ends up changing the behaviour of a weird corner case that is
covered in the tests, so change the test. I don't think anyone cares
about that case, and I think the current behaviour is better there.
Fixes#10505 (proved by adding a test case very similar to what was
reported there).
Includes following changes:
* Encryption Settings now has a similar key with the new database wizard for switching between Advanced and Simple Settings
* The extra UI layer DatabaseSettingsDialog.ui has been removed. DatabaseSettingsDialog class now inherits EditWidget instead of DialogyWidget (just like Application Settings).
* Extra classes for separate page settings (DatabaseSettingsPageFdoSecrets, DatabaseSettingsPageKeeShare) have been removed. Instead the widgets are used directly in DatabaseSettingsDialog. Same could be done later to Application
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Deprecated qSort() -> std::sort()
* Replace QDateTime::toString(Qt::DefaultLocaleShortDate) with Clock::toString()
* Replace QDateTime::toString(Qt::SystemLocaleShortDate) with QLocale::system().toString(..., QLocale::ShortFormat)
* Use QDateTime::startOfDay() instead of QDate(QDateTime)
Note: QDateTime::startOfDay() is only available in Qt 5.14, we need to guard it
* Replace QString::SkipEmptyParts with Qt::SkipEmptyParts
Note: Its designated replacement, Qt::SplitBehavior, was only added in Qt 5.14.
* Don't call deprecated QFlags(nullptr) constructor
* QSet::{toList->values}
* Replace QList::toSet, QSet::fromList with Tools::asSet()
* QHash::insertMulti -> QMultiHash::insert
* QProcess::startDetached: non-deprecated overload
* QProcess::{pid->processId}
* QPainter::{HighQuality->}Antialiasing
* QPalette::{background->window}()
* Use Qt::{Background,Foreground}Role
* endl -> Qt::endl, flush -> Qt::flush
* Make YubiKey::s_interfaceMutex non-recursive
* OpenSSHKeyGenDialog: use non-deprecated QComboBox::sizeAdjustPolicy setting
When selecting "Database → Import Passkey", we show a file picker.
Previously, we did not specify a parent widget for it. This could have
undesirable effects on its presentation. (For example, with the Sway
tiling Wayland compositor, it would show the file picker as a tiled
window rather than a floating one.)
Fix the issue by passing in the parent widget. This is also in line with
all other usages of FileDialog::getOpenFileName() in this project.
Bump the minimum required Qt version up to 5.12, as per
https://github.com/keepassxreboot/keepassxc/issues/10859#issuecomment-2148477826.
Previously, the minimum version was 5.2.0 based on the CMakeLists.txt
check, though it's unclear if such old versions would actually work.
With this, we are able to remove a whole bunch of #ifdef'd code.
When the keepassxc window is shown something generetes a hide event, and it is hidden again immediately.
The 50ms interval for avoiding hiding the window when shown is not enough, even on modern systems.
Make the interval longer.
Change type of Handle on FreeBSD. On FreeBSD the libusb_hotplug_register_callback() function uses a pointer to a struct as a handle.
---------
Co-authored-by: Janek Bevendorff <janek@keepassxc.org>
* Snap: Improve Web-browser Native Messaging host functionality
This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests
This is done by making the binary aware of the snapd environment changes that currently prevent this.
Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files.
Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous)
that you must manually run `sudo snap connect keepassxc:browser-native-messaging` to grant permissions.
This will work on all distributions that expose `/snap/bin/` - such as Ubuntu, Debian, etc.
For systems which don't provide `/snap/`, such as Fedora, follow instructions for enabling "Classic" snaps.
e.g., `sudo ln -s /var/lib/snapd/snap /snap`
---------
Co-authored-by: Jonathan White <support@dmapps.us>
When the user chooses to copy the password for an entry to the clipboard, previously there was logic to check if text was selected, and if so, that text was instead copied to the clipboard. That made sense if
(a) the user invoked the Copy Password action via its keyboard shortcut, and (b) that keyboard shortcut was configured (as per default) to be Ctrl-C, i.e. the same as the system action for copy-to-clipboard.
However, it made no sense if the user invoked that action in some other way, for example by clicking the corresponding toolbar button.
It also made no sense in the case that the Copy Password action had some other keyboard shortcut assigned. Also, if some other action had Ctrl-C assigned, the logic would not kick in then.
Fix all of the above by modifying the keyboard shortcut logic to intervene precisely in the case where a shortcut is pressed that matches the system copy-to-clipboard shortcut; only in that case do we now check if text is selected and if so copy that to the clipboard instead of the action we would otherwise take.
Fixes#10734.
If the system Copy key sequence (i.e. Ctrl+C or Cmd+C) is pressed while
inside the search entry without any text being selected, previously we
would copy the currently selected entry's password. This made sense when
keyboard shortcuts were fixed. Now that they are configurable, change it
to re-route the event to the main window, which can then take the
appropriate action (i.e. Ctrl+C might be bound to some other action).
* Entry placeholder resolution: don't overdo it
After resolving placeholders, previously the code would do it all over again if anything had changed, multiple times up to the recursion limit. This would have the effect of applying a much greater recursion limit, which is confusing and unnecessary, and probably undesired.
* Entry tweaks and minor refactoring
- Entry::size(): when computing tag size, use same delimiter set as in other places in the code
- Factor tag delimiter set regex out into global constant
- Placeholder resolution: remove unnecessary special casing for self-referential placeholders (these are taken care of by existing recursion depth limit)
- Placeholder resolution: less wasteful string building loop
- Move some constants from being public static data members of Entry to being local to Entry.cpp (in anonymous namespace)
- Migrate some QRegEx instances to QRegularExpression, the modern alternative
- Miscellanous minor code cleanups
* Entry: fix hitting recursion limit with {braces}
When encountering a {brace-enclosed} substring, the placeholder resolution logic would previously keep recursing until it hit the recursion depth limit (currently 10). This would lead to "Maximum depth of replacement has been reached" messages, and was also wasting CPU cycles.
Fixes#1741
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Fixes#10723 - only display password strength warning when actively editing the password
* Also improve behavior of minimum quality warning
* Improve behavior and handling of password changes with the database settings dialog
* Prevents loss of newly entered password when toggling between elements in the settings page
* On error, switch to tab that prevents saving database settings for easier correction
* Use SHA256 hash of the file path of the database to generate a UUID when using the KDBX3 format. This restores the original behavior of using the file path as the quick unlock lookup key.
A warning is issued from Qt when the path is empty. This happens most often during test runs, but can also occur when closing a database before everything gets cleaned up.
* MainWindow: change Clone Entry shortcut to Ctrl+D from Ctrl+K
* MainWindow: move shortcuts from .cpp to .ui file
The only shortcuts defined in the .cpp file are ones that can't be defined in the .ui file, because they are in some way conditional. This also reduces the number of compiler warnings of the kind:
warning: arithmetic between different enumeration types ‘Qt::Modifier’ and ‘Qt::Key’ is deprecated [-Wdeprecated-enum-enum-conversion] with recent GCC versions.