* Make m_tmpHistoryItem a QScopedPointer
Most of the time, `m_tmpHistoryItem` should be null by the time an
`Entry` is destroyed. However, if a caller ever calls `beginUpdate()`
without later calling `endUpdate()` -- perhaps because an exception was
throw in the meantime -- it may not be null. This change avoids a memory
leak in that case.
Found via https://lgtm.com/projects/g/keepassxreboot/keepassxc/alerts
Many lines were not conformant with the project's formatting rules.
This patch should fix all formatting and whitespace issues in the code
base.
A clang-format directive was put around the connect() calls containing
SIGNALs and SLOTs whose signatures would be denormalized because of the
formatting rules.
The Database, DatabaseWidget, and DatabaseTabWidget classes share many responsibilities in inconsistent ways resulting in impenetrable and unmaintainable code and a diverse set of bugs and architecture restrictions. This patch reworks the architecture, responsibilities of, and dependencies between these classes.
The core changes are:
* Move loading and saving logic from widgets into the Database class
* Get rid of the DatabaseManagerStruct and move all the information contained in it into the Database
* Let database objects keep track of modifications and dirty/clean state instead of handing this to external widgets
* Move GUI interactions for loading and saving from the DatabaseTabWidget into the DatabaseWidget (resolves#2494 as a side-effect)
* Heavily clean up DatabaseTabWidget and degrade it to a slightly glorified QTabWidget
* Use QSharedPointers for all Database objects
* Remove the modifiedImmediate signal and replace it with a markAsModified() method
* Implement proper tabName() method instead of reading back titles from GUI widgets (resolves#1389 and its duplicates #2146#855)
* Fix unwanted AES-KDF downgrade if database uses Argon2 and has CustomData
* Improve code
This patch is also the first major step towards solving issues #476 and #2322.
* Support ! modifier (same as '-')
* Create reusable PopupHelpWidget as self-contained popup that can
be positioned around a parent widget and will follow the movement
and sizing of the window
* Eliminated KEEPASSXC_MAIN_WINDOW macro and replaced with
getMainWindow() function
* Add tests to cover search help show/hide
Use nullptr instead of 0 or NULL to initialize a null pointer. In some
cases, readability was enhanced by replacing 0 with more meaningful
values according to the type of the pointer being initialized.
This patch aims at reducing the number of copies for obejcts that could
be referenced rather than copied, because they're not modified during
the computation.
The arg() function of the QString class has a variable length argument
which allows to reduce the number of chained calls to the same function.
With proper formatting, readability is not affected.
Performing a dev build against the latest version of Qt failed
because of some deprecated members. They have been replaced
according to the Qt documentation.
Further, Q_OS_MACOS is now the only macro available to identify a
machine running macOS, the others are now deprecated.
See https://doc.qt.io/qt-5/qtglobal.html#Q_OS_OSX and
https://doc.qt.io/qt-5/qtglobal.html#Q_OS_MAC.
* Fix MainWindow startup when minimize to tray was enabled
* Reduce duplicate code in DatabaseWidget.cpp
* Fix snapcraft build dependencies
* Add support for CTRL+TAB, CTRL+PGUP, CTRL+SHIFT+TAB, CTRL+PGDN to control database tabs from any focus location
* Add CTRL+SHIFT+M shortcut to minimize to tray
* Allow minimize instead of app exit without tray icon
The CLI module was lacking unit test coverage and showed some severe
coding style violations, which this patch addresses.
In addition, all uses of qCritical() with untranslatble raw char*
sequences were removed in favor of proper locale strings. These are
written to STDERR through QTextStreams and support output
redirection for testing purposes. With this change, error messages don't
depend on the global Qt logging settings and targets anymore and go
directly to the terminal or into a file if needed.
This patch also fixes a bug discovered during unit test development,
where the extract command would just dump the raw XML contents without
decrypting embedded Salsa20-protected values first, making the XML
export mostly useless, since passwords are scrambled.
Lastly, all CLI commands received a dedicated -h/--help option.
* Resolves#764
* Add libqrencode and qtsvg dependencies
* Ensure QR code remains square
* Auto-close QR code dialog when database is locked
* Add databaseLocked() Signal to databaseWidget
* Correct otpauth URI output in Totp::writeSettings(...)
Rename UI elements involved with the bottom preview panel to use the
terminology "entry preview panel" instead of "details view" or "preview
panel". Change all associated variables, widgets, and classes to
reference EntryPreviewPanel. Create Config::upgrade() function and
deprecation mapping to help rename/remove previous config settings in a
clean manner.
Fixes#2327
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
* Create history-based merging that keeps older data in history instead of discarding or deleting it
* Extract merge logic into the Merger class
* Allows special merge behavior
* Improve handling of deletion and changes on groups
* Enable basic change tracking while merging
* Prevent unintended timestamp changes while merging
* Handle differences in timestamp precision
* Introduce comparison operators to allow for more sophisticated comparisons (ignore special properties, ...)
* Introduce Clock class to handle datetime across the app
Merge Strategies:
* Default (use inherited/fallback method)
* Duplicate (duplicate conflicting nodes, apply all deletions)
* KeepLocal (use local values, but apply all deletions)
* KeepRemote (use remote values, but apply all deletions)
* KeepNewer (merge history only)
* Synchronize (merge history, newest value stays on top, apply all deletions)
This patch implements a new database wizard to guide users through the process
of setting up a new database and choosing sane encryption settings.
It also reimplements the master key settings to be more
user-friendly. Users can now add, change, or remove individual composite
key components instead of having to set all components at once. This
avoids confusion about a password being reset if the user only wants to
add a key file.
With these changes comes a major refactor of how database composite keys and key
components are handled. Copying of keys is prohibited and each key
exists only once in memory and is referenced via shared pointers. GUI
components for changing individual keys are encapsulated into separate
classes to be more reusable. The password edit and generator widgets
have also been refactored to be more reusable.
* Replace Google with DuckDuckGo for optional fallback favicon fetch URL
Modify the work initially done in #36, and most recently modified in #1786,
to use DuckDuckGo's https://icons.duckduckgo.com/ip3/www.example.com.ico
favicon endpoint.
Fixes#2258
* Close failed favicon fetch progress bars
Name the UrlFetchProgressDialog() with the corresponding URL in order to
be identified by name by its parent when the failed request is handeled
in EditWidgetIcons::fetchFinished(). fetchFinished() retrieves the
relevant UrlFetchProgressDialog() and calls close() on it.
Fixes: #2265
* Group::findGroupByPath now limited to search from root (matching current usage)
* Factors out Group::findGroupByPathRecursion (on prenormalized strings).
* Eliminate TOTP logic from GUI elements
* Consolidate TOTP functionality under the Totp namespace
* Eliminate guessing about state and encoders
* Increased test cases
* Add entry view column for TOTP [#2132]
* General code cleanup, reduction of unnecessary steps, separation of concerns
* Rename SetupTotpDialog to TotpSetupDialog for consistency
When a field value is of the form ...{REF:...}...
Then:
* Auto-type does not work with that field
* References to this field are not properly resolved
This commit fixes both issues.
Introduce missing CustomData-attributes of KDBX4 format to allow
storing of plugin data for groups and entries - adopt Metadata to use
the same storage mechanism
Add simple view for CustomData as part of EditWidgetProperties
Tracking of CustomData-Modification using SIGNAL-SLOT update-mechanism
* User is prompted to disable safe saves after three failed attempts
* Completely retooled basic settings to group settings logically
* Added setting for "atomic saves"
- Fix crash when deleting TOTP entry
- Fix memory leak when selecting TOTP entries
- Fix TOTP update timeout on DetailsWidget
- Fix TOTP settings attributes not being applied before first call to totpSeed()
Update state syncer (class DatabaseWidgetStateSync) to account for new
features:
- properly sync view state when switching tabs
- properly read/write view state from/to config
Update classes EntryModel and EntryView to consistenly name list/search
modes. Before, both classes defined list mode as 'group mode' and search
mode as 'entry list mode', which differed from naming in other classes
such as DatabaseWidget.
* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF
Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.
* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken
* core: database: make UUID searching case-insensitive
4c4d8a5e84 ("Implement search for reference placeholder based on
fields other than ID") changed the semantics of searching-by-reference
in KeePassXC. Unforuntately it contained a bug where it implicitly
became case-sensitive to UUIDs, which broke existing databases that used
references (especially since the default reference format uses a
different case to the UUID used while searching).
The tests didn't catch this because ->toHex() preserves the case that it
was provided, they have been updated to check that UUIDs are case
insensitive.
* cli: show: resolve references in output
Previously, `keepassxc-cli show` would not resolve references. This
would make it quite hard to script around its output (since there's not
interface to resolve references manually either). Fix this by using
resolveMultiplePlaceholders as with all other users of ->password() and
related entry fields.
Fixes: keepassxreboot/keepassxc#1260
* tests: entry: add tests for ref-cloned entries
This ensures that the most "intuitive" current usage of references
(through the clone feature of the GUI) remains self-consistent and
always produces the correct results. In addition, explicitly test that
case insensitivity works as expected. These should avoid similar
regressions in reference handling in the future.
* http: resolve references in AccessControlDialog
The access control dialog previously would not show the "real" username
or "real" title when asking for permission to give access to entries.
Fix this by resolving it, as we do in many other places.
Fixes: keepassxreboot/keepassxc#1269
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
* Add the concept of custom TOTP encoders, each with potential for custom
code alphabet, length, step interval and code direction (i.e. reversed)
* Select custom encoder via overload of the digits field of a loaded entry
* Allow selection of custom encoders via the "TOTP Settings" field's
size, as currently done by KeeTrayTOTP for Steam. Use "S" for the
short name of the Steam custom encoder
* Allow selection of custom encoders via the "otp" field by appending
a "&encoder=<name>" field to the URL query. For example,
"&encoder=steam"
* Update TOTP set-up dialog to permit selection between (default,
steam, custom) settings.
The current code does not work with XUbuntu 16.04, which uses
light-locker to lock the screen.
I am not using a screensaver, but I suspect the screensaver activation
may have been detected by the existing events, and using it could thus
mask the issue.
The bug that was fixed, was affecting how the number of bytes of decoded data was calculated and thus, even though it didn't truncate the result, it was causing the array to be resized unnecessarily.
