This was noted as a problem in several issues and it finally occurred to me and I traced it to the fact that a timing issue sometimes allowed the file watcher to trigger a "file changed" alert right when saving starts. I fixed this by moving where the mutex lock is made for saving and preventing database reload during a save operation.
* Rename "Database Tags" to "Searches and Tags"
* Separate searching for all entries and resetting the search
* Support selecting multiple tags to search against
* Fix using escaped quotes in search terms
* Make tag searching more precise
* Support `is:expired-#` to search for entries expiring within # days. Exclude recycled entries from expired search.
* Don't list tags from entries that are recycled
* Force hide tag auto-completion menu when tag editing widget is hidden. On rare occasions the focus out signal is not called when the tag view is hidden (entry edit is closed), this resolves that problem.
* Remove spaces from before and after tags to prevent seemingly duplicate tags from being created.
* Also fix some awkward signal/slot dances that were setup over time with the entry view and preview widget.
Allow changing tags for multiple entries through context menu
* Closes#8277 - show context menu with currently available tags in database and checks those that are set on one or more selected entries. When a tag is selected it is either set or unset on all entries depending on its checked state.
* Add ability to save searches and recall them from the "Searches and Tags" view
* Add ability to remove a tag from all entries from the "Searches and Tags" view
* Cleanup tag handling and widgets
The top-level fields are currently not accessible from the CLI, which
makes it impossible to select entries or groups based on the UUID.
There are other top-level fields I believe, like the expiry date,
but I only added the two most critical fields for the moment.
* Fixes#7776
Implement QRegularExpression::escape within Tools::convertToRegex to allow usage on older Qt versions.
Also wrap EXACT_MODIFIER patterns in a non-capture group to prevent misinterpreted regex.
Fix#7607 - Don't disable core dumps when building for snap distribution. Doing so will not allow the xdg-desktop-portal from opening the file dialog. This is because the portal attempts to call entries from /proc/[pid]/xxxx which are restricted to root when core dumps are disabled.
Limit the use of zxcvbn based password entropy estimation to 256 bytes. After this threshold, the average per-byte entropy from the zxcvbn calculation is added for each additional byte. In practice, this produces a slightly higher entropy calculation for purely randomized passwords than zxcvbn would normally calculate. However, the time to calculate is capped leading to a much better user experience and removing unnecessary calculations.
Fixes#7712
In the password generator widget, the checkable push button for the math
symbols is missing the GREATER-THAN SIGN (U+003E), even though it is
among the possible characters during password generation when the button
is checked. Add the missing character to the text displayed to users.
While at it, also fix a wrong comment containing the possible
characters.
* Replace rarely hit asserts with defined nullptr checks when replacing references without a group
* Fix#7603
* Replace TOTP history comparison with checking the actual TOTP output instead of a compiled string
* Fix#7602 - Allow spaces in tag names
* Fix#7528 - Allow pasting text into the tags field. Text is split by comma creating tags for each section of text. If there are no commas then the pasted text becomes a tag.
* Fix tags editing not causing the entry to be marked as modified.
* Special thanks to @HexF and @smlu for their contributions towards this feature.
* Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future.
* Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain.
* Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified.
* Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly.
* Prevent quick unlock when using AutoOpen or opening from the command line.
If relock after performing Auto-Type is enabled it will wait until
specified timeout before doing so.
Retype time is now configurable and is decreased from the old
hardcoded 30 seconds down to 15 seconds to keep the default a bit
more secure while still allowing the user to set it higher for
their liking.
To restore old behavior the user can set retype time to 0 which
will make the database relock instantly.
Auto-Type relock setting relocated to Auto-Type tab to group it
better with the other Auto-Type settings.
Previously empty associations matched any window but since you can
use a wildcard (*) if you specifically want that this change makes
it possible to define multiple sequences for the global search
if you need to.
Additionally show empty associations in the list as "(empty)" to
better differentiate between rows if no title is set.
* Show banner message about expired entries
* Add config option and expiration offset
* Only show expiry warning on first DB unlock
* Default to on with 3-day offset from expiration
* show the tags in the entry preview
* allow searching by tag
* add a sidebar listing the tags in the database
* filter entries by tag on click
* Introduce a new TagsEdit widget that provides pill aesthetics, fast removal functionality and autocompletion
* add tests for the tags feature
* introduce the "is" tag for searching. Support for weak passwords and expired added.
* Remove QuaZip dependency in favor of minizip
* Remove signature checks, but maintain signatures for backwards compatibility
* Remove UI components related to certificates except for personal certificate for backwards compatibility
* Default to unsigned containers (*.kdbx)
* Fix syntax to prevent compilation issue
Fix build failure with AppleClang 7 & 8.
Error was:
src/core/CustomData.cpp:30:41: error: default initialization of an object of const type 'const CustomData::CustomDataItem' without a user-provided default constructor
static const CustomData::CustomDataItem NULL_ITEM;
^
{}
src/core/Metadata.cpp:32:39: error: default initialization of an object of const type 'const Metadata::CustomIconData' without a user-provided default constructor
static const Metadata::CustomIconData NULL_ICON;
^
src/core/Metadata.cpp:32:48: note: add an explicit initializer to initialize 'NULL_ICON'
static const Metadata::CustomIconData NULL_ICON;
^
{}
* Add missing QUuid header
Fixes this compilation issue with LLVM clang 9, possibly also due to an old QT5
tests/TestTools.cpp:96:39: error: incomplete type 'QUuid' named in nested name specifier
auto validUuid = Tools::uuidToHex(QUuid::createUuid());
^~~~~~~
/opt/local/libexec/qt5/lib/QtCore.framework/Headers/qmetatype.h:1887:1: note: forward declaration of 'QUuid'
QT_FOR_EACH_STATIC_CORE_CLASS(QT_FORWARD_DECLARE_STATIC_TYPES_ITER)
^
/opt/local/libexec/qt5/lib/QtCore.framework/Headers/qmetatype.h:108:18: note: expanded from macro 'QT_FOR_EACH_STATIC_CORE_CLASS'
F(QUuid, 30, QUuid) \
^
tests/TestTools.cpp:101:40: error: incomplete type 'QUuid' named in nested name specifier
auto nonHexUuid = Tools::uuidToHex(QUuid::createUuid()).replace(0, 1, 'p');
^~~~~~~
/opt/local/libexec/qt5/lib/QtCore.framework/Headers/qmetatype.h:1887:1: note: forward declaration of 'QUuid'
QT_FOR_EACH_STATIC_CORE_CLASS(QT_FORWARD_DECLARE_STATIC_TYPES_ITER)
^
/opt/local/libexec/qt5/lib/QtCore.framework/Headers/qmetatype.h:108:18: note: expanded from macro 'QT_FOR_EACH_STATIC_CORE_CLASS'
F(QUuid, 30, QUuid) \
^
* fix compilation on Qt not having QOperatingSystemVersion::MacOSBigSur
The code uses 'QOperatingSystemVersion::MacOSBigSur' which doesn't exist
in all Qt versions (it has been backported to Qt 5.12.10+ & 5.15.1+ only).
On older macos systems like El Capitan the last supported
version of Qt is 5.11
This will fix compilation issue on such older systems and on systems
running with Qt not supporting QOperatingSystemVersion::MacOSBigSur
Compilation error was:
error: no member named 'MacOSBigSur' in 'QOperatingSystemVersion'
* Fix compilation when osx <= 10.9
* AppKitImpl.mm: button property is new in 10.10. It is used for a feature of
KeePassXC that is only available from 10.17 onwards. So we don't need it when
compiling on <= 10.9
error: property 'button' not found on object of type 'NSStatusItem *'
NSString* appearance = [dummy.button.effectiveAppearance.name lowercaseString];
^
* The code uses @available syntax which is supported by
AppleClang >= 9 or LLVM >= 5.
We check __clang_major__ to allow compilation on older versions
of macOS that don't have a recent clang. For example on El Capitan.
* Fix compilation when osx <= 10.8
* AppKitImpl.mm: AXIsProcessTrustedWithOptions exists from 10.9 onwards
error: use of undeclared identifier 'kAXTrustedCheckOptionPrompt'
error: use of undeclared identifier 'AXIsProcessTrustedWithOptions'
* Fix compilation when osx <= 10.7
* MacUtils.cpp: CoreGraphics exists from 10.8 onwards only, capslock detection
feature would have to be implemented on OSX <= 10.7
* AppKitImpl.mm: CGDisplayStreamRef exists from 10.8 onwards only. It is used for a
feature of KeePassXC that is only available from 10.15 onwards. So we don't need it
when compiling on <= 10.7
error: unknown type name 'CGDisplayStreamRef'
* AppKitImpl.mm: Syntax is not understood by 10.7, update it to be understandable
by <= 10.7
error: expected method to read dictionary element not found on object of type 'NSDictionary *'
NSRunningApplication* app = userInfo[NSWorkspaceApplicationKey];
^
* The code uses @available syntax which is supported by
AppleClang >= 9 or LLVM >= 5.
We check __clang_major__ to allow compilation on older versions
of macOS that don't have a recent clang.
* Fix compilation error on OS X 10.11
src/core/Alloc.cpp:44:10: error: no type named 'free' in namespace 'std'
std::free(ptr);
~~~~~^
This is a regression, since it was fixed in [1]
Per [2], std::free() needs #include <cstdlib>. That file is included
indirectly on newer systems.
[1] 7c6c027d33
[2] https://en.cppreference.com/w/cpp/memory/c/free
* fix compilation when macos SDK <= 10.14
These methods are only available from macOS 10.15
- kSecAccessControlWatch
- LAPolicy.deviceOwnerAuthenticationWithBiometricsOrWatch
The code uses @available syntax which is supported by
AppleClang >= 9 or LLVM >= 5.
We check __clang_major__ to allow compilation on older versions
of macOS that don't have a recent clang.
Shows a warning when trying to open with a newer minor version than what is currently supported.
We always try to save with the lowest KDBX version possible for maximum compatibility.
