Commit Graph

4720 Commits

Author SHA1 Message Date
Jonathan White
1896883382 Bitwarden and 1PUX importer improvements
* Fixes #10400
  - Support TOTP entries with bare secrets instead of otpauth urls for Bitwarden. Vice-versa for 1PUX.
  - Support Bitwarden Argon2id encryption scheme

* Fixes #10380 - Support Bitwarden organization collections
2024-04-29 08:51:01 -04:00
Jonathan White
94ace985e7 Preserve Secret Service exposed group setting on merge
* Fixes #9371 - adds secret service custom data key to the list of protected custom data (will not be overwritten on merge)
2024-04-29 08:50:46 -04:00
Jonathan White
3829bcdd8f Prevent KeeShare from merging database custom data
This issue previously caused parent databases to be marked as modified on unlock. This was because of the new protections against byte-by-byte side channel attacks adds a randomized string to the database custom data. We should never be merging database custom data with keeshare or imports since we are merging groups only.

Also prevent overwrite of auto-generated custom data fields, Last Modified and Random Slug.
2024-04-29 08:50:46 -04:00
Jonathan White
4f12f57a0b Open links and urls in AppImage
* Fixes #8721
2024-04-29 08:49:49 -04:00
Jonathan White
04fac249f9 Force clear clipboard on Wayland
* Fixes #4498
2024-04-29 08:49:49 -04:00
Jonathan White
f812f0a1ac Further prevent ability to access memory on Windows
* Restrict access to changing DACL's after the process is started. This prevents the creator of the keepassxc.exe process from simply adding the permission to read memory back to the DACL list.
* Verified using System Informer.
2024-04-29 08:10:04 -04:00
Jonathan White
195e5b53f2 Reduce complexity of {CLEARFIELD} on Linux
Instead of `CTRL + HOME, CTRL + SHIFT + END, BACKSPACE` use `HOME, SHIFT + END, BACKSPACE`

Fixes #10006
2024-04-28 18:22:13 -04:00
Jonathan White
13362c9142 Fix TOTP being visible on unlock when disabled in settings
* Fixes #9996
2024-04-28 18:21:52 -04:00
Jonathan White
9a65ffe972 Don't remember key file folder if disabled
* Fixes #10557
2024-04-28 18:16:24 -04:00
Jonathan White
19d4f7334c Correct minor issues in translations 2024-04-28 18:16:10 -04:00
Jonathan White
cd1aa6ee4a
Improve signing files with release tool 2024-04-28 18:15:07 -04:00
Mikko Saarinki
a542ded97c
QMenubar option to show/hide itself (#10341)
--------

Co-authored-by: Mikko Saarinki <mikko.saarinki@michaelkingston.fi>
Co-authored-by: Jonathan White <support@dmapps.us>
2024-04-27 22:09:38 -04:00
Kevin J
4ef52c859b
Add hotkey for group switching (#10625)
* Add hotkey for group switching

Ctrl + Shift + Key_PageUp for previous group
Ctrl + Shift + Key_PageDown for next group
Fixes #4394
2024-04-27 10:22:18 -04:00
Jonathan White
7ae65dd656 Remove password repeat application setting
* This removes the application setting to require typing the password in again even though it is visible.
* Removed automatic password repeat when the password is made visible on changing.
2024-04-27 09:49:38 -04:00
Jonathan White
bb856f89b9 Only perform group sort when GroupView is focused
* Fixes #10195
2024-04-25 23:51:03 -04:00
Kevin Jerebica
994c5b733a Add hotkey for search-help
Add a new hotkey (CTRL+J) for toggling on/off
the search-help when you are in the search field
Fixes: #4100
2024-04-25 23:42:06 -04:00
Mathieu Oriol
d0e9f133b1 Use XDG Desktop Portal to autostart the flatpak 2024-04-25 23:41:31 -04:00
Sami Vänttinen
5b123e7944
Passkeys: Pass extension JSON data to browser (#10615) 2024-04-25 06:29:51 -04:00
meigelb
880621c1fb
Fix display of bytes without decimals (#10595)
*Fixes #10594
2024-04-24 18:20:58 -04:00
Jonathan White
35af1c6695 Fix focus loss when using Auto-Type from locked database
* Fixes #10439
2024-04-23 20:56:31 -04:00
varjolintu
cb1ae44a3b Passkeys: Position the confirm dialog with the parent window 2024-04-21 12:23:37 -04:00
varjolintu
41d00135af Passkeys: Fix duplicate database selection 2024-04-21 07:19:16 -04:00
Jonathan White
6f11422604 Prevent SSH Agent from using entries in the recycle bin
* Fixes #10516
* Also cleanup Group::isRecycled() code a little
2024-04-20 12:54:40 -04:00
Jonathan White
e657cbf43b Fix crash when deleting history items
* Fixes #10386
2024-04-20 12:53:39 -04:00
Jonathan White
6481ecccd7 Fix crash on screen lock or computer sleep
* Fixes #10455
* Fixes #10432
* Fixes #10415

Prevent setting critical key components to nullptr when database data is cleared. This can result in a crash due to race condition between threads.

Added a bunch of asserts to detect this problem and if guards to prevent actual crashes.
2024-04-13 07:54:18 -04:00
Jonathan White
f60601fa67 Fix CSV import skipping over single-name groups
* Fixes #10574
2024-04-13 07:53:12 -04:00
Jonathan White
194409abd6 Remove various undefined/unused functions 2024-03-31 17:19:35 -04:00
varjolintu
5883f49f37 Passkeys: Fix RP ID validation 2024-03-31 17:19:22 -04:00
varjolintu
8a4787278d Passkeys: Do not ask update with a new user handle 2024-03-31 17:19:09 -04:00
varjolintu
9329df2b48 Passkeys: Enable Import Passkey entry menu item only if a single entry is selected 2024-03-31 16:13:04 -04:00
Sami Vänttinen
c34098546d
Passkeys: Fix compatibility with StrongBox (#10420) 2024-03-31 16:12:33 -04:00
Sami Vänttinen
e70777061c
Passkeys: Add warning on export (#10411) 2024-03-31 16:12:15 -04:00
varjolintu
d5e6f394b7 Passkeys: Allow nfc and usb transports 2024-03-31 16:11:53 -04:00
Joachim Breuer
35fdcfa28d Do not override fixed font size
This allows properly configuring a readable/desired fixed font in system settings, keepassxcrc etc.
2024-03-31 14:51:06 -04:00
Drwsburah
812bb606c7
Implemented database file hidden attribute preservation on Windows (#10343)
* Implemented database file hidden attribute preservation on Windows

Implemented database file hidden attribute preservation on Windows by modifying the save function to check the hidden attribute of the original database before saving and then reapply it post-saving if running on Windows so that users can easily store their database in a hidden file without having to re-hide it every time it's modified.

Updated the TestDatabase::testSaveAs() unit test to first verify after the initial save that the database file is not hidden before hiding it then saving again and verifying that it is now hidden.

Signed-off-by: Drwsburah <Drwsburah@yahoo.com>
Co-authored-by: Jonathan White <support@dmapps.us>
2024-03-31 14:48:57 -04:00
Jonathan White
db0b659a53 Fix Message Box button size on macOS and Linux
* Fixes #10381
2024-03-31 14:48:06 -04:00
Jonathan White
9521f63b3a Fix focusing search after database unlock
* Fixes #10405
2024-03-31 14:47:50 -04:00
Jonathan White
32f38cc6ed
Fix placement of variable in codecov.yaml 2024-03-31 13:51:40 -04:00
Jonathan White
6cd2de35fc
Improve codecov integration 2024-03-31 08:58:54 -04:00
Chris
b916b76713 Fix Indonesian language descriptor
Bahasa is simply means language in Indonesian.
Therefore, referring Indonesian language as "bahasa" is incorrect.
2024-03-31 08:06:44 -04:00
Jonathan White
5513ff5c1f Fix TestCli and TestGui entropy tests across platforms
* zxcvbn wordlists can vary between platforms depending on packager adjustments (ie, zxcvbn-c vs Ubuntu Focal)
2024-03-31 07:56:23 -04:00
Jonathan White
60908d4b9b Fix parsing stat file for polkit 2024-03-29 06:29:30 -04:00
at5hk
514afebcc7 updates the Install.md documentation from qt5 to qt@5 2024-03-15 23:18:33 -04:00
Jonathan White
267928d6de
Update release-tool.ps1 for manifest builds 2024-03-09 18:00:36 -05:00
varjolintu
7293dd1fb7 Add basic documentation for Passkeys 2024-03-09 13:55:38 -05:00
Jonathan White
3fb3659cc9
Revert "Add missing Q_OBJECT to ShortcutSettingsWidget"
This reverts commit 254ec73940.
2024-03-09 13:14:37 -05:00
Jonathan White
254ec73940
Add missing Q_OBJECT to ShortcutSettingsWidget
* Fix previous broken commit
2024-03-09 13:11:38 -05:00
Jonathan White
72fc00695c Prevent byte-by-byte and attachment inference side channel attacks
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 12:39:00 -05:00
Jonathan White
14e8bc58f3
Add missing Q_OBJECT to ShortcutSettingsPage 2024-03-09 12:38:39 -05:00
Jonathan White
e700195f0a Add 1Password 1PUX and Bitwarden JSON Importers
* Closes #7545 - Support 1Password 1PUX import format based on https://support.1password.com/1pux-format/

* Closes #8367 - Support Bitwarden JSON import format (both unencrypted and encrypted) based on https://bitwarden.com/help/encrypted-export/

* Fixes #9577 - OPVault import when fields have the same name or type

* Introduce the import wizard to handle all import tasks (CSV, KDBX1, OPVault, 1PUX, JSON)

* Clean up CSV parser code to make it much more efficient and easier to read

* Combine all importer tests (except CSV) into one test file
2024-03-09 10:44:54 -05:00