Commit Graph

463 Commits

Author SHA1 Message Date
Sami Vänttinen
190a1fa10c
Refactor browser Access Control Dialog (#9607) 2023-07-09 14:33:05 -04:00
jNullj
35baeaff79
Add auto-save delay per database (#9100)
Add a new propery autosaveDelay in Metadata of the db.
The property is saved in customData to not affect database structure as this setting is unique to keepasxc.
The propery sets delay to wait since last modification before saving.

Co-authored-by: jNullj <jNullj@users.noreply.github.com>
2023-07-08 08:49:03 -04:00
Anthony Ryan
a5c1298e32 Losslessly optimize PNG images
Using Efficient-Compression-Tool we are able to save 586.53KB out of 4.33MB (13.2390%)
with no change in visual appearance.
2023-06-10 18:26:10 -04:00
Jonathan White
f9e6395797
Fix issues with appdata.xml
* Fix #9435
2023-05-19 13:50:16 -04:00
Jonathan White
60b177f668
Add 2.7.5 CHANGELOG
* Sign PowerShell Release Tool
2023-05-14 11:42:33 -04:00
Jonathan White
825657b217
Remove registry detection of desktop shortcut setting (#9380)
* Fixes #8711
2023-05-07 12:08:00 -04:00
Janek Bevendorff
3d1449d4f1 Update KeePassXC logo and icons 2023-04-30 10:07:32 -04:00
Jonathan White
52775d4a3f
Fix various accessibility issues (#9138)
Enable buddy fields in group and entry edit pages
* Fixes #9060, you can now press Alt + [letter] to skip between fields on the group and entry edit pages.
* Move the expire checkbox to the right hand column and use the standard eye icon button for notes reveal. Only show notes reveal button if the hide notes setting is enabled.

Fix overflow of text in default auto-type sequence preview
* Fixes #9083

Add copy title shortcut (Ctrl + I)
* Closes #9109

Fix issues with menu actions being enabled incorrectly

Add accessibility description to password widget to explain how to hide/show passwords and open the generator
* Closes #9059

Add F6 shortcut to focus search
* Closes #9163
2023-04-15 21:35:54 -04:00
Jonathan White
fb2672e910
Fix branding images for Windows installer 2023-04-11 23:24:58 -04:00
Janek Bevendorff
64b3695e51 Update KeePassXC logo and icons 2023-04-03 23:16:47 -04:00
Jonathan White
58c4d1de1e Fix bugs with preview widget
* Add configuration to hide TOTP in preview widget (shown by default).

* Retain the visibility of TOTP and other fields when the same entry remains selected in the preview panel.

* Fix disconnecting signals when switch entries / groups. This likely is going to fix crashes because we were compounding signals when focusing in on the main window.
2023-03-30 07:21:32 -04:00
Marcel Lauhoff
8a554b37c0
Add 'get-database-entries' Proxy Request (#7292) 2023-02-25 14:09:36 -05:00
Jonathan White
0a2e716525 Add menu option to allow screenshots
* Fix #7580
* Also refactor the code to move everything into MainWindow
2023-02-18 14:56:51 -08:00
Pat Long
f9f82e9705
Add optional support for Botan3 (#8994) 2023-02-18 16:38:39 -05:00
Jonathan White
ba15981700 Translate Cipher and KDF strings
* Fix #8952 - move translations for Cipher and KDF strings into evaluated code instead of globally defined code. The strings were being baked prior to the language being set resulting in only english being displayed.
2023-02-14 22:34:14 -08:00
Bernhard Kirchen
f9d99fe8ca revise strings labeling history limit settings 2023-02-14 22:33:54 -08:00
Charlie Wang
b84d38e7fb Properly handle Windows Hello errors
The KeyCredentialManager::RequestCreateAsync call can fail because we can end up in a situation where Windows Hello is initially available but then becomes unavailable, such as during a remote desktop session. This commit prevents a crash by moving the call into the try-catch.

Fixes #7890

Also resets quick unlock if there is an unrecoverable error. This will not occur if the user merely canceled the Windows Hello dialog.
2023-02-14 22:33:42 -08:00
Toni Spets
3243243be8 SSH Agent: Add support for generating SSH keys
Supported key types are RSA, ECDSA and Ed25519.

Includes tests to compare writing out keys produce the exact same private key if read from OpenSSH format and tests against ssh-agent to ensure all no generated key is rejected.
2023-02-01 23:32:56 -05:00
Dmytro Maslenko
ea183a6889 Move 'Copy URL' into main entry context menu 2023-01-29 15:19:04 -05:00
Pat Long
e221f89e68
Fix support for AES-256/GCM openssh keys (#8968)
* Fix detecting AES-256/GCM cipher, fixes #8964 

When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end.

* Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM)

* Disable AES-256/GCM for now in ssh keys 

Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying
the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
2023-01-29 10:57:09 -05:00
chandi Langecker
03ad6c52c0
Fix unexpected behavior of --lock when keepassxc is not running (#8889)
currently, when keepassxc is not running, the command `keepassxc --lock` opens a new keepass window and blocks until the window is closed.

Especially in locking scripts this is rather unexpected and  Ican't think of a case where someone explicitly starts keepass with --lock and wants this behaviour.

Rather --lock should always ensure, that there are no unlocked instances and exiting afterwards
2023-01-29 10:50:37 -05:00
Luca Weiss
f381e29f3a
Set SingleMainWindow in .desktop file (#7430) 2023-01-29 10:41:46 -05:00
Sami Vänttinen
ce51534c3a
Remove KeePassHTTP attribute conversion (#8007)
Co-authored-by: varjolintu <sami.vanttinen@protonmail.com>
2023-01-29 10:32:24 -05:00
chris
0f7ef275ab
Add .mm files to translation update (#8843) 2023-01-29 10:05:26 -05:00
luzpaz
880cc230ac
Fix various typos (#8748) 2023-01-29 09:38:44 -05:00
Sami Vänttinen
ad773c567d
Fix crash in Group Edit after enabling Browser Integration (#8778)
Fixes https://github.com/keepassxreboot/keepassxc/issues/8775
2022-12-18 22:56:00 -05:00
Jonathan White
033dd79c58
Version bump to 2.8.0 2022-10-29 22:10:18 -04:00
Jonathan White
a73f5bc32e Bump version to 2.7.2 2022-10-22 17:21:22 -04:00
Janek Bevendorff
5e9fa18a4d
Add CFBundleVersion, fixes #8454 (#8602) 2022-10-18 13:27:42 +02:00
Janek Bevendorff
e7a5b3939d
Update macOS provisioning profile (#8600) 2022-10-18 00:56:18 +02:00
Jonathan White
56307e6cad Enable dark title bar on windows when accent color is not used
* Fix #6775
2022-10-15 17:37:08 -04:00
louib
db98f114f9
[CLI] Add a db-edit command (#8400) 2022-10-05 07:30:15 -04:00
Wolfram Rösler
b1e7c34b82 Add option to display passwords in color in preview panel
Closes #4099

* Fixed bug in Application that did not set the dark theme flag when the theme was changed from dark to light.
2022-10-03 22:03:36 -04:00
Patrick Klein
54f9b25b52
Add XML Export option to GUI. (#8524)
* Add XML Export option to GUI.

* Update database export screenshot.
2022-10-02 23:04:21 -04:00
JakobDev
ac1347f324 Add German translation to Appdata 2022-10-02 14:34:50 -04:00
Jim Heden
33d8b6db62 Add shortcut to copy password with TOTP appended 2022-09-11 11:37:27 -04:00
Jonathan White
b0a68ea0de Improve various application icons 2022-09-08 06:46:48 -04:00
Jonathan White
dfee59742f Enhance Tags / Saved Searches
* Rename "Database Tags" to "Searches and Tags"
* Separate searching for all entries and resetting the search
* Support selecting multiple tags to search against
* Fix using escaped quotes in search terms
* Make tag searching more precise
* Support `is:expired-#` to search for entries expiring within # days. Exclude recycled entries from expired search.
* Don't list tags from entries that are recycled
* Force hide tag auto-completion menu when tag editing widget is hidden. On rare occasions the focus out signal is not called when the tag view is hidden (entry edit is closed), this resolves that problem.
* Remove spaces from before and after tags to prevent seemingly duplicate tags from being created.
* Also fix some awkward signal/slot dances that were setup over time with the entry view and preview widget.

Allow changing tags for multiple entries through context menu

* Closes #8277 - show context menu with currently available tags in database and checks those that are set on one or more selected entries. When a tag is selected it is either set or unset on all entries depending on its checked state.

* Add ability to save searches and recall them from the "Searches and Tags" view
* Add ability to remove a tag from all entries from the "Searches and Tags" view
* Cleanup tag handling and widgets
2022-09-08 06:46:48 -04:00
louib
15b9e82f93
[CLI] Add Option to show all attributes (Show command) (#8256)
* Adding --all option to Show
2022-08-20 22:38:58 -04:00
Jonathan White
a6d3f973fa Better handling of "Lock on Minimize" setting
* Fix #1090 - delay locking databases after minimize to allow for clipboard use, Auto-Type use, and browser integration use.

* Fix #6757 - prevent setting both minimize on unlock and lock on minimize settings at the same time.
2022-08-01 18:19:45 -04:00
Jonathan White
dab6d9408e Add setting for number of recent files
* Expose setting to limit the number of recent files. Default is still 5, can be set from 1 to 25.
* Also fix tab order on settings page
2022-07-11 06:55:03 -04:00
varjolintu
6cb6f1f007 Browser: Add a new group setting for omitting WWW subdomain when matching URLs 2022-06-12 16:45:54 -04:00
JakobDev
a2aac7066c Add vcs-browser and contribute URLs to Appdata 2022-06-11 09:30:42 -04:00
J J Chiarella
9e9ed8b532 Update eff_large.wordlist
1. Replaces words removed by pull 6914 <23b9e35de9> for possible offense. This restores the total word count.

Add replacement: grope -> . . . -> grouch

Change: hardcopy -> hardcopy -> hardback

Replace: hardcore -> . . . -> hardball

(I couldn't see "hardcopy" as a single word in American dictionaries from the turn of the century. It's too much of a neologism [and if we can't have "hardcore," then there's nothing else I can fit in that gap]. I had to remove another word to allow the addition of two new words here to preserve ordering. It's also an improvement because "hardcopy" is not a single word in dictionaries older than a decade or so.)

Add replacement: swinger -> . . . -> swindle

2. Yo-yo and yoyo are two spelling of the same exact word, and the latter spelling is "non-standard."

Keeping: yo-yo (t-shirt is the one other hyphenated word and I can't find a suitable candidate for either without creating several conflicts on the long wordlist)

Change: yoyo -> young

3.  Word repetition: two spellings of same word hankie.

Keeping: hankie (as the "correct" spelling because "hanky" is more common in "hanky-panky").

Change: hanky -> hanoi

(The other option was to insert "hansom" between "hanky" and "haphazard," but "handsome" is a homophone because the "d" became silent many years ago.)

4. Changed proper nouns and brand names to regular nouns:

dropbox -> dropforge

ebay -> eaves

google -> goosey as in "loosey-goosey" (the real word is "googol," anyhow)

This necessitated changing goon -> gooseneck

ipad -> iota

iphone -> ire

ipod -> iridium

This necessitated irate -> iris

kleenex -> knack (the word "tissue" exists)

lego -> legitimate

xbox -> xenon (which sounds like x box or x-box, too)

Keeping: xerox (now genericized like aspirin)

5. Replaced non-standard words around "drop" and the brand name in there

drop-down -> drop-in

ebook -> (genericized like "email")

ecard -> echelon

This necessitated eccentric -> echidna

harddisk -> hardedge (Hardedge is an art style. Hard disk is always two words or else is abbreviated as HDD for hard disk drive)

6. Replaced flirtatious activity

footsie -> footstool

Which necessitated making footsore -> footway

7. Potentially sensitive anatomy

gonad -> golly

siamese -> sial (Siamese = Thai, but "twins" is also on the list and "Siamese" could precede "twins," which is slur for conjoined twins.)

8. Politically sensitive

islamist -> island (An Islamist is someone who wants to enforce political Islam on all with a literal and conservative interpretation of the Qu'ran. It does not mean Muslim.)

marxism ->  marzipan (I'm a big old lefty, myself, but I need to be consistent)

********

These necessitated a couple changes to nearby words where a drop-in replacement word did not exist, which required shifting neighboring words slightly.

Alphabetical order preserved and total word count should match EFF's modified and the original Diceware list. No breaking changes.
2022-06-11 09:28:38 -04:00
Jonathan White
20a2a96222 Auto-Type: PICKCHARS can specify attribute and ignore BEEP
* Fix #7726 - Ignore BEEP Auto-Type token when it includes spaces and numbers as well
* Close #8103 - Allow specifying specific attribute to use with PICKCHARS. If none specified, it defaults to Password.
2022-06-09 10:05:03 -04:00
Jonathan White
b1f4e12d34 Improve entry preview panel
* Fix #7811 - Notes height no longer truncated
* Fix #7949 - Improve copying attribute value to clipboard in entry preview
* Fix #7898 - Prevent copying url when copy password selected after clicking url in preview pane
* Fix #7982 - Double clicking hidden attributes in preview pane copies the value instead of ●●●●●●
2022-06-06 07:20:15 -04:00
J.M. Dana
a740fe128c Add password strength indicator to PasswordEditWidget
Fixes #7437 (entry edit view only)
Fixes #5220
2022-05-31 07:34:50 -04:00
Jonathan White
5916a8f8dd
Update translations 2022-04-05 23:12:34 -04:00
Jonathan White
9f402885d8
Version bump to 2.7.1 and Changelog update 2022-04-05 22:09:15 -04:00
louib
7cd824ae1c
Upstream Flathub patches (#7728) 2022-04-04 19:04:18 -04:00
Jonathan White
656e6161a0 Add tags to history comparison 2022-04-03 13:28:39 -04:00
Jonathan White
48a3fd8e3c Fix detection of hardware keys in keepassxc-cli
* Split calls to finding hardware keys into sync and async methods. This has the side effect of simplifying the code.
* Check for keys before performing challenge/response if no keys have been found previously.
* Correct timeout of user interaction message to interact with the hardware key.
* Correct error in TestCli::testYubiKeyOption
2022-04-03 13:26:12 -04:00
Toni Spets
2b8d670f17 SSH Agent: Fix Windows agent selection, radio buttons 2022-04-02 08:47:00 -04:00
Bernhard Kirchen
aca197a96f
Add 12 hours expiration preset (#7738)
* Add hours precision to TimeDelta

* Add 12 hours expiration preset

Fixes #7369
2022-03-31 07:02:28 -04:00
Janek Bevendorff
11351613ed
Update translations 2022-03-21 23:54:17 +01:00
Janek Bevendorff
3d04e2b86e Update CHANGELOG 2022-03-21 23:06:38 +01:00
Aetf
7d3c3b09fb FdoSecrest: allow remember decision for future entries
Also added a reset decision button in session management tab

Fixes #7464

* Fix distorted button in settings page: the default margin in QToolBar is too large for our use case in a table row.
2022-03-21 08:42:17 -04:00
Janek Bevendorff
c5f40a55e7
Update translations 2022-03-21 00:41:48 +01:00
Janek Bevendorff
acfad54ae3
Update translations 2022-03-21 00:26:07 +01:00
Janek Bevendorff
60f7744ec6 Fix translations 2022-03-20 23:31:52 +01:00
Jonathan White
7da9899c48 Correct snapcraft build and update appdata xml 2022-03-20 13:33:32 -04:00
Sergey Zolotarev
68113f8f3f
Change "open" to "Open" in Windows context menu
On Windows context menu items start with a capital letter
2022-03-19 15:51:10 -04:00
Jonathan White
8a7eb36950 Several fixes for Auto-Type
* On Windows, offer explicit methods to use the virtual keyboard style of typing. This partially reverts 1150b69836 by going back to the standard unicode method by default. However, uses can either add {MODE=VIRTUAL} to their sequence or choose "Use Virtual Keyboard" / CTRL+4 from the selection dialog.

* Took this opportunity to clean up the signature of  AutoType::performAutoType and AutoType::performAutoTypeWithSequence by removing the "hideWindow" attribute.

* Show keyboard shortcuts on the selection dialog context menu

* Fix selection dialog help icon color when in dark theme
2022-03-19 08:23:53 -04:00
Jonathan White
392cab2e36 Remove unused/duplicate icons 2022-03-19 08:23:53 -04:00
Janek Bevendorff
046e50882b
Update translations 2022-02-27 23:12:43 +01:00
Jonathan White
4f0710350f Add support for Windows Hello
* Special thanks to @HexF and @smlu for their contributions towards this feature.

* Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future.

* Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain.

* Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified.

* Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly.

* Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-22 17:53:50 -05:00
Toni Spets
bfbc0e5ec6 Auto-Type: Allow retyping with automatic relock
If relock after performing Auto-Type is enabled it will wait until
specified timeout before doing so.

Retype time is now configurable and is decreased from the old
hardcoded 30 seconds down to 15 seconds to keep the default a bit
more secure while still allowing the user to set it higher for
their liking.

To restore old behavior the user can set retype time to 0 which
will make the database relock instantly.

Auto-Type relock setting relocated to Auto-Type tab to group it
better with the other Auto-Type settings.
2022-02-20 16:12:16 -05:00
Jonathan White
0701d1d6cd Fix styling of database tag view in main window
* Also allow collapsing the entire left splitter instead of a dedicated option to hide the group view.
2022-02-20 15:37:22 -05:00
Toni Spets
5927821896 Auto-Type: Only match non-empty associations
Previously empty associations matched any window but since you can
use a wildcard (*) if you specifically want that this change makes
it possible to define multiple sequences for the global search
if you need to.

Additionally show empty associations in the list as "(empty)" to
better differentiate between rows if no title is set.
2022-02-08 19:07:00 -05:00
transifex-integration[bot]
07564d533a
Apply translations in tr (#7363)
review completed for the source file '/share/translations/keepassxc_en.ts'
on the 'tr' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-01 09:23:18 +01:00
Balazs Gyurak
6897787d8f Show expired entries on DB unlock
* Show banner message about expired entries
* Add config option and expiration offset
* Only show expiry warning on first DB unlock
* Default to on with 3-day offset from expiration
2022-01-31 07:19:45 -05:00
transifex-integration[bot]
064d621846
Translate '/share/translations/keepassxc_en.ts' in 'tr' (#7356)
* Apply translations in tr

review completed for the source file '/share/translations/keepassxc_en.ts'
on the 'tr' language.

* Apply translations in tr

review completed for the source file '/share/translations/keepassxc_en.ts'
on the 'tr' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-01-30 21:41:09 +01:00
Patrick Klein
bce8c84c26
Remove obsolete read only state from database. (#7324) 2022-01-28 21:26:53 -05:00
oysteins-a
c914c116e4 Fixed typo occurences 2022-01-28 21:25:31 -05:00
OlesyaGerasimenko
98beb0e5a1 Add Russian translation
Russian translation for "Comment" and "GenericName"
2022-01-28 21:25:09 -05:00
Xavier Valls
4a21cee98c Add tags feature
* show the tags in the entry preview
* allow searching by tag
* add a sidebar listing the tags in the database
* filter entries by tag on click
* Introduce a new TagsEdit widget that provides pill aesthetics, fast removal functionality and autocompletion
* add tests for the tags feature
* introduce the "is" tag for searching. Support for weak passwords and expired added.
2022-01-28 16:13:49 -05:00
Sami Vänttinen
cd642e7fee
Add support for Browser statistics (#7197)
Co-authored-by: Jonathan White <support@dmapps.us>
2021-12-30 07:31:06 -05:00
osx user
15d1b2f0ab Show what changed between entry history items
* Also show what is changed on the current state
* Closes #2621
2021-12-22 05:52:54 -05:00
Jonathan White
12990e59ad KeeShare: Remove checking signed container
* Remove QuaZip dependency in favor of minizip
* Remove signature checks, but maintain signatures for backwards compatibility
* Remove UI components related to certificates except for personal certificate for backwards compatibility
* Default to unsigned containers (*.kdbx)
2021-12-14 23:23:23 -05:00
Lorenzo Tucci
c88d8c870f Add lock selected database action on toolbar
Closes #6445

Switch tab when locking a database and move Lock Database actions to the Database section of the toolbar.
2021-12-12 23:40:59 -05:00
Daniel Peshev
456726556d Add url field to download favicon 2021-12-12 12:32:11 -05:00
Geert Ijewski
d16fc2d62a Add db statistic output to CLI db-info command.
Closes #6920
2021-12-08 23:41:05 -05:00
Patrick Klein
a0a063b57f
Add -i/--include option to "generate" CLI command. (#7112) 2021-12-07 23:40:09 -05:00
Patrick Sean Klein
296cbf0df7 Add sorting of HTML export
- Closes #6164
- Implement sorting support in HtmlExporter
- Add ExportDialog class and UI, which allows to configure export options.
2021-11-24 00:12:13 -05:00
Janek Bevendorff
a3dc977e58 Correctly set KDBX envelope version
Shows a warning when trying to open with a newer minor version than what is currently supported.

We always try to save with the lowest KDBX version possible for maximum compatibility.
2021-11-22 12:58:04 +01:00
Janek Bevendorff
70e62d90db Add "Restore Entries" feature 2021-11-22 12:58:04 +01:00
Janek Bevendorff
e5822974ac Implement KDBX 4.1 group tags 2021-11-22 12:58:04 +01:00
Janek Bevendorff
ffaeac130f Implement KDBX 4.1 PasswordQuality flag 2021-11-22 12:58:04 +01:00
Patrick Klein
84ff6a13f9
Allow specifing database backup paths. (#7035)
- Default backupFilePath is '{DB_FILENAME}.old.kdbx' to conform to existing standards
- Implement backupPathPattern tests.
- Show tooltip on how to format database backup location text field.
2021-11-07 17:41:17 -05:00
Andre Blanke
7d37f65ad0 CLI: Add commands to handle attachments
* Add commands to manipulate entry attachments from the CLI
* Closes #4462

* Add the following commands:
  attachment-export: Exports the content of an attachment to a specified file.

  attachment-import: Imports the attachment into an entry. An existing attachment with the same name may be overwritten if the -f option is specified.

  attachment-rm: Removes the named attachment from an entry.

* Add --show-attachments  to the show command
2021-11-07 17:27:16 -05:00
snipfoo
7811f10dba
Support for wordlists in user configuration directory (#6799)
This commit allows users to put alternative wordlists in a `wordlists` subdirectory below their KeePassXC directory (e.g., under Linux, `~/.config/keepassxc/wordlists`). These wordlists will then appear in the dropdown menu in the *Password Generator* widget.

In order to differentiate between lists shipped with KeePassXC and user-provided lists, the former appears with a (SYSTEM) prefix.
2021-11-04 23:02:33 -04:00
Patrick Sean Klein
20db504c3a Implement "Overwrite attachment" confirmation dialog. 2021-10-24 23:41:57 -04:00
Sami Vänttinen
55f2bd41aa
Modify the KeePassHTTP attribute conversion button text (#7073) 2021-10-24 22:34:30 -04:00
Aetf
a31c5ba006 FdoSecrets: Implement unlock before search
Fixes #6942 and fixes #4443

- Return number of deleted entries
- Fix minor memory leak
- FdoSecrets: make all prompt truly async per spec and update tests
    * the waited signal may already be emitted before calling spy.wait(),
      causing the test to fail. This commit checks the count before waiting.
    * check unlock result after waiting for signal
- FdoSecrets: implement unlockBeforeSearch option
- FdoSecrets: make search always work regardless of entry group searching settings, fixes #6942
- FdoSecrets: cleanup gracefully even if some test failed
- FdoSecrets: make it safe to call prompts concurrently
- FdoSecrets: make sure in unit test we click on the correct dialog

Note on the unit tests: objects are not deleted (due to deleteLater event not handled).
So there may be multiple AccessControlDialog. But only one of
it is visible and is the correctly one to click on.

Before this change, a random one may be clicked on, causing the
completed signal never be sent.
2021-10-16 22:50:04 -04:00
varjolintu
b6716bdfe5 Add Browser Integration to Group Edit page
Closes #1789 and closes #3998
2021-10-11 00:19:06 -04:00
mhmdanas
be6835e42f Cleanup PCSC interface code
Fixes #7025
2021-10-09 14:41:26 -04:00
Jonathan White
f2aa32c7b0 Add direct write save option
* Closes #6335
* Modify application settings presentation to  allow for alternative saving strategies
* Transition Database::save calls to using flags to control saving behavior. Reduces boolean flags on function call.
* Made direct write save option a local setting to prevent unintentional carry over between platforms.
2021-10-09 11:12:25 -04:00
Aetf
60cfba8e46
FdoSecrets: Improve client executable path handling (#6915)
* Fixes #6459 

Improves the overall handling of FdoSecrets showing client executable paths to the user. It does the following:

* Check executable file existence as described in [RFC] fdosecrets: add optional confirmation to secret access (#4733)
* Show application PID and dbus address in the client list
* When the executable file is inaccessible, depending on where the client name is shown:
    * when shown inline, e.g. in notification text, where space is limited, clearly say that the path is invalid
    * when shown in auth dialog, show warning and print detailed info about the client
    * when shown in the client list, draw a warning icon

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 18:22:15 -04:00
Toni Spets
860fcfd78d SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys
Closes #4334
2021-10-01 16:25:14 -04:00
Christoph Honal
6d1fc31e96
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC

This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.

* Split hardware key access into multiple classes to handle different methods of communicating with the keys.

* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.

* Add PC/SC interface for YubiKey challenge-response

This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.

Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.

This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.

* Remove PC/SC ATR whitelist, instead scan for AIDs

Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.

This enables the support of currently unknown or unreleased hardware.

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00