Commit Graph

567 Commits

Author SHA1 Message Date
Wolfram Rösler
a81c6469a8 Implement Password Health Report
Introduce a password health check to the application that evaluates every entry in a database. Entries that fail  various tests are listed for user review and action. Also moves the statistics panel to the new Database -> Reports  widget. Recycled entries are excluded from the results.

We now have two classes, PasswordHealth to deal with a single password and HealthChecker to deal with all passwords of a database.

Tests include passwords that are expired, re-used, and weak.

* Closes #551

* Move zxcvbn usage to a centralized class (PasswordHealth)  and replace its usages across the application to ensure standardized interpretation of entropy calculations.

* Add new icons for the database reports view

* Updated the demo database to show off the reports
2020-02-01 09:30:12 -05:00
James Ring
71a39c37ec
Add --username option to Clip command. (#3947)
* make Clip accept an attribute name

This allows users to copy arbitrary attributes (e.g. username, notes,
URL) to the clipboard in addition to the password and TOTP values.

* update Clip manpage

* Add findAttributes to CLI utils

* Use case-insensitive search in Show command.

* Use case-insensitive search in Clip command.

Co-authored-by: louib <L0U13@protonmail.com>
2020-01-30 15:46:48 -05:00
louib
0b6d9cb472 CLI: set decryption time on create.
Added an option to set the target decryption time on database creation
for the CLI create command. This required some refactoring, in
particular the extraction of the min, max and defaut decryption times in
the `Kdf` module. Some work was done to allow changing those constant
only in the `Kdf` module, should we ever want to change them.
2020-01-27 23:00:34 -05:00
Toni Spets
6fc7be78ea Implement SSH key file path env substitution
Supports all platforms, including Windows with %FOO% syntax.

Fixes #3523
2020-01-27 22:57:31 -05:00
Jonathan White
b0ad4a50d9
Fix GUI test failures 2020-01-27 21:02:50 -05:00
louib
b78ca924fd Adding db-info CLI command. (#4231)
This adds a basic db-show CLI command, to display
the information related to a database.
2020-01-26 23:44:31 -05:00
louib
c8ab3b5f4f Removing QColor (from Qt::Widgets) from core modules. (#4247) 2020-01-26 21:38:43 -05:00
varjolintu
d2e76058cd Fix base domain matching 2020-01-19 18:13:12 +01:00
Jonathan White
0d3eb047c7 Prevent crash when all entries are deleted from a group
* Fix #4093 - The first entry in the list is selected after deleting an entry
* Prevents crashes due to dangling pointers held by the Entry Preview Widget when entries were deleted.
* Improve GUI tests to ensure this new behavior occurs.
2020-01-16 10:53:41 -05:00
Janek Bevendorff
247ebf5a35 Ensure challenge-response key buffer is properly cleared.
The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.

This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.

Fixes #4146
2020-01-11 11:16:03 +01:00
Jonathan White
7ad330eccb Improve GUI test reliability
* Explicitly resize the window to improve testing on High DPI displays
* Add additional bootstrap calls to mimic the actual application
2020-01-03 18:08:24 -05:00
Aetf
af14929af1 FdoSecrets: fix searching of entries with special characters in attributes 2020-01-02 08:04:42 -05:00
Wizz
0654ffc117 CLI: Fix keyfile from/to parameter collision in merge command
Rename 'k' to 'f' because 'k' is already used to specify the key for the target database of the merge

* Remove short -f option from keepassxc-cli.1
* Remove -f option from keepassxc-cli merge
* Add test cases covering cli options for merge
* Add functional test for merge with keys
2019-12-21 17:39:50 -05:00
varjolintu
c0796d8fb1 Add option to use entry only for HTTP Basic Auth 2019-12-21 17:28:27 -05:00
Carlo Teubner
c70ebe6dce Fix memory leaks (mostly) in tests (#3922)
This makes most tests run successfully with asan.

The GUI tests still have a bunch of leaks, some from library code, and
some that look real but which I didn't immediately manage to figure out.

* TestOpVaultReader: use QSharedPointer
2019-12-21 09:25:17 -05:00
varjolintu
c0f29cc790 Show UI warning for invalid URLs 2019-12-21 09:22:16 -05:00
Balazs Gyurak
c0b1c9e106 Run code formatter 2019-11-23 10:07:39 -05:00
varjolintu
e2c95f75f1 Fix subdomain matching 2019-11-23 07:53:09 -05:00
varjolintu
3d0964bce9 Fix URL matching 2019-11-10 08:43:10 -05:00
Jonathan White
f9d2696046 Relax strictness of TOTP Base32 validation
* Fix #3754 - Accept valid TOTP keys that require padding when converted to Base32.
* Allow use of spaces and lower case letters in the TOTP secret key.
2019-11-09 00:53:40 +01:00
Aetf
f9097c84e9 FdoSecrets: use EntrySearcher's internal search API 2019-11-08 17:37:50 -05:00
Aetf
b96c1e92a3 Expose EntrySearcher's SearchTerm for internal code usage 2019-11-08 17:37:50 -05:00
louib
f4d6b4d13a CLI: do not display protected fields by default. 2019-11-01 22:53:54 -04:00
asapelkin
98badfb4a2 some cppcheck and clang-tidy fixies 2019-11-01 22:53:28 -04:00
Jonathan White
178bea6bbc Fix building without features
* Fix #3684 - Include YubiKey headers in CLI tests 

* Skip building testguibrowser if browser integration is disabled

* Cleanup test CMakeLists
2019-10-29 23:03:39 -04:00
Jonathan White
1e694271a3 Improve Database and CLI tests 2019-10-20 18:56:41 -04:00
Jonathan White
744b4abce8 Move FileWatcher into Database class
* Fix #3506
* Fix #2389
* Fix #2536
* Fix #2230

Every database that has been opened now watch's it's own file. This allows the database class to manage file changes and detect fail conditions during saving. Additionally, all stakeholders of the database can listen for the database file changed notification and respond accordingly.

Performed significant cleanup of the autoreload code within DatabaseWidget. Fixed several issues with handling changes due to merging, not merging, and other scenarios while reloading.

Prevent database saves to the same file if there are changes on disk that have not been merged with the open database.
2019-10-20 18:56:41 -04:00
Mark Hakansson
a876b3b72f Prompt to delete recycle bin when disabling it
Fixes #3365

Add prompt to delete the recycle bin when disabling it. If the user chooses not to delete it, the recycle bin will be suffixed with "(old)" and the icon changed to the default group icon.

Also moved recycle bin creation within the database class where it belongs.
2019-10-20 17:58:15 -04:00
Jonathan White
99a2d66086 Correct issues with TOTP Setup
* Fix #3142 - Warn user when entering invalid TOTP secret key.
* Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button.

* Add ability to choose hash algorithm from the TOTP setup dialog
* Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss

Ran make format
2019-10-20 17:57:51 -04:00
varjolintu
f726d7501f Add support for multiple URLs in an entry
* Fixes #398

The new Browser Integration entry settings page has a list view with any additional URL's. These URL's are added to the entry attributes with KP2A_URL_<counter>, which means those are directly compatible with Keepass2Android.
2019-10-16 22:20:57 -04:00
Jacob Sachs
dbe15d32e5 CLI: Add Import XML command (#3572)
The CLI now contains an "import" command that creates a new database from the specified XML export. The new database is in kdbx 4 format, and does not currently accept a keyfile in database creation.

This change is required to create new databases from XML backups.

Fixes #2458
2019-10-15 22:10:45 -04:00
libklein
058b4da954 Fix entry clone modification time update (#3602)
* Add test for (unwanted) history timeinfo update when cloning entries.
* Add timeInfo test for clone with rename.
* Fixed modification time update when cloning an entry with renaming.
2019-10-05 13:58:00 -04:00
James Ring
b1eda37cca CLI: Add interactive session mode command open
This change adds a GNU Readline-based interactive mode to keepassxc-cli. If GNU Readline is not available, commands are just read from stdin with no editing or auto-complete support.

DatabaseCommand is modified to add the path to the current database to the arguments passed to executeWithDatabase. In this way, instances of DatabaseCommand do not have to prompt to re-open the database after each invocation, and existing command implementations do not have to be changed to support interactive mode.

This change also introduces a new way of handling commands between interactive and batch modes.

* Fixes #3224.
* Ran make format
2019-09-28 11:24:42 -04:00
louib
19f87ca057 CLI: Add group commands 2019-09-22 21:13:50 -04:00
louib
964478e78f CLI: Add Yubikey unlock support 2019-09-22 18:11:40 -04:00
louib
77fcde875e CLI: Export database as CSV
* Changed `Extract` to `Export` to support additional formats
* Allow database expot as CSV.  Added a `--format` option to the `Export` command for that, which defaults to xml, so the current behavior is unchanged.
*The `CsvExporter` had to be refactored a bit, but nothing major. It can
now print to a file or return a string.
2019-09-22 12:42:53 -04:00
James Ring
547c246e88 Additional database file checks in cli/Utils.unlockDatabase
Avoids prompting the user for a password if unlocking is likely to fail
due to some problem with the database file (i.e. not found, not a file,
not readable).

Add unit tests.
2019-09-22 11:19:57 -04:00
louib
c19703c39f Merge custom data only when necessary (#3475) 2019-09-16 14:01:13 -04:00
varjolintu
77be468670 Fix crash when removing custom data 2019-09-07 07:50:08 -04:00
Akinori MUSHA
41131ae48d Allow abbreviation of search field names
This allows `t:word` instead of `title:word` and `p:word` instead of `password:word`, and so on.  The rule is that an abbreviated name expands to the first field name that starts with it, with exceptions
`u:` expanding to `username:` instead of `url:` and `pw:` expanding to `password:`.
2019-09-04 22:31:15 -04:00
louib
eb1882453f CLI password generation options cleanup (#3275)
Summary of changes:
* Extract function for creating password generator from options into
`Generate` command. This function is now reused in `Add` and `Edit`
commands.
* Updated manpage with missing password generation options.
* Updated manpage with missing longer forms of password generation options.
* Added unit tests for new password generation options in `Add` and
`Edit`.
* Handle case when `-g` and `-p` options are used at the same time.

This PR adds password generation functionalities while reducing
code duplication, but at the cost of 2 small breaking changes:
* The password generation option for `Add` and `Edit` for specifying
password length is now `-L` instead of `-l`, to not clash with the
`-l --lower` option.
* The `-u` shorthand for the `--upper` option has to be removed, to not
clash with the `-u --username` option.
* Add -U variant for uppercase.
2019-08-30 22:50:32 -04:00
Jonathan White
0e0cba653f CLI: add 'analyze' subcommand for offline HIBP breach checks
This new subcommand checks all passwords in the given database against a given list of SHA-1 password hashes. Such lists are available from the "Have I Been Pwned" project at https://haveibeenpwned.com/Passwords.

Note that this support offline checking only. The HIBP project also provides a web API for checking specific hash ranges; this is not currently supported.
2019-06-25 15:37:40 -04:00
Matthias Drexler
f85642741d Autocomplete usernames based on most frequent in database
* Fixes #3126
* Limit autocompletion to the top ten used usernames
- Load common usernames when database is opened
- Transition from QLineEdit to QComboBox for usernames
- Dropdown menu of the combobox lets user choose a common username
- Common usernames are autocompleted via inline completion
- Common usernames are sorted by frequency (first) and name (second)
2019-06-23 22:22:57 -04:00
Matthias Drexler
bb8377ae6a Allow setting group icons to children groups/entries (#3273)
* Add combo menu button to apply an icon to children

- allow more options to apply icons (child groups, child entries)
- extend tests in TestGroup (applying icons for groups/entries only)
- prevent blue folder icon being set for entries (on entry creation only)

* Do not show the combo menu button for entries
2019-06-19 10:02:07 -04:00
louib
84eec03cb7 Add CLI --dry-run option for merge (#3254) 2019-06-18 21:45:24 -04:00
Balazs Gyurak
05c11d1b7c CLI: Add 'flatten' option to the 'ls' command (#3276)
* Fixes #925 
* Add 'flatten' option to CLI ls command
* Add test for Group::hierarchy() and man page for ls --flatten
* Rename group sort test to align with others
2019-06-18 20:42:19 -04:00
Jonathan White
1e915eef89 Run code formatter 2019-06-18 18:51:38 -04:00
Balazs Gyurak
09181fab13 Add group sorting feature
* Enabling sorting of groups and their children in ascending and descending direction
2019-06-18 18:51:38 -04:00
louib
04360ed552 CLI Command cleanup
This PR cleans up the `Command` classes in the CLI, introducing a
`DatabaseCommand` class for the commands operating on a database,
and a `getCommandLineParser` command to centralize the arguments
parsing and validation.

The opening of the database based on the CLI arguments and options
is now centralized in `DatabaseCommand.execute`, making it easy to
add new database opening features (like YubiKey support for the CLI).

Also a couple of bugs fixed:
  * `Create` was still using `stdout` for some error messages.
  * `Diceware` and `Generate` were not validating that the word count was an integer.
  * `Diceware` was also using `stdout` for some error messages.
2019-06-14 18:15:38 -04:00
Jonathan White
63aab99b9c
Merge branch 'release/2.4.2' into develop 2019-05-30 17:22:09 -04:00