This new setting gives users more control and safety:
* When Auto-Type is invoked globally (e.g., via a system-wide hotkey), the confirmation popup will always appear, letting the user confirm which credentials will be auto-typed.
* When Auto-Type is invoked from within KeePassXC's main window, the confirmation step can be skipped, since the user already can visually confirm which entry is being auto-typed.
This balances usability and security, reducing friction for intended actions while providing an extra safeguard for potentially ambiguous global Auto-Type triggers.
---------
Co-authored-by: Jonathan White <support@dmapps.us>
Bump the minimum required Qt version up to 5.12, as per
https://github.com/keepassxreboot/keepassxc/issues/10859#issuecomment-2148477826.
Previously, the minimum version was 5.2.0 based on the CMakeLists.txt
check, though it's unclear if such old versions would actually work.
With this, we are able to remove a whole bunch of #ifdef'd code.
* Prevent group pane from being hidden just by dragging. Introduce new View menu setting to hide the group pane.
* Replace the preview panel "close" icon with a "collapse down" icon making the intention clearer.
* Better organize the view menu
* Closes#9452 - add import/export buttons to application settings
* Fixes#11120 - duplicate both menubar and toolbar visibility settings into the application settings
* Fixes#8561 - improve placement of various settings between General and Security pages
* Improve tool tip for backup database setting
* Improve wording of various settings
* Set default value of DatabasePasswordMinimumQuality to 3 (do not accept a master password that is less than Good)
* Add custom message box button "Continue with weak password"
Fixes#6190
Remove the advanced settings checkbox and replace with a dedicated tab widget interface to toggle between basic and advanced encryption settings.
* This removes the application setting to require typing the password in again even though it is visible.
* Removed automatic password repeat when the password is made visible on changing.
Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification.
Notable changes:
- _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction.
- A new helper class _PasskeyUtils_ includes the actual checks and parses the objects.
- _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils.
- Fixes Ed25519 encoding in _BrowserCBOR_.
- Adds new error messages.
- User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user.
- `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it.
- Extension data is now handled correctly during Authentication.
- Allowed and excluded credentials are now handled correctly.
- `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID`
- Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers.
- Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey.
Fixes#10287.
* Add configuration to hide TOTP in preview widget (shown by default).
* Retain the visibility of TOTP and other fields when the same entry remains selected in the preview panel.
* Fix disconnecting signals when switch entries / groups. This likely is going to fix crashes because we were compounding signals when focusing in on the main window.
* Special thanks to @HexF and @smlu for their contributions towards this feature.
* Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future.
* Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain.
* Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified.
* Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly.
* Prevent quick unlock when using AutoOpen or opening from the command line.
If relock after performing Auto-Type is enabled it will wait until
specified timeout before doing so.
Retype time is now configurable and is decreased from the old
hardcoded 30 seconds down to 15 seconds to keep the default a bit
more secure while still allowing the user to set it higher for
their liking.
To restore old behavior the user can set retype time to 0 which
will make the database relock instantly.
Auto-Type relock setting relocated to Auto-Type tab to group it
better with the other Auto-Type settings.
* Show banner message about expired entries
* Add config option and expiration offset
* Only show expiry warning on first DB unlock
* Default to on with 3-day offset from expiration
* show the tags in the entry preview
* allow searching by tag
* add a sidebar listing the tags in the database
* filter entries by tag on click
* Introduce a new TagsEdit widget that provides pill aesthetics, fast removal functionality and autocompletion
* add tests for the tags feature
* introduce the "is" tag for searching. Support for weak passwords and expired added.
- Default backupFilePath is '{DB_FILENAME}.old.kdbx' to conform to existing standards
- Implement backupPathPattern tests.
- Show tooltip on how to format database backup location text field.
Fixes#6942 and fixes#4443
- Return number of deleted entries
- Fix minor memory leak
- FdoSecrets: make all prompt truly async per spec and update tests
* the waited signal may already be emitted before calling spy.wait(),
causing the test to fail. This commit checks the count before waiting.
* check unlock result after waiting for signal
- FdoSecrets: implement unlockBeforeSearch option
- FdoSecrets: make search always work regardless of entry group searching settings, fixes#6942
- FdoSecrets: cleanup gracefully even if some test failed
- FdoSecrets: make it safe to call prompts concurrently
- FdoSecrets: make sure in unit test we click on the correct dialog
Note on the unit tests: objects are not deleted (due to deleteLater event not handled).
So there may be multiple AccessControlDialog. But only one of
it is visible and is the correctly one to click on.
Before this change, a random one may be clicked on, causing the
completed signal never be sent.
* Closes#6335
* Modify application settings presentation to allow for alternative saving strategies
* Transition Database::save calls to using flags to control saving behavior. Reduces boolean flags on function call.
* Made direct write save option a local setting to prevent unintentional carry over between platforms.
* Use hash based storage for last used directories instead of a key/value for each type
* Explicitly declare certain operations as sensitive and follow the "Remember Last Database" setting for those.
* Introduce database backup directory location (close#6619)
* Fixes#3837
* Change objects to use DBusMgr rather than separate adaptors
- Update all DBus invokable methods to new parameter order
- Change all usage of DBusReturn to simpler DBusResult
- Use DBusMgr to handle path and service registration
- Remove adaptor/*
- Set path in DBusObject
- Unregister service when service is destroyed
- Restore handling of invalid QVariant in prompt complete signal
- Clean up meta type registration
- Move dbus related file together
- Convert to QSharedPointer as much as possible
- Fix mapping of the Delete method
- Handle dbus property get all
* Add per-client states
- Move cipher negotiation to DBusClient
- Show list of clients instead of sessions in the settings page
- Add settings for confirmation of accessing items
- Fix infinite recursion when client disconnected
- Use optional explicit DBusClient parameter instead. This makes accessing
the client info in an async context explicit, and thus prevent accidental
assertions in prompts.
* Improve User Interface
- Add per-item access confirmation (if enabled)
- Remove the "disable for site" button for the access control dialog
- Improve the text on the settings page to be more consistent
- Fix disconnect buttons in settings page not working
- Make the unlock prompt method nonblocking
* Fix and cleanup unit tests
- Use QTRY_COMPARE when checking signal spies, as dbus signals are threaded
- Fixes in meta type registration and type conversion
- Remove QStringLiteral in COMPARE macros, making diff output readable
- Add testing for remembering auth decision
* Fix#5313, allow specifying local config path using environment variable and command line flag
* Add command line flag `--localconfig <path>` to specify a file path to use for the local configuration settings.
* Add environment variable support to set config files paths: `KPXC_CONFIG` and `KPXC_CONFIG_LOCAL` to override default locations.
* Reorder startup sequence to load specified config files earlier to allow for theme settings and other early options to be picked up.
* Removed old command line option `--pw`, no longer used.
* Attempt a fix of application not closing when last window is gone. Only set `QApplication::setQuitOnLastWindowClosed(true)` when tray icon is enabled instead of always.
* Fix#5107
* Change setting for non-data changes to Auto save on database lock (or not) instead of marking modified.
* When enabled, database will be auto-saved if there are only non-data changes, but will not prompt the user if saving has failed.
* When disabled, database will not auto-save if there are only non-data changes (same behavior as 2.5 and below) and will not mark the database dirty.
* Added to the new view menu, show entry/group icons at 16px and reduce toolbar icons to 22px.
* Fix search widget being too large vertically (removed padding)
