Commit Graph

221 Commits

Author SHA1 Message Date
Jonathan White
5513ff5c1f Fix TestCli and TestGui entropy tests across platforms
* zxcvbn wordlists can vary between platforms depending on packager adjustments (ie, zxcvbn-c vs Ubuntu Focal)
2024-03-31 07:56:23 -04:00
Jonathan White
e700195f0a Add 1Password 1PUX and Bitwarden JSON Importers
* Closes #7545 - Support 1Password 1PUX import format based on https://support.1password.com/1pux-format/

* Closes #8367 - Support Bitwarden JSON import format (both unencrypted and encrypted) based on https://bitwarden.com/help/encrypted-export/

* Fixes #9577 - OPVault import when fields have the same name or type

* Introduce the import wizard to handle all import tasks (CSV, KDBX1, OPVault, 1PUX, JSON)

* Clean up CSV parser code to make it much more efficient and easier to read

* Combine all importer tests (except CSV) into one test file
2024-03-09 10:44:54 -05:00
Janek Bevendorff
0acb15de0f Set test locale to C 2024-03-08 10:55:22 -05:00
Janek Bevendorff
6a273363c4 Automatically detect USB device changes 2024-03-08 10:55:22 -05:00
Waqar Ahmed
a472ef8a93
Allow configuring keyboard shortcuts (#9643)
Closes #2689

The design of the respective code is loosely based on KDE's KActionCollection. The ActionCollection manages all actions that can be shortcut configured. These actions are then exposed in the config and a user can assign a different shortcut.

Actions inside the MainWindow have been added to the ActionCollection.

---------

Co-authored-by: Jonathan White <support@dmapps.us>
2024-02-04 06:29:04 -05:00
egglessness
d44486ce94
Add configurable password strength check on database password (#9782)
* Set default value of DatabasePasswordMinimumQuality to 3 (do not accept a master password that is less than Good)

* Add custom message box button "Continue with weak password"
2024-01-06 13:53:18 -05:00
Colfenor
cd7a53abbb
Fix first entry is not selected when a search is performed (#9868) 2023-09-25 09:21:28 -04:00
Jonathan White
eee25a1c35
Fix several issues with Quick Unlock (#9697)
* Fix #7892 - Pressing escape when the quick unlock prompt is shown will now go back to the main unlock dialog view.
* Fix #9030 - Quick unlock will be automatically invoked in the unlock dialog upon being shown.
* Fix #9554 - Quick unlock application setting will be updated every time the settings widget is shown instead of just on first launch.

* Show warning that quick unlock is not enabled if user cancels Windows Hello prompt. This should limit people thinking there is a security issue. Also improve documentation describing this behavior.

* Disable quick unlock in gui tests
2023-08-10 08:21:08 -04:00
Jonathan White
3cf14971f2 Improve database encryption settings UX
Fixes #6190

Remove the advanced settings checkbox and replace with a dedicated tab widget interface to toggle between basic and advanced encryption settings.
2023-07-09 12:29:56 -07:00
jNullj
35baeaff79
Add auto-save delay per database (#9100)
Add a new propery autosaveDelay in Metadata of the db.
The property is saved in customData to not affect database structure as this setting is unique to keepasxc.
The propery sets delay to wait since last modification before saving.

Co-authored-by: jNullj <jNullj@users.noreply.github.com>
2023-07-08 08:49:03 -04:00
jNullj
e755ee8e04
test: add test for maximum history in database settings (#9176)
This commit adds a test to the TestGui::testDatabaseSettings function for the history maximum items and maximum size settings.
The test opens the database settings dialog, disables the history items and size settings, saves the changes, reopens the dialog, and then cancels without making any changes to load the default values. The test ensures that the default values are loaded correctly.

Co-authored-by: jNullj <jNullj@users.noreply.github.com>
2023-07-04 05:43:12 -07:00
Jonathan White
e701ccbd73 Fix GUI tests on macOS 2023-04-30 09:26:33 -04:00
jNullj
7a6505626f
Fix TestGui::testDatabaseSettings open tab missing (#9162)
Co-authored-by: jNullj <jNullj@users.noreply.github.com>
2023-02-25 14:11:18 -05:00
Jonathan White
8dec687798 Correct testing status bar text 2023-02-19 08:28:12 -08:00
Akinori MUSHA
cc35bf2096 Select new entry after cloning
Also fixes re-selecting entries during a search refresh
2023-02-13 23:22:13 -08:00
Dmytro
5bd871528f
Fix status bar update when switching to other DB (#9073)
* Gui tests: add validation of StatusBarLabel in some tests
2023-02-07 22:11:52 -05:00
Dmytro Maslenko
f703736685 Scale and center QR code on window resizing
* Also add GUI test for QR code resizing
2023-02-02 00:03:30 -05:00
luzpaz
880cc230ac
Fix various typos (#8748) 2023-01-29 09:38:44 -05:00
Jonathan White
e5bd5f39fb Use search for showing expired entries on unlock
* Fix #8036 - use search interface to display expiring entries on first unlock.
2022-09-08 06:46:48 -04:00
Aetf
0f7b674cbb FdoSecrets: add smarter handling of database unlock requests
This commit implements the following logic:
* If there're already unlocked collections, just use those,
* otherwise, show the unlock dialog until there's an unlocked and exposed collection.

* Fixes #7574
2022-06-04 16:27:18 -04:00
Aetf
e2bf537c4a FdoSecrets: ask to unlock the database when creating items
Also only emit databaseUnlockFinished after the database is unlocked

Fix #7989
2022-06-04 15:49:34 -04:00
J.M. Dana
a740fe128c Add password strength indicator to PasswordEditWidget
Fixes #7437 (entry edit view only)
Fixes #5220
2022-05-31 07:34:50 -04:00
Jonathan White
ba8f787d0d Fix transient errors in GUI tests
* Fix saving file errors due to atomic saves on Windows
* Fix tests that rely on clicking a list index that is out of view
2022-05-30 23:31:34 -04:00
Patrick Sean Klein
65a1d1b0f7 Limit zxcvbn entropy estimation length
Limit the use of zxcvbn based password entropy estimation to 256 bytes. After this threshold, the average per-byte entropy from the zxcvbn calculation is added for each additional byte. In practice, this produces a slightly higher entropy calculation for purely randomized passwords than zxcvbn would normally calculate. However, the time to calculate is capped leading to a much better user experience and removing unnecessary calculations.

Fixes #7712
2022-05-30 10:46:39 -04:00
Aetf
a4c5997050 FdoSecrets: skip entries in recycle bin when searching (fix #7933) 2022-05-28 15:36:17 -04:00
Jonathan White
02602da257 Several improvements to tags editing
* Fix #7602 - Allow spaces in tag names
* Fix #7528 - Allow pasting text into the tags field. Text is split by comma creating tags for each section of text. If there are no commas then the pasted text becomes a tag.
* Fix tags editing not causing the entry to be marked as modified.
2022-03-29 18:41:31 -04:00
Aetf
7d3c3b09fb FdoSecrest: allow remember decision for future entries
Also added a reset decision button in session management tab

Fixes #7464

* Fix distorted button in settings page: the default margin in QToolBar is too large for our use case in a table row.
2022-03-21 08:42:17 -04:00
Patrick Klein
bce8c84c26
Remove obsolete read only state from database. (#7324) 2022-01-28 21:26:53 -05:00
Xavier Valls
4a21cee98c Add tags feature
* show the tags in the entry preview
* allow searching by tag
* add a sidebar listing the tags in the database
* filter entries by tag on click
* Introduce a new TagsEdit widget that provides pill aesthetics, fast removal functionality and autocompletion
* add tests for the tags feature
* introduce the "is" tag for searching. Support for weak passwords and expired added.
2022-01-28 16:13:49 -05:00
Lorenzo Tucci
c88d8c870f Add lock selected database action on toolbar
Closes #6445

Switch tab when locking a database and move Lock Database actions to the Database section of the toolbar.
2021-12-12 23:40:59 -05:00
Jonathan White
d3d7bd7b81 Fix transient save errors in TestGui 2021-11-25 14:29:13 -05:00
louib
004f2b6801 Removing QWidget dependency from src/core. 2021-11-12 07:41:30 -05:00
Patrick Klein
84ff6a13f9
Allow specifing database backup paths. (#7035)
- Default backupFilePath is '{DB_FILENAME}.old.kdbx' to conform to existing standards
- Implement backupPathPattern tests.
- Show tooltip on how to format database backup location text field.
2021-11-07 17:41:17 -05:00
Aetf
2a9d92faeb
FdoSecrets: reject setting refs via the API (#7043)
* FdoSecrets: add TOTP as a readonly attribute

* FdoSecrets: reject setting fields containing refs, fixes #6802

It is still possible to set refs using KPXC UI.
2021-10-24 10:22:50 -04:00
Aetf
a31c5ba006 FdoSecrets: Implement unlock before search
Fixes #6942 and fixes #4443

- Return number of deleted entries
- Fix minor memory leak
- FdoSecrets: make all prompt truly async per spec and update tests
    * the waited signal may already be emitted before calling spy.wait(),
      causing the test to fail. This commit checks the count before waiting.
    * check unlock result after waiting for signal
- FdoSecrets: implement unlockBeforeSearch option
- FdoSecrets: make search always work regardless of entry group searching settings, fixes #6942
- FdoSecrets: cleanup gracefully even if some test failed
- FdoSecrets: make it safe to call prompts concurrently
- FdoSecrets: make sure in unit test we click on the correct dialog

Note on the unit tests: objects are not deleted (due to deleteLater event not handled).
So there may be multiple AccessControlDialog. But only one of
it is visible and is the correctly one to click on.

Before this change, a random one may be clicked on, causing the
completed signal never be sent.
2021-10-16 22:50:04 -04:00
Aetf
60cfba8e46
FdoSecrets: Improve client executable path handling (#6915)
* Fixes #6459 

Improves the overall handling of FdoSecrets showing client executable paths to the user. It does the following:

* Check executable file existence as described in [RFC] fdosecrets: add optional confirmation to secret access (#4733)
* Show application PID and dbus address in the client list
* When the executable file is inaccessible, depending on where the client name is shown:
    * when shown inline, e.g. in notification text, where space is limited, clearly say that the path is invalid
    * when shown in auth dialog, show warning and print detailed info about the client
    * when shown in the client list, draw a warning icon

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 18:22:15 -04:00
Janek Bevendorff
a46231a39a
Fix tests on macOS and update coverage config (#6945)
Simplifies coverage generation and uses llvm-cov instead of gcov if
compiler is clang.
2021-09-26 12:35:42 +02:00
peter
6b14b5dc27 Optimize includes across code base 2021-07-13 22:08:33 -04:00
Jonathan White
6a8b070b0a
Resolve compiler warnings for unused return values
* Fixes #1932 - See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c29

Adding a negation before the function call allows the (void) syntax to work properly.
2021-06-11 22:49:39 -04:00
Martin Mokrejs
dc496fd1d9 Better description text for Key File change dialog 2021-04-24 13:47:28 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Ojas Anand
022154462e Add entry view column for password strength
* Closes #4216

Reduced to three-tiered rating system and fixed column implementation. Hide password strength indicator in entry view if excluded from reports.

Introduce password health caching to prevent unnecessary calculations.
2021-02-26 22:10:04 -05:00
Jonathan White
f3d88fbd36 Address translation feedback from Transifex 2021-02-19 18:37:33 -05:00
Aetf
9a8a5a0006
FdoSecrets: Major Refactor and Code Consolidation (#5747)
* Fixes #3837

* Change objects to use DBusMgr rather than separate adaptors
  - Update all DBus invokable methods to new parameter order
  - Change all usage of DBusReturn to simpler DBusResult
  - Use DBusMgr to handle path and service registration
  - Remove adaptor/*
  - Set path in DBusObject
  - Unregister service when service is destroyed
  - Restore handling of invalid QVariant in prompt complete signal
  - Clean up meta type registration
  - Move dbus related file together
  - Convert to QSharedPointer as much as possible
  - Fix mapping of the Delete method
  - Handle dbus property get all

* Add per-client states
  - Move cipher negotiation to DBusClient
  - Show list of clients instead of sessions in the settings page
  - Add settings for confirmation of accessing items
  - Fix infinite recursion when client disconnected
  - Use optional explicit DBusClient parameter instead. This makes accessing 
    the client info in an async context explicit, and thus prevent accidental 
    assertions in prompts.

* Improve User Interface
  - Add per-item access confirmation (if enabled)
  - Remove the "disable for site" button for the access control dialog
  - Improve the text on the settings page to be more consistent
  - Fix disconnect buttons in settings page not working
  - Make the unlock prompt method nonblocking

* Fix and cleanup unit tests
  - Use QTRY_COMPARE when checking signal spies, as dbus signals are threaded
  - Fixes in meta type registration and type conversion
  - Remove QStringLiteral in COMPARE macros, making diff output readable
  - Add testing for remembering auth decision
2021-02-05 15:07:59 -05:00
Janek Bevendorff
86278311d2
Merge branch 'master' into develop 2021-01-12 18:24:59 +01:00
Jonathan White
a74e2391e8 Copy history when drag/drop entries and groups
* Fix #5809
2020-12-20 22:57:42 -05:00
krsnik93
2ee4168956 Display default autotype sequence on entry preview pane
* Fix #5450
2020-12-13 11:33:03 -05:00
Bernhard Berg
a6f01349e8
Redo 'delete entries no confirm' functionality & unit-tests (#5812)
* Fixes #5232
2020-12-12 12:14:18 -05:00
Janek Bevendorff
3f7e79cdf3 Add Argon2id KDF (backport of #5726) 2020-12-04 15:11:28 +01:00
Janek Bevendorff
9a96124040 Add Argon2id KDF 2020-12-03 20:06:58 +01:00