Introduce a password health check to the application that evaluates every entry in a database. Entries that fail various tests are listed for user review and action. Also moves the statistics panel to the new Database -> Reports widget. Recycled entries are excluded from the results.
We now have two classes, PasswordHealth to deal with a single password and HealthChecker to deal with all passwords of a database.
Tests include passwords that are expired, re-used, and weak.
* Closes#551
* Move zxcvbn usage to a centralized class (PasswordHealth) and replace its usages across the application to ensure standardized interpretation of entropy calculations.
* Add new icons for the database reports view
* Updated the demo database to show off the reports
* make Clip accept an attribute name
This allows users to copy arbitrary attributes (e.g. username, notes,
URL) to the clipboard in addition to the password and TOTP values.
* update Clip manpage
* Add findAttributes to CLI utils
* Use case-insensitive search in Show command.
* Use case-insensitive search in Clip command.
Co-authored-by: louib <L0U13@protonmail.com>
Added an option to set the target decryption time on database creation
for the CLI create command. This required some refactoring, in
particular the extraction of the min, max and defaut decryption times in
the `Kdf` module. Some work was done to allow changing those constant
only in the `Kdf` module, should we ever want to change them.
* Fix#4093 - The first entry in the list is selected after deleting an entry
* Prevents crashes due to dangling pointers held by the Entry Preview Widget when entries were deleted.
* Improve GUI tests to ensure this new behavior occurs.
The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.
This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.
Fixes#4146
Rename 'k' to 'f' because 'k' is already used to specify the key for the target database of the merge
* Remove short -f option from keepassxc-cli.1
* Remove -f option from keepassxc-cli merge
* Add test cases covering cli options for merge
* Add functional test for merge with keys
This makes most tests run successfully with asan.
The GUI tests still have a bunch of leaks, some from library code, and
some that look real but which I didn't immediately manage to figure out.
* TestOpVaultReader: use QSharedPointer
* Fix#3754 - Accept valid TOTP keys that require padding when converted to Base32.
* Allow use of spaces and lower case letters in the TOTP secret key.
* Fix#3506
* Fix#2389
* Fix#2536
* Fix#2230
Every database that has been opened now watch's it's own file. This allows the database class to manage file changes and detect fail conditions during saving. Additionally, all stakeholders of the database can listen for the database file changed notification and respond accordingly.
Performed significant cleanup of the autoreload code within DatabaseWidget. Fixed several issues with handling changes due to merging, not merging, and other scenarios while reloading.
Prevent database saves to the same file if there are changes on disk that have not been merged with the open database.
Fixes#3365
Add prompt to delete the recycle bin when disabling it. If the user chooses not to delete it, the recycle bin will be suffixed with "(old)" and the icon changed to the default group icon.
Also moved recycle bin creation within the database class where it belongs.
* Fix#3142 - Warn user when entering invalid TOTP secret key.
* Fix#773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button.
* Add ability to choose hash algorithm from the TOTP setup dialog
* Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss
Ran make format
* Fixes#398
The new Browser Integration entry settings page has a list view with any additional URL's. These URL's are added to the entry attributes with KP2A_URL_<counter>, which means those are directly compatible with Keepass2Android.
The CLI now contains an "import" command that creates a new database from the specified XML export. The new database is in kdbx 4 format, and does not currently accept a keyfile in database creation.
This change is required to create new databases from XML backups.
Fixes#2458
* Add test for (unwanted) history timeinfo update when cloning entries.
* Add timeInfo test for clone with rename.
* Fixed modification time update when cloning an entry with renaming.
This change adds a GNU Readline-based interactive mode to keepassxc-cli. If GNU Readline is not available, commands are just read from stdin with no editing or auto-complete support.
DatabaseCommand is modified to add the path to the current database to the arguments passed to executeWithDatabase. In this way, instances of DatabaseCommand do not have to prompt to re-open the database after each invocation, and existing command implementations do not have to be changed to support interactive mode.
This change also introduces a new way of handling commands between interactive and batch modes.
* Fixes#3224.
* Ran make format
* Changed `Extract` to `Export` to support additional formats
* Allow database expot as CSV. Added a `--format` option to the `Export` command for that, which defaults to xml, so the current behavior is unchanged.
*The `CsvExporter` had to be refactored a bit, but nothing major. It can
now print to a file or return a string.
Avoids prompting the user for a password if unlocking is likely to fail
due to some problem with the database file (i.e. not found, not a file,
not readable).
Add unit tests.
This allows `t:word` instead of `title:word` and `p:word` instead of `password:word`, and so on. The rule is that an abbreviated name expands to the first field name that starts with it, with exceptions
`u:` expanding to `username:` instead of `url:` and `pw:` expanding to `password:`.
Summary of changes:
* Extract function for creating password generator from options into
`Generate` command. This function is now reused in `Add` and `Edit`
commands.
* Updated manpage with missing password generation options.
* Updated manpage with missing longer forms of password generation options.
* Added unit tests for new password generation options in `Add` and
`Edit`.
* Handle case when `-g` and `-p` options are used at the same time.
This PR adds password generation functionalities while reducing
code duplication, but at the cost of 2 small breaking changes:
* The password generation option for `Add` and `Edit` for specifying
password length is now `-L` instead of `-l`, to not clash with the
`-l --lower` option.
* The `-u` shorthand for the `--upper` option has to be removed, to not
clash with the `-u --username` option.
* Add -U variant for uppercase.
This new subcommand checks all passwords in the given database against a given list of SHA-1 password hashes. Such lists are available from the "Have I Been Pwned" project at https://haveibeenpwned.com/Passwords.
Note that this support offline checking only. The HIBP project also provides a web API for checking specific hash ranges; this is not currently supported.
* Fixes#3126
* Limit autocompletion to the top ten used usernames
- Load common usernames when database is opened
- Transition from QLineEdit to QComboBox for usernames
- Dropdown menu of the combobox lets user choose a common username
- Common usernames are autocompleted via inline completion
- Common usernames are sorted by frequency (first) and name (second)
* Add combo menu button to apply an icon to children
- allow more options to apply icons (child groups, child entries)
- extend tests in TestGroup (applying icons for groups/entries only)
- prevent blue folder icon being set for entries (on entry creation only)
* Do not show the combo menu button for entries
* Fixes#925
* Add 'flatten' option to CLI ls command
* Add test for Group::hierarchy() and man page for ls --flatten
* Rename group sort test to align with others