4615 Commits

Author SHA1 Message Date
Jonathan White
3e9fba7283
Don't remember key file folder if disabled
* Fixes #10557
2024-04-29 09:52:04 -04:00
Jonathan White
d7c054e9b2
Correct minor issues in translations 2024-04-29 09:51:52 -04:00
Jonathan White
485c446013
Fix password generator close button for good
* Avoids using QDialog which breaks the standalone password generator

Revert "Fix password dialog close button"

This reverts commit 5b47190fcc4b2f51fb11849cef7f53346e8fe439.
2024-04-29 07:37:35 -04:00
Jonathan White
9dd90c95a7
Improve signing files with release tool 2024-04-28 23:41:45 -04:00
Jonathan White
a8b60b7b02
Fix crash on screen lock or computer sleep
* Fixes #10455
* Fixes #10432
* Fixes #10415

Prevent setting critical key components to nullptr when database data is cleared. This can result in a crash due to race condition between threads.

Added a bunch of asserts to detect this problem and if guards to prevent actual crashes.
2024-04-28 23:41:45 -04:00
Jonathan White
3b8dc028c1
Improve database encryption settings UX
Fixes #6190

Remove the advanced settings checkbox and replace with a dedicated tab widget interface to toggle between basic and advanced encryption settings.
2024-04-28 23:41:45 -04:00
Jonathan White
bab48b42f7
Add auto-save delay per database (#9100)
Add a new propery autosaveDelay in Metadata of the db.
The property is saved in customData to not affect database structure as this setting is unique to keepasxc.
The propery sets delay to wait since last modification before saving.

Co-authored-by: jNullj <jNullj@users.noreply.github.com>
2024-04-28 23:41:45 -04:00
Jonathan White
775efc65ed
QMenubar option to show/hide itself (#10341)
--------

Co-authored-by: Mikko Saarinki <mikko.saarinki@michaelkingston.fi>
Co-authored-by: Jonathan White <support@dmapps.us>
2024-04-28 23:41:44 -04:00
Kevin J
d8006e0b76
Add hotkey for group switching (#10625)
* Add hotkey for group switching

Ctrl + Shift + Key_PageUp for previous group
Ctrl + Shift + Key_PageDown for next group
Fixes #4394
2024-04-28 23:41:44 -04:00
Jonathan White
651bcfc904
Remove password repeat application setting
* This removes the application setting to require typing the password in again even though it is visible.
* Removed automatic password repeat when the password is made visible on changing.
2024-04-28 23:41:44 -04:00
Jonathan White
029ccefe22
Only perform group sort when GroupView is focused
* Fixes #10195
2024-04-28 23:41:44 -04:00
Kevin Jerebica
9d714d5b4d
Add hotkey for search-help
Add a new hotkey (CTRL+J) for toggling on/off
the search-help when you are in the search field
Fixes: #4100
2024-04-28 23:41:44 -04:00
Mathieu Oriol
b5827aa25f
Use XDG Desktop Portal to autostart the flatpak 2024-04-28 23:41:18 -04:00
Sami Vänttinen
8f03f2f59e
Passkeys: Pass extension JSON data to browser (#10615) 2024-04-27 23:35:07 -04:00
meigelb
417bc29bc8
Fix display of bytes without decimals (#10595)
*Fixes #10594
2024-04-27 23:35:07 -04:00
Jonathan White
381eb76f7b
Fix focus loss when using Auto-Type from locked database
* Fixes #10439
2024-04-27 23:35:07 -04:00
varjolintu
dbc7f020fd
Passkeys: Position the confirm dialog with the parent window 2024-04-27 23:35:07 -04:00
varjolintu
50eec240b4
Passkeys: Fix duplicate database selection 2024-04-27 23:35:07 -04:00
Jonathan White
d87f0030a3
Prevent SSH Agent from using entries in the recycle bin
* Fixes #10516
* Also cleanup Group::isRecycled() code a little
2024-04-27 23:35:07 -04:00
Jonathan White
8723b7f6a4
Fix crash when deleting history items
* Fixes #10386
2024-04-27 23:35:07 -04:00
Jonathan White
4b87a3e58e
Fix CSV import skipping over single-name groups
* Fixes #10574
2024-04-27 23:21:02 -04:00
varjolintu
bd5984ca82
Passkeys: Fix RP ID validation 2024-04-27 23:20:43 -04:00
varjolintu
969d3f9b23
Passkeys: Do not ask update with a new user handle 2024-04-27 23:20:38 -04:00
varjolintu
f61f55fff7
Passkeys: Enable Import Passkey entry menu item only if a single entry is selected 2024-04-27 23:20:33 -04:00
Sami Vänttinen
305fd24a8e
Passkeys: Fix compatibility with StrongBox (#10420) 2024-04-27 23:20:28 -04:00
Sami Vänttinen
a5c3bf6d9d
Passkeys: Add warning on export (#10411) 2024-04-27 23:20:23 -04:00
varjolintu
97cf35c993
Passkeys: Allow nfc and usb transports 2024-04-27 23:20:18 -04:00
Joachim Breuer
eeea299187
Do not override fixed font size
This allows properly configuring a readable/desired fixed font in system settings, keepassxcrc etc.
2024-04-27 23:20:06 -04:00
Drwsburah
6875851892
Implemented database file hidden attribute preservation on Windows (#10343)
* Implemented database file hidden attribute preservation on Windows

Implemented database file hidden attribute preservation on Windows by modifying the save function to check the hidden attribute of the original database before saving and then reapply it post-saving if running on Windows so that users can easily store their database in a hidden file without having to re-hide it every time it's modified.

Updated the TestDatabase::testSaveAs() unit test to first verify after the initial save that the database file is not hidden before hiding it then saving again and verifying that it is now hidden.

Signed-off-by: Drwsburah <Drwsburah@yahoo.com>
Co-authored-by: Jonathan White <support@dmapps.us>
2024-04-27 23:20:00 -04:00
Jonathan White
ff6c3d7d9a
Fix Message Box button size on macOS and Linux
* Fixes #10381
2024-04-27 23:19:45 -04:00
Jonathan White
deb0926497
Fix focusing search after database unlock
* Fixes #10405
2024-04-27 23:19:40 -04:00
Chris
0b71cb1dad
Fix Indonesian language descriptor
Bahasa is simply means language in Indonesian.
Therefore, referring Indonesian language as "bahasa" is incorrect.
2024-04-27 23:19:32 -04:00
Jonathan White
caece405fb
Fix TestCli and TestGui entropy tests across platforms
* zxcvbn wordlists can vary between platforms depending on packager adjustments (ie, zxcvbn-c vs Ubuntu Focal)
2024-04-27 23:18:31 -04:00
Jonathan White
3a86381df8
Correct date in appdata.xml 2024-03-12 00:28:40 -04:00
Jonathan White
68e2dd8d22
Update translations 2.7.7 2024-03-09 18:13:37 -05:00
Jonathan White
bbd1604894
Update release-tool.ps1 for manifest builds 2024-03-09 16:22:36 -05:00
varjolintu
976c6914a6 Add basic documentation for Passkeys 2024-03-09 15:21:46 -05:00
Jonathan White
cde88546f3 Update Changelog 2024-03-09 15:21:46 -05:00
Jonathan White
fff1b49f73 Prevent byte-by-byte and attachment inference side channel attacks
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 15:21:46 -05:00
Jonathan White
18cfbf729c Add 1Password 1PUX and Bitwarden JSON Importers
* Closes #7545 - Support 1Password 1PUX import format based on https://support.1password.com/1pux-format/

* Closes #8367 - Support Bitwarden JSON import format (both unencrypted and encrypted) based on https://bitwarden.com/help/encrypted-export/

* Fixes #9577 - OPVault import when fields have the same name or type

* Introduce the import wizard to handle all import tasks (CSV, KDBX1, OPVault, 1PUX, JSON)

* Clean up CSV parser code to make it much more efficient and easier to read

* Combine all importer tests (except CSV) into one test file
2024-03-09 15:21:46 -05:00
Jonathan White
6f112b11e4 Minor changes to Group API to make it more explicit
* Include check for group as recycle bin directly into the Group::isRecycled() function

* Return the original root group from Database::setRootGroup(...) to force memory management transfer
2024-03-09 15:21:46 -05:00
Jonathan White
ee1268c518 Fix spacing of QGroupBox's
* Previously our base style sheet added roughly 20px of margin to the top and bottom of all QGroupBox. This caused visual errors where that margin was not needed/desired. 
* Transferred padding to the specific layouts instead where it belongs.
2024-03-09 15:21:46 -05:00
Sami Vänttinen
d78a6b6095 Skip a few Passkeys tests with Botan <= 2.14 (#10360)
Botan version less than 2.14.0 miscalculates ECDSA signatures. 

---------

Co-authored-by: Jonathan White <support@dmapps.us>
2024-03-09 15:21:46 -05:00
Janek Bevendorff
63b18084ac Set test locale to C 2024-03-09 15:21:46 -05:00
Jonathan White
7d0dc67180 Fix TouchID not being shown after lid close
Fixes #8945
Fixes #10315
2024-03-09 15:21:46 -05:00
Jonathan White
f20b531430 Automatically detect USB device changes 2024-03-09 15:21:46 -05:00
Jonathan White
28d096a89a Add vcpkg manifest with build dependencies
Also bump minimum CMake release
2024-03-09 15:21:46 -05:00
varjolintu
350931b707 Fix macOS crash on Accent Color change 2024-03-09 15:21:46 -05:00
Jonathan White
b7a1c620e4 Passkeys improvements (#10318)
Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification.
Notable changes:
- _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction.
- A new helper class _PasskeyUtils_ includes the actual checks and parses the objects.
- _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils.
- Fixes Ed25519 encoding in _BrowserCBOR_.
- Adds new error messages.
- User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user.
- `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it.
- Extension data is now handled correctly during Authentication.
- Allowed and excluded credentials are now handled correctly.
- `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID`
- Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers.
- Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey.

Fixes #10287.
2024-03-09 15:21:46 -05:00
qycyfjy
067deb9bd7 Fix removing entry from history and improve logic of history tab showing 2024-02-04 11:50:52 -05:00