mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-12-18 04:04:29 -05:00
ac2b445db6
Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification. Notable changes: - _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction. - A new helper class _PasskeyUtils_ includes the actual checks and parses the objects. - _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils. - Fixes Ed25519 encoding in _BrowserCBOR_. - Adds new error messages. - User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user. - `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it. - Extension data is now handled correctly during Authentication. - Allowed and excluded credentials are now handled correctly. - `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID` - Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers. - Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey. Fixes #10287.
277 lines
12 KiB
C++
277 lines
12 KiB
C++
/*
|
|
* Copyright (C) 2024 KeePassXC Team <team@keepassxc.org>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 2 or (at your option)
|
|
* version 3 of the License.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "TestTools.h"
|
|
|
|
#include "core/Clock.h"
|
|
|
|
#include <QRegularExpression>
|
|
#include <QTest>
|
|
#include <QUuid>
|
|
|
|
QTEST_GUILESS_MAIN(TestTools)
|
|
|
|
namespace
|
|
{
|
|
QString createDecimal(QString wholes, QString fractions, QString unit)
|
|
{
|
|
return wholes + QLocale().decimalPoint() + fractions + " " + unit;
|
|
}
|
|
} // namespace
|
|
|
|
void TestTools::testHumanReadableFileSize()
|
|
{
|
|
constexpr auto kibibyte = 1024u;
|
|
using namespace Tools;
|
|
|
|
QCOMPARE(createDecimal("1", "00", "B"), humanReadableFileSize(1));
|
|
QCOMPARE(createDecimal("1", "00", "KiB"), humanReadableFileSize(kibibyte));
|
|
QCOMPARE(createDecimal("1", "00", "MiB"), humanReadableFileSize(kibibyte * kibibyte));
|
|
QCOMPARE(createDecimal("1", "00", "GiB"), humanReadableFileSize(kibibyte * kibibyte * kibibyte));
|
|
|
|
QCOMPARE(QString("100 B"), humanReadableFileSize(100, 0));
|
|
QCOMPARE(createDecimal("1", "10", "KiB"), humanReadableFileSize(kibibyte + 100));
|
|
QCOMPARE(createDecimal("1", "001", "KiB"), humanReadableFileSize(kibibyte + 1, 3));
|
|
QCOMPARE(createDecimal("15", "00", "KiB"), humanReadableFileSize(kibibyte * 15));
|
|
}
|
|
|
|
void TestTools::testIsHex()
|
|
{
|
|
QVERIFY(Tools::isHex("0123456789abcdefABCDEF"));
|
|
QVERIFY(!Tools::isHex(QByteArray("0xnothex")));
|
|
}
|
|
|
|
void TestTools::testIsBase64()
|
|
{
|
|
QVERIFY(Tools::isBase64(QByteArray("1234")));
|
|
QVERIFY(Tools::isBase64(QByteArray("123=")));
|
|
QVERIFY(Tools::isBase64(QByteArray("12==")));
|
|
QVERIFY(Tools::isBase64(QByteArray("abcd9876MN==")));
|
|
QVERIFY(Tools::isBase64(QByteArray("abcd9876DEFGhijkMNO=")));
|
|
QVERIFY(Tools::isBase64(QByteArray("abcd987/DEFGh+jk/NO=")));
|
|
QVERIFY(!Tools::isBase64(QByteArray("abcd123==")));
|
|
QVERIFY(!Tools::isBase64(QByteArray("abc_")));
|
|
QVERIFY(!Tools::isBase64(QByteArray("123")));
|
|
}
|
|
|
|
void TestTools::testIsAsciiString()
|
|
{
|
|
QVERIFY(Tools::isAsciiString("abcd9876DEFGhijkMNO"));
|
|
QVERIFY(Tools::isAsciiString("-!&5a?`~"));
|
|
QVERIFY(!Tools::isAsciiString("Štest"));
|
|
QVERIFY(!Tools::isAsciiString("Ãß"));
|
|
}
|
|
|
|
void TestTools::testEnvSubstitute()
|
|
{
|
|
QProcessEnvironment environment;
|
|
|
|
#if defined(Q_OS_WIN)
|
|
environment.insert("HOMEDRIVE", "C:");
|
|
environment.insert("HOMEPATH", "\\Users\\User");
|
|
environment.insert("USERPROFILE", "C:\\Users\\User");
|
|
|
|
QCOMPARE(Tools::envSubstitute("%HOMEDRIVE%%HOMEPATH%\\.ssh\\id_rsa", environment),
|
|
QString("C:\\Users\\User\\.ssh\\id_rsa"));
|
|
QCOMPARE(Tools::envSubstitute("start%EMPTY%%EMPTY%%%HOMEDRIVE%%end", environment), QString("start%C:%end"));
|
|
QCOMPARE(Tools::envSubstitute("%USERPROFILE%\\.ssh\\id_rsa", environment),
|
|
QString("C:\\Users\\User\\.ssh\\id_rsa"));
|
|
QCOMPARE(Tools::envSubstitute("~\\.ssh\\id_rsa", environment), QString("C:\\Users\\User\\.ssh\\id_rsa"));
|
|
#else
|
|
environment.insert("HOME", QString("/home/user"));
|
|
environment.insert("USER", QString("user"));
|
|
|
|
QCOMPARE(Tools::envSubstitute("~/.ssh/id_rsa", environment), QString("/home/user/.ssh/id_rsa"));
|
|
QCOMPARE(Tools::envSubstitute("$HOME/.ssh/id_rsa", environment), QString("/home/user/.ssh/id_rsa"));
|
|
QCOMPARE(Tools::envSubstitute("start/$EMPTY$$EMPTY$HOME/end", environment), QString("start/$/home/user/end"));
|
|
#endif
|
|
}
|
|
|
|
void TestTools::testValidUuid()
|
|
{
|
|
auto validUuid = Tools::uuidToHex(QUuid::createUuid());
|
|
auto nonRfc4122Uuid = "1234567890abcdef1234567890abcdef";
|
|
auto emptyUuid = QString();
|
|
auto shortUuid = validUuid.left(10);
|
|
auto longUuid = validUuid + "baddata";
|
|
auto nonHexUuid = Tools::uuidToHex(QUuid::createUuid()).replace(0, 1, 'p');
|
|
|
|
QVERIFY(Tools::isValidUuid(validUuid));
|
|
/* Before https://github.com/keepassxreboot/keepassxc/pull/1770/, entry
|
|
* UUIDs are simply random 16-byte strings. Such older entries should be
|
|
* accepted as well. */
|
|
QVERIFY(Tools::isValidUuid(nonRfc4122Uuid));
|
|
QVERIFY(!Tools::isValidUuid(emptyUuid));
|
|
QVERIFY(!Tools::isValidUuid(shortUuid));
|
|
QVERIFY(!Tools::isValidUuid(longUuid));
|
|
QVERIFY(!Tools::isValidUuid(nonHexUuid));
|
|
}
|
|
|
|
void TestTools::testBackupFilePatternSubstitution_data()
|
|
{
|
|
QTest::addColumn<QString>("pattern");
|
|
QTest::addColumn<QString>("dbFilePath");
|
|
QTest::addColumn<QString>("expectedSubstitution");
|
|
|
|
static const auto DEFAULT_DB_FILE_NAME = QStringLiteral("KeePassXC");
|
|
static const auto DEFAULT_DB_FILE_PATH = QStringLiteral("/tmp/") + DEFAULT_DB_FILE_NAME + QStringLiteral(".kdbx");
|
|
static const auto NOW = Clock::currentDateTime();
|
|
auto DEFAULT_FORMATTED_TIME = NOW.toString("dd_MM_yyyy_hh-mm-ss");
|
|
|
|
QTest::newRow("Null pattern") << QString() << DEFAULT_DB_FILE_PATH << QString();
|
|
QTest::newRow("Empty pattern") << QString("") << DEFAULT_DB_FILE_PATH << QString("");
|
|
QTest::newRow("Null database path") << "valid_pattern" << QString() << QString();
|
|
QTest::newRow("Empty database path") << "valid_pattern" << QString("") << QString();
|
|
QTest::newRow("Unclosed/invalid pattern") << "{DB_FILENAME" << DEFAULT_DB_FILE_PATH << "{DB_FILENAME";
|
|
QTest::newRow("Unknown pattern") << "{NO_MATCH}" << DEFAULT_DB_FILE_PATH << "{NO_MATCH}";
|
|
QTest::newRow("Do not replace escaped patterns (filename)")
|
|
<< "\\{DB_FILENAME\\}" << DEFAULT_DB_FILE_PATH << "{DB_FILENAME}";
|
|
QTest::newRow("Do not replace escaped patterns (time)")
|
|
<< "\\{TIME:dd.MM.yyyy\\}" << DEFAULT_DB_FILE_PATH << "{TIME:dd.MM.yyyy}";
|
|
QTest::newRow("Multiple patterns should be replaced")
|
|
<< "{DB_FILENAME} {TIME} {DB_FILENAME}" << DEFAULT_DB_FILE_PATH
|
|
<< DEFAULT_DB_FILE_NAME + QStringLiteral(" ") + DEFAULT_FORMATTED_TIME + QStringLiteral(" ")
|
|
+ DEFAULT_DB_FILE_NAME;
|
|
QTest::newRow("Default time pattern") << "{TIME}" << DEFAULT_DB_FILE_PATH << DEFAULT_FORMATTED_TIME;
|
|
QTest::newRow("Default time pattern (empty formatter)")
|
|
<< "{TIME:}" << DEFAULT_DB_FILE_PATH << DEFAULT_FORMATTED_TIME;
|
|
QTest::newRow("Custom time pattern") << "{TIME:dd-ss}" << DEFAULT_DB_FILE_PATH << NOW.toString("dd-ss");
|
|
QTest::newRow("Invalid custom time pattern") << "{TIME:dd/-ss}" << DEFAULT_DB_FILE_PATH << NOW.toString("dd/-ss");
|
|
QTest::newRow("Recursive substitution") << "{TIME:'{TIME}'}" << DEFAULT_DB_FILE_PATH << DEFAULT_FORMATTED_TIME;
|
|
QTest::newRow("{DB_FILENAME} substitution")
|
|
<< "some {DB_FILENAME} thing" << DEFAULT_DB_FILE_PATH
|
|
<< QStringLiteral("some ") + DEFAULT_DB_FILE_NAME + QStringLiteral(" thing");
|
|
QTest::newRow("{DB_FILENAME} substitution with multiple extensions") << "some {DB_FILENAME} thing"
|
|
<< "/tmp/KeePassXC.kdbx.ext"
|
|
<< "some KeePassXC.kdbx thing";
|
|
// Not relevant right now, added test anyway
|
|
QTest::newRow("There should be no substitution loops") << "{DB_FILENAME}"
|
|
<< "{TIME:'{DB_FILENAME}'}.ext"
|
|
<< "{DB_FILENAME}";
|
|
}
|
|
|
|
void TestTools::testBackupFilePatternSubstitution()
|
|
{
|
|
QFETCH(QString, pattern);
|
|
QFETCH(QString, dbFilePath);
|
|
QFETCH(QString, expectedSubstitution);
|
|
|
|
QCOMPARE(Tools::substituteBackupFilePath(pattern, dbFilePath), expectedSubstitution);
|
|
}
|
|
|
|
void TestTools::testEscapeRegex_data()
|
|
{
|
|
QTest::addColumn<QString>("input");
|
|
QTest::addColumn<QString>("expected");
|
|
|
|
QString all_regular_characters = "0123456789";
|
|
for (char c = 'a'; c != 'z'; ++c) {
|
|
all_regular_characters += QChar::fromLatin1(c);
|
|
}
|
|
for (char c = 'A'; c != 'Z'; ++c) {
|
|
all_regular_characters += QChar::fromLatin1(c);
|
|
}
|
|
|
|
QTest::newRow("Regular characters should not be escaped") << all_regular_characters << all_regular_characters;
|
|
QTest::newRow("Special characters should be escaped") << R"(.^$*+-?()[]{}|\)"
|
|
<< R"(\.\^\$\*\+\-\?\(\)\[\]\{\}\|\\)";
|
|
QTest::newRow("Null character") << QString::fromLatin1("ab\0c", 4) << "ab\\0c";
|
|
}
|
|
|
|
void TestTools::testEscapeRegex()
|
|
{
|
|
QFETCH(QString, input);
|
|
QFETCH(QString, expected);
|
|
|
|
auto actual = Tools::escapeRegex(input);
|
|
QCOMPARE(actual, expected);
|
|
}
|
|
|
|
void TestTools::testConvertToRegex()
|
|
{
|
|
QFETCH(QString, input);
|
|
QFETCH(int, options);
|
|
QFETCH(QString, expected);
|
|
|
|
auto regex = Tools::convertToRegex(input, options).pattern();
|
|
QCOMPARE(regex, expected);
|
|
}
|
|
|
|
void TestTools::testConvertToRegex_data()
|
|
{
|
|
const QString input = R"(te|st*t?[5]^(test);',.)";
|
|
|
|
QTest::addColumn<QString>("input");
|
|
QTest::addColumn<int>("options");
|
|
QTest::addColumn<QString>("expected");
|
|
|
|
QTest::newRow("No Options") << input << static_cast<int>(Tools::RegexConvertOpts::DEFAULT)
|
|
<< QString(R"(te|st*t?[5]^(test);',.)");
|
|
// Escape regex
|
|
QTest::newRow("Escape Regex") << input << static_cast<int>(Tools::RegexConvertOpts::ESCAPE_REGEX)
|
|
<< Tools::escapeRegex(input);
|
|
QTest::newRow("Escape Regex and exact match")
|
|
<< input << static_cast<int>(Tools::RegexConvertOpts::ESCAPE_REGEX | Tools::RegexConvertOpts::EXACT_MATCH)
|
|
<< "^(?:" + Tools::escapeRegex(input) + ")$";
|
|
|
|
// Exact match does not escape the pattern
|
|
QTest::newRow("Exact Match") << input << static_cast<int>(Tools::RegexConvertOpts::EXACT_MATCH)
|
|
<< QString(R"(^(?:te|st*t?[5]^(test);',.)$)");
|
|
|
|
// Exact match with improper regex
|
|
QTest::newRow("Exact Match") << ")av(" << static_cast<int>(Tools::RegexConvertOpts::EXACT_MATCH)
|
|
<< QString(R"(^(?:)av()$)");
|
|
|
|
QTest::newRow("Exact Match & Wildcard")
|
|
<< input << static_cast<int>(Tools::RegexConvertOpts::EXACT_MATCH | Tools::RegexConvertOpts::WILDCARD_ALL)
|
|
<< QString(R"(^(?:te|st.*t.\[5\]\^\(test\)\;\'\,\.)$)");
|
|
QTest::newRow("Wildcard Single Match") << input << static_cast<int>(Tools::RegexConvertOpts::WILDCARD_SINGLE_MATCH)
|
|
<< QString(R"(te\|st\*t.\[5\]\^\(test\)\;\'\,\.)");
|
|
QTest::newRow("Wildcard OR") << input << static_cast<int>(Tools::RegexConvertOpts::WILDCARD_LOGICAL_OR)
|
|
<< QString(R"(te|st\*t\?\[5\]\^\(test\)\;\'\,\.)");
|
|
QTest::newRow("Wildcard Unlimited Match")
|
|
<< input << static_cast<int>(Tools::RegexConvertOpts::WILDCARD_UNLIMITED_MATCH)
|
|
<< QString(R"(te\|st.*t\?\[5\]\^\(test\)\;\'\,\.)");
|
|
}
|
|
|
|
void TestTools::testArrayContainsValues()
|
|
{
|
|
const auto values = QStringList() << "first"
|
|
<< "second"
|
|
<< "third";
|
|
|
|
// One missing
|
|
const auto result1 = Tools::getMissingValuesFromList<QString>(values,
|
|
QStringList() << "first"
|
|
<< "second"
|
|
<< "none");
|
|
QCOMPARE(result1.length(), 1);
|
|
QCOMPARE(result1.first(), QString("none"));
|
|
|
|
// All found
|
|
const auto result2 = Tools::getMissingValuesFromList<QString>(values,
|
|
QStringList() << "first"
|
|
<< "second"
|
|
<< "third");
|
|
QCOMPARE(result2.length(), 0);
|
|
|
|
// None are found
|
|
const auto numberValues = QList<int>({1, 2, 3, 4, 5});
|
|
const auto result3 = Tools::getMissingValuesFromList<int>(numberValues, QList<int>({6, 7, 8}));
|
|
QCOMPARE(result3.length(), 3);
|
|
}
|