Commit graph

167 commits

Author SHA1 Message Date
Sami Vänttinen
1ce2ce9bb8
Passkeys: Set BE and BS flags to true (#13042)
Passkeys: Set BE flag to true

---------

Co-authored-by: varjolintu <sami.vanttinen@ahmala.org>
2026-03-08 13:08:15 +01:00
varjolintu
7e3e2c10d2 Fix Do not ask permission for HTTP Basic Auth option 2025-09-07 10:56:42 -04:00
varjolintu
e9cf38a6e3 Browser: Do not allow site automatically 2025-09-07 10:55:25 -04:00
Jonathan White
74326616c5 Fix two problems with URL wildcard matching
* Fixes #12255
* Periods were not being escaped in the url string before being used in a regex resulting in matching 'any character' between domain parts
* Wildcards entered as `*.` were being replaced with simply `*` resulting in unexpected matches to occur. Fixing this has a side effect of `https://*.github.com` NOT matching `https://github.com` which should be the expected behavior. Users can enter both url's if they desire to match the primary and all sub domains or leave out the wildcard entirely to use normal matching behavior.
2025-07-04 09:06:27 -04:00
Jonathan White
f62ea95499 Don't add space to invalid TOTP strings
* Fixes #11357
* Introduces validity parameter to TOTP generator function for future use elsewhere in the code base
* Fixes this in preview panel and TOTP dialog
* Disable actions to copy/show TOTP if the settings are invalid
* Show an error message on the TOTP setup dialog if the settings are invalid
* Show a TOTP icon with an x if the settings are invalid
2025-06-19 16:22:17 -04:00
varjolintu
8a32b3bc5e Explicitly allow access to newly created browser group 2025-05-22 16:55:07 -04:00
Sami Vänttinen
9ba6ada266
Add support for URL wildcards and exact URL (#9835)
Some checks failed
CodeQL / Analyze (push) Has been cancelled
* Add support for URL wildcards with Additional URL feature

* Only check TLD if wildcard is used

* Avoid using network function in no-feature build

---------

Co-authored-by: varjolintu <sami.vanttinen@ahmala.org>
Co-authored-by: Jonathan White <support@dmapps.us>
2025-02-09 20:03:15 -05:00
varjolintu
9670a5e74e Add CustomData::getKeyWithPrefix()
Some checks are pending
CodeQL / Analyze (push) Waiting to run
2024-12-25 21:33:19 -05:00
varjolintu
132ca42ec5 Fix renaming extension key name in Database Settings 2024-12-25 21:33:19 -05:00
Sami Vänttinen
2fc24be331
Browser: Fix cancel with database unlock dialog (#11435) 2024-11-10 17:30:38 -05:00
Sami Vänttinen
6e0baf9f2c
Support passkeys with Bitwarden import (#11401) 2024-10-24 20:12:47 -04:00
varjolintu
ea2e36c676 Add support for group selection when creating a passkey 2024-10-01 08:13:01 -04:00
varjolintu
2f0160438a Allow deleting extension plugin data from Browser Statistics 2024-09-02 12:53:34 -04:00
louib
166a371050 Refactor: separate GUI sources from core sources
This PR splits the GUI source files from the core source files. The immediate goal is to allow the CLI to require only a minimum number of dynamic libraries. The long term goal is to create an architectural boundary around the core module, in preparation of libkdbx.
2024-06-29 11:50:23 -04:00
Carlo Teubner
88b76244cf
Fix all Qt 5.15 deprecation warnings (#7783)
* Deprecated qSort() -> std::sort()
* Replace QDateTime::toString(Qt::DefaultLocaleShortDate) with Clock::toString()
* Replace QDateTime::toString(Qt::SystemLocaleShortDate) with QLocale::system().toString(..., QLocale::ShortFormat)
* Use QDateTime::startOfDay() instead of QDate(QDateTime) 
  Note: QDateTime::startOfDay() is only available in Qt 5.14, we need to guard it
* Replace QString::SkipEmptyParts with Qt::SkipEmptyParts
  Note: Its designated replacement, Qt::SplitBehavior, was only added in Qt 5.14.
* Don't call deprecated QFlags(nullptr) constructor
* QSet::{toList->values}
* Replace QList::toSet, QSet::fromList with Tools::asSet()
* QHash::insertMulti -> QMultiHash::insert
* QProcess::startDetached: non-deprecated overload
* QProcess::{pid->processId}
* QPainter::{HighQuality->}Antialiasing
* QPalette::{background->window}()
* Use Qt::{Background,Foreground}Role
* endl -> Qt::endl, flush -> Qt::flush
* Make YubiKey::s_interfaceMutex non-recursive
* OpenSSHKeyGenDialog: use non-deprecated QComboBox::sizeAdjustPolicy setting
2024-06-22 07:22:44 -04:00
varjolintu
ad8a00d56b Passkeys: Fix incorrect username fill 2024-06-12 21:27:06 -04:00
Carlo Teubner
c3df16147d
Cleanup compiler warnings on all platforms (#10847)
Fixes #10730.

Co-authored-by: Christoph Reiter <reiter.christoph@gmail.com>
2024-06-12 21:25:15 -04:00
varjolintu
92b30ae7ec Passkeys: Register to an existing entry 2024-05-05 13:53:43 -04:00
varjolintu
cb1ae44a3b Passkeys: Position the confirm dialog with the parent window 2024-04-21 12:23:37 -04:00
varjolintu
41d00135af Passkeys: Fix duplicate database selection 2024-04-21 07:19:16 -04:00
varjolintu
5883f49f37 Passkeys: Fix RP ID validation 2024-03-31 17:19:22 -04:00
varjolintu
8a4787278d Passkeys: Do not ask update with a new user handle 2024-03-31 17:19:09 -04:00
Sami Vänttinen
c34098546d
Passkeys: Fix compatibility with StrongBox (#10420) 2024-03-31 16:12:33 -04:00
Sami Vänttinen
ac2b445db6
Passkeys improvements (#10318)
Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification.
Notable changes:
- _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction.
- A new helper class _PasskeyUtils_ includes the actual checks and parses the objects.
- _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils.
- Fixes Ed25519 encoding in _BrowserCBOR_.
- Adds new error messages.
- User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user.
- `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it.
- Extension data is now handled correctly during Authentication.
- Allowed and excluded credentials are now handled correctly.
- `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID`
- Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers.
- Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey.

Fixes #10287.
2024-03-06 07:42:01 -05:00
Michael Duersch
884386c924 Allow groups to restrict by browser integration key (#6437) 2024-01-14 07:43:48 -05:00
varjolintu
b2e6dc5fda Passkeys: Add Resident Key error 2024-01-06 13:47:22 -05:00
varjolintu
6d19ab8894 Passkeys: UI adjustments 2024-01-06 13:47:12 -05:00
varjolintu
e28f5187bc Passkeys: Fix default timeout on authentication 2024-01-06 12:34:20 -05:00
Sami Vänttinen
13c88e1013
Passkeys: Add support for importing Passkey to entry (#9987)
---------
Co-authored-by: Jonathan White <support@dmapps.us>
2023-11-22 23:11:25 -05:00
Jonathan White
013db199cb Fix password generator close button for good
* Avoids using QDialog which breaks the standalone password generator

Revert "Fix password dialog close button"

This reverts commit 5b47190fcc.
2023-11-22 22:49:10 -05:00
varjolintu
a3717c7acd Rename userId to credentialId 2023-11-09 18:00:33 -05:00
Sami Vänttinen
6f2354c0e9
Add basic support for WebAuthn (Passkeys) (#8825)
---------

Co-authored-by: varjolintu <sami.vanttinen@protonmail.com>
Co-authored-by: droidmonkey <support@dmapps.us>
2023-10-25 10:12:55 -04:00
Sami Vänttinen
6f5f600559
Fix crash on database open from browser (#9939) 2023-10-23 23:08:41 -04:00
varjolintu
1a81f79df7 Fix raising Update Entry messagebox 2023-10-23 22:55:21 -04:00
varjolintu
8f45431ecb Create new UrlTools class 2023-10-23 22:53:59 -04:00
Sami Vänttinen
139153d9a3
Improve duplicate URL warning (#9635)
Co-authored-by: varjolintu <sami.vanttinen@protonmail.com>
2023-08-13 22:18:24 -04:00
varjolintu
a01400e88d Pass parent to browser popups 2023-07-30 23:25:25 -04:00
Sami Vänttinen
190a1fa10c
Refactor browser Access Control Dialog (#9607) 2023-07-09 14:33:05 -04:00
varjolintu
0592218fa3 Handle expired credentials normally 2023-06-30 02:06:28 -07:00
varjolintu
c1720c3711 Fix support for referenced URL fields 2023-03-30 07:20:46 -04:00
Sami Vänttinen
5b312889b8
Fix various bugs when returning credentials (#9136)
Co-authored-by: Sami Vänttinen <sami.vanttinen@protonmail.com>
2023-02-25 14:19:34 -05:00
Marcel Lauhoff
8a554b37c0
Add 'get-database-entries' Proxy Request (#7292) 2023-02-25 14:09:36 -05:00
Sami Vänttinen
4a30417f76
Browser Integration code cleanup (#8489)
Co-authored-by: varjolintu <sami.vanttinen@protonmail.com>
2023-02-18 15:52:31 -05:00
Sami Vänttinen
ce51534c3a
Remove KeePassHTTP attribute conversion (#8007)
Co-authored-by: varjolintu <sami.vanttinen@protonmail.com>
2023-01-29 10:32:24 -05:00
Sami Vänttinen
37baa6fd25 Revert async Access Confirm Dialog 2022-10-29 07:40:33 -04:00
varjolintu
ef6d8f1138 Browser: Asynchronous Access Confirm dialog 2022-09-10 13:18:30 -04:00
varjolintu
ed7b634dbf Do not allow expired credentials automatically 2022-09-08 06:48:05 -04:00
varjolintu
6cb6f1f007 Browser: Add a new group setting for omitting WWW subdomain when matching URLs 2022-06-12 16:45:54 -04:00
varjolintu
924eb6dbc4 Pass database locked/unlocked status even with Search All Databases option enabled 2022-06-05 21:30:10 -04:00
Sami Vänttinen
7284a8062a
Fix password generator responses (#7404)
* Respond directly to the current client instead of broadcasting

* Append requestID to generate-password response
2022-02-23 17:48:50 -05:00