Commit graph

1028 commits

Author SHA1 Message Date
Jonathan White
634a5b34f1 Improve inactivity timer
* Fix #11957
* Prevent resetting the timer hundreds of times per second
* Improve code flow for inactivity timer in general
2025-07-04 09:05:39 -04:00
Jonathan White
f62ea95499 Don't add space to invalid TOTP strings
* Fixes #11357
* Introduces validity parameter to TOTP generator function for future use elsewhere in the code base
* Fixes this in preview panel and TOTP dialog
* Disable actions to copy/show TOTP if the settings are invalid
* Show an error message on the TOTP setup dialog if the settings are invalid
* Show a TOTP icon with an x if the settings are invalid
2025-06-19 16:22:17 -04:00
Jonathan White
b5f4e98925 Fix handling of small passphrase wordlists
* Fixes #11856
* Set the minimum recommended wordlist size to 1,296 - equal to the EFF Short List
* Issue a clear warning when using a smaller wordlist but do not prevent generation of passphrases
* Improve wording when removing custom wordlist
2025-06-19 16:22:17 -04:00
Jonathan White
5dfcc72f98 Fix minor issues with tags context menu
* Fixes #11808
* Don't show tear off menu or option to tear off if there are no tags
* Fix "No Tags" not being shown on first hover
* Fix issues when using a tag named "No Tags"
* Fix #12153 - tags becoming unsorted in the context menu when switching between database tabs
2025-06-19 16:22:17 -04:00
Kuznetsov Oleg
f2a4cc7e66
Refactor attachment handling system with enhanced UI (#12085)
* Renamed NewEntryAttachmentsDialog to EditEntryAttachmentsDialog for clarity.
* Introduced EditEntryAttachmentsDialog class to manage editing of existing attachments.
* Added functionality to preview attachments while editing them.
* Enhanced EntryAttachmentsModel with rowByKey method for better key management.
* Add image attachment support with zoom functionality.
* Add html and markdown detection.
* Improve button layout on the attachment section when editing an entry
2025-06-19 13:27:23 -04:00
Copilot
2c3a1a03cb
Add predefined search for TOTP entries (#12199)
Fixes #9362
This commit was authored by GitHub copilot agent and reviewed by @droidmonkey.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: droidmonkey <2809491+droidmonkey@users.noreply.github.com>
Co-authored-by: Jonathan White <support@dmapps.us>
2025-06-19 09:24:01 -04:00
Jonathan White
ed0429ad4e Write to buffer before writing directly to database file
* Fixes #11819

When direct write save option is enabled and a hardware key is used with a press required, it is possible that the database file will be truncated to 0 bytes. This is avoided by writing the database to a memory buffer first allowing for key transform to occur, then dumping the buffer into the database file.

This change also improves the overall safety of the direct write save option as there is far less chance for an error to occur while writing to the database file.

Thanks to @ChrisLnrn for reporting this issue!
2025-03-30 16:42:17 -04:00
Jonathan White
37ddbb3cd2 Remove Config::createTempFileInstance 2025-03-30 08:14:12 -04:00
Jonathan White
fcb32efd05 Improve handling of remote sync saving
* Fixes sporadic failures on gui tests on Windows
* Corrects inability to write to temporary config file while running tests
* Corrects errors when using MockRemoteProcess due to missing functions
2025-03-30 08:14:12 -04:00
Sami Vänttinen
9ba6ada266
Add support for URL wildcards and exact URL (#9835)
Some checks failed
CodeQL / Analyze (push) Has been cancelled
* Add support for URL wildcards with Additional URL feature

* Only check TLD if wildcard is used

* Avoid using network function in no-feature build

---------

Co-authored-by: varjolintu <sami.vanttinen@ahmala.org>
Co-authored-by: Jonathan White <support@dmapps.us>
2025-02-09 20:03:15 -05:00
Jonathan White
51e8c042af
Show database public icon on tab when visible (#11725)
* Show database public icon on tab when visible

* Remove unnecessary assert
2025-02-09 20:02:44 -05:00
vuurvli3g
811887e591
Fix issues with reloading and handling of externally modified db file (#10612)
Fixes #5290 
Fixes #9062
Fixes #8545 

* Fix data loss on failed reload

- External modifications to the db file can no longer be missed.
- Fixed dialogFinished signal of DatabaseOpenDialog was not emitted when dialog was closed via the 'X' (close) button
- For reloading with a modified db, an additional choice has been added to allow the user to ignore the changes in the file on disk.
- User is now presented with an unlock database dialog if reload fails to open the db automatically. For example when the user removed the YubiKey, failed to touch the YubiKey within the timeout period, or db pw has been changed.
- Mark db as modified when db file is gone or invalid.
- Prevent saving when db is being reloaded
- If merge is triggered by a save action, continue on with the save action after the user makes their choice

---------

Co-authored-by: vuurvlieg <vuurvli3g@protonmail.com>
Co-authored-by: Jonathan White <support@dmapps.us>
2025-02-01 11:58:45 -05:00
Kuznetsov Oleg
5ee5e4998a
Improve attachment handling when changes are discarded
This change avoids a situation where the open file has changed or an entry in the application has changed (possibly to be implemented in the future) and when you open that entry the editor shows you outdated data.

* Fixes bug from previous attachments preview commit
* Fix logic error when creating new attachment
2025-02-01 07:59:02 -05:00
Jonathan White
046cb9bd70 Allow adjusting application font size
Some checks failed
CodeQL / Analyze (push) Has been cancelled
* Closes #6822
* Fix fixed font not following default font's point size
2025-01-26 07:16:55 -05:00
Martin van Zijl
6494cdbb4c Remember sort order in Autotype popup dialog
Fixes #1684.
2025-01-12 18:07:26 -05:00
Matteson
29ac4da240
Add ability to expire entries from context menus (#8731)
Some checks are pending
CodeQL / Analyze (push) Waiting to run
Closes #1972

Add ability to immediately expire an entry from the context menu

---------
Co-authored-by: Jonathan White <support@dmapps.us>
2025-01-12 07:55:22 -05:00
Kuznetsov Oleg
dce34de875
Add New/Preview Entry Attachments dialog and functionality (#11637)
Closes #11506
Closes #3383

* This change adds a new opportunity to add attachments that don’t require a real file in the file system.
* Add a new dialog window to add and preview attachments and integrate it into the EntryAttachmentsWidget.
* Attachment preview support for images and plain text files.

Additional enhancements:
* Fix sizing of attachment columns
* Add padding to attachment table items
* Fix targeting of preview widget styling to not impact unintended children
2025-01-11 23:08:19 -05:00
Jonathan White
fb022cb5e9 Fix passphrase word lists not rendering with UTF-8
Some checks failed
CodeQL / Analyze (push) Has been cancelled
* Fixes #11599
2024-12-27 18:06:17 -05:00
Stephan Heffner
e76e9d42c7
Passphrase "MIXED case" Type (#11255)
Some checks failed
CodeQL / Analyze (push) Has been cancelled
* An additional approach to create passphrases with one random word being in UPPERCASE.
* Also remove duplicate character count from passphrase generator

---------

Co-authored-by: Stephan Heffner <stephan@heffner.it>
Co-authored-by: Jonathan White <support@dmapps.us>
2024-12-25 22:56:02 -05:00
varjolintu
9670a5e74e Add CustomData::getKeyWithPrefix()
Some checks are pending
CodeQL / Analyze (push) Waiting to run
2024-12-25 21:33:19 -05:00
varjolintu
132ca42ec5 Fix renaming extension key name in Database Settings 2024-12-25 21:33:19 -05:00
Jonathan White
b9c5869806 Implement T-CONV and T-REPLACE-RX entry placeholders
* Closes #7293
* Move existing T-CONV and T-REPLACE-RX code from AutoType to Entry. Replumb AutoType to use the entry functions.
* Improve placeholder code in various place
2024-11-13 17:51:21 -05:00
Jonathan White
feafceca57 Improve related splitter UX
* Prevent group pane from being hidden just by dragging. Introduce new View menu setting to hide the group pane.
* Replace the preview panel "close" icon with a "collapse down" icon making the intention clearer.
* Better organize the view menu
2024-10-26 08:59:06 -04:00
Sami Vänttinen
6e0baf9f2c
Support passkeys with Bitwarden import (#11401) 2024-10-24 20:12:47 -04:00
Patrick Klein
740994ed48
Add option to disable opening a browser window when double-clicking the "URL" column (#11332) 2024-10-09 06:42:33 -04:00
techninja1008
dbf9587775
Add database name, color, and icon options for unlock view (#10819)
Closes #10783

Adds three database configuration options (stored as public custom data) that allow a database to have a public name/summary, color, and/or icon to be displayed on the unlock screen. This information is configured in the Database Settings and stored in the database public custom data (ie, unencrypted).

The name/summary is stored in KPXC_PUBLIC_NAME, the color is stored in KPXC_PUBLIC_COLOR, and the icon is stored in KPXC_PUBLIC_ICON.

---------

Co-authored-by: Jonathan White <support@dmapps.us>
2024-10-07 23:42:22 -04:00
Jonathan White
684122c9a9 Add Import/Export to application settings
* Closes #9452 - add import/export buttons to application settings

* Fixes #11120 - duplicate both menubar and toolbar visibility settings into the application settings

* Fixes #8561 - improve placement of various settings between General and Security pages

* Improve tool tip for backup database setting
* Improve wording of various settings
2024-10-06 23:22:02 -04:00
Jonathan White
c8fc25ea5c Support KeePass2 TOTP settings
* Fixes #7263
* Also improves handling of custom TOTP settings
2024-09-04 06:42:31 -04:00
christianwengert
c7d318236f Prevent duplicate entries in passphrase wordlists
Replace a QVector for the wordlist with a QSet. This removes all duplicate entries in a given wordlist.
Thus, it hinders a malicious wordlist that has the proper length (>4000 entries) but with repetitions (effectively << 4000 entries) to be used and potentially create weaker passphrases than estimated.

Example:
List with 4000 items but only 64 unique words would lead to only 48 bit of Entropy instead of ~95 bit!
2024-08-22 00:21:38 -04:00
Sami Vänttinen
b3bec8b2b4
Add option to disable database lock when switching user on macOS (#9707) 2024-08-11 18:32:10 -04:00
Andreas Deininger
14619cb16e Fix typos 2024-08-09 17:41:08 -04:00
Janek Bevendorff
e48ef80e9c Fix code formatting with new clang-format version 2024-07-28 18:25:12 -04:00
louib
166a371050 Refactor: separate GUI sources from core sources
This PR splits the GUI source files from the core source files. The immediate goal is to allow the CLI to require only a minimum number of dynamic libraries. The long term goal is to create an architectural boundary around the core module, in preparation of libkdbx.
2024-06-29 11:50:23 -04:00
Carlo Teubner
198889c7a4
Fix a couple more Qt 5.15 deprecation warnings (#10953)
* More {QString->Qt}::SkipEmptyParts
* QProcess::start: non-deprecated overload
2024-06-22 10:54:50 -04:00
Carlo Teubner
dad8b1d2ea Fix backup file path substitution
Previously, in a pattern like "{TIME:yy} {TIME}",
substituteBackupFilePath() would greedily use the entire string
"yy} {TIME" as the format specifier for the first TIME template, instead
of just "yy". Fix this, by adjusting the regular expression.

This ends up changing the behaviour of a weird corner case that is
covered in the tests, so change the test. I don't think anyone cares
about that case, and I think the current behaviour is better there.

Fixes #10505 (proved by adding a test case very similar to what was
reported there).
2024-06-22 07:40:21 -04:00
Carlo Teubner
88b76244cf
Fix all Qt 5.15 deprecation warnings (#7783)
* Deprecated qSort() -> std::sort()
* Replace QDateTime::toString(Qt::DefaultLocaleShortDate) with Clock::toString()
* Replace QDateTime::toString(Qt::SystemLocaleShortDate) with QLocale::system().toString(..., QLocale::ShortFormat)
* Use QDateTime::startOfDay() instead of QDate(QDateTime) 
  Note: QDateTime::startOfDay() is only available in Qt 5.14, we need to guard it
* Replace QString::SkipEmptyParts with Qt::SkipEmptyParts
  Note: Its designated replacement, Qt::SplitBehavior, was only added in Qt 5.14.
* Don't call deprecated QFlags(nullptr) constructor
* QSet::{toList->values}
* Replace QList::toSet, QSet::fromList with Tools::asSet()
* QHash::insertMulti -> QMultiHash::insert
* QProcess::startDetached: non-deprecated overload
* QProcess::{pid->processId}
* QPainter::{HighQuality->}Antialiasing
* QPalette::{background->window}()
* Use Qt::{Background,Foreground}Role
* endl -> Qt::endl, flush -> Qt::flush
* Make YubiKey::s_interfaceMutex non-recursive
* OpenSSHKeyGenDialog: use non-deprecated QComboBox::sizeAdjustPolicy setting
2024-06-22 07:22:44 -04:00
Carlo Teubner
07f565aa49 Require Qt >= 5.12
Bump the minimum required Qt version up to 5.12, as per
https://github.com/keepassxreboot/keepassxc/issues/10859#issuecomment-2148477826.
Previously, the minimum version was 5.2.0 based on the CMakeLists.txt
check, though it's unclear if such old versions would actually work.

With this, we are able to remove a whole bunch of #ifdef'd code.
2024-06-22 00:01:23 -04:00
Carlo Teubner
da8874ded6
Improve Entry placeholder resolution (#10846)
* Entry placeholder resolution: don't overdo it

After resolving placeholders, previously the code would do it all over again if anything had changed, multiple times up to the recursion limit. This would have the effect of applying a much greater recursion limit, which is confusing and unnecessary, and probably undesired.

* Entry tweaks and minor refactoring

- Entry::size(): when computing tag size, use same delimiter set as in other places in the code
- Factor tag delimiter set regex out into global constant
- Placeholder resolution: remove unnecessary special casing for self-referential placeholders (these are taken care of by existing recursion depth limit)
- Placeholder resolution: less wasteful string building loop
- Move some constants from being public static data members of Entry to being local to Entry.cpp (in anonymous namespace)
- Migrate some QRegEx instances to QRegularExpression, the modern alternative
- Miscellanous minor code cleanups

* Entry: fix hitting recursion limit with {braces}

When encountering a {brace-enclosed} substring, the placeholder resolution logic would previously keep recursing until it hit the recursion depth limit (currently 10). This would lead to "Maximum depth of replacement has been reached" messages, and was also wasting CPU cycles.

Fixes #1741

---------

Co-authored-by: Jonathan White <support@dmapps.us>
2024-06-16 10:47:27 -04:00
Jonathan White
dd1a233859 Fix force conversion of KDBX3 if using Quick Unlock
* Use SHA256 hash of the file path of the database to generate a UUID when using the KDBX3 format. This restores the original behavior of using the file path as the quick unlock lookup key.
2024-06-16 08:43:09 -04:00
Jonathan White
8bc76a2a88 Prevent checking file hash with an empty path
A warning is issued from Qt when the path is empty. This happens most often during test runs, but can also occur when closing a database before everything gets cleaned up.
2024-06-16 07:46:20 -04:00
sforst
1ca607792d
Support remote database access using external tools (#7222)
* Provide remote database sync capability

Allow arbitrary commands to be defined and executed for syncing databases with remote services. This includes sftp, scp, rsync, etc. 

Remote commands are stored per-database and sync operations are manually triggered by the user from the Database -> Remote Sync menu. 

---------

Co-authored-by: Stefan Forstenlechner <t-h-e@users.noreply.github.com>
Co-authored-by: Jonathan White <support@dmapps.us>
2024-06-13 06:23:41 -04:00
Carlo Teubner
c3df16147d
Cleanup compiler warnings on all platforms (#10847)
Fixes #10730.

Co-authored-by: Christoph Reiter <reiter.christoph@gmail.com>
2024-06-12 21:25:15 -04:00
Carlo Teubner
c81e4e1208 Remove zero-width space character from comments
Remove Unicode character U+FEFF ZERO WIDTH NO-BREAK SPACE from Weslly's
email address in a few places.

Not sure if this was done on purpose (anti-spam measure?), but it's not
consistently done anyway (e.g. wasn't the case in
src/gui/TotpDialog.cpp), so it seems cleanest to remove this.
2024-06-02 07:44:00 -04:00
Sami Vänttinen
5de669eb7b
Add action item for removing a passkey from entry (#10777) 2024-05-27 16:50:35 -04:00
Jonathan White
a5c7f7bb50 Fix Flatpak config issues
Remove #ifdef guards from Config.h/cpp (no harm to non-Flatpak distros)

Cleanup #ifdef usage in NixUtils.cpp
2024-05-27 14:50:57 -04:00
Jonathan White
1fd8923746 Fix portable mode detection for native messaging files
* Fixes #10755
2024-05-27 14:47:53 -04:00
Mounir IDRASSI
e7aa09276e
Fix wrong DACL memory size on Windows (createWindowsDACL) (#10712)
Each AddAccessAllowedAce invocation should be matched with a corresponding sizeof(ACCESS_ALLOWED_ACE) and the respective GetLengthSid of the SID being used. This ensures that there is enough space in the ACL for each entry.

The issue manifest itself only when WITH_XC_SSHAGENT is defined.
2024-05-21 11:17:43 +02:00
Jonathan White
94ace985e7 Preserve Secret Service exposed group setting on merge
* Fixes #9371 - adds secret service custom data key to the list of protected custom data (will not be overwritten on merge)
2024-04-29 08:50:46 -04:00
Jonathan White
3829bcdd8f Prevent KeeShare from merging database custom data
This issue previously caused parent databases to be marked as modified on unlock. This was because of the new protections against byte-by-byte side channel attacks adds a randomized string to the database custom data. We should never be merging database custom data with keeshare or imports since we are merging groups only.

Also prevent overwrite of auto-generated custom data fields, Last Modified and Random Slug.
2024-04-29 08:50:46 -04:00
Jonathan White
f812f0a1ac Further prevent ability to access memory on Windows
* Restrict access to changing DACL's after the process is started. This prevents the creator of the keepassxc.exe process from simply adding the permission to read memory back to the DACL list.
* Verified using System Informer.
2024-04-29 08:10:04 -04:00